Reset Network Management Interface on SRT 5000

Oktoberfest · ‎2024-03-11

Hi, we have a few SRT5000 UPS's and many of them can no longer be accessed via the web interface. The last time I attempted this a few months ago there was no issue. No firmware updates have been performed on any UPS. They all ping and don't appear to have any issues with network connectivity. I cannot login via SSH/Telnet as they are not enabled. Someone on-site has re-seated the network cable but that made no difference. I would next like to try rebooting the Network Management Interface.

I cannot see any options in the manual to restart the NMI via the front panel, so I think the only option would be to restart it via the reset button at the back.

Does anyone know whether using a paperclip to reset the UPS will have any outage or will reset the NMI to factory defaults? All I am looking to do is reboot the NMI without making any changes to it. Thanks.

Teken · ‎2024-03-19

The NMC has a built in watch dog timer which resets the unit if it can’t properly negotiate on the network. This watch dog timer normally starts upon first power up.

Unplug the Ethernet cable and wait ten minutes and see what happens. As stated this may not operate as expected as it happens during first start. You could create a blocking rule to mimic the same and this may cause the NMC to reset (warm boot) the NIC.

I would engage APC Technical Support to identify the correct reset procedure for the embedded NMC. Along with the CLI commands to reset / default the unit. As an aside SSH should always be enabled for this very reason to enable local support personnel to resolve / troubleshoot network related issues.

See Answer In Context

Teken · ‎2024-03-14

Since SSH / Telnet isn't enabled you can't use the reboot command. You could simply remove the NMC from the UPS and this will cause the NMC to begin a cold boot upon insertion. Pressing the reset pin on the NMC allows password reset and format.

As it relates to not being able to access the web interface I would consider the following and strike anything off the list / address them.

1. Firmware: You can go to the UPS LCD to confirm what firmware is running on the NMC. If the NMC is running on anything less than 6.XX - 7.XX you found a problem. Firmware below 6.XX does not support any of the current SSL / TLS encryption certificates for any modern browsers. Update all NMC's to the latest firmware branch to insure valid certificates are in place and security updates are enforced.

2. Browser: Insure you're using ALL of the recommended web browsers to see if you have portal access. You should also use HTTP vs HTTPS to validate its NOT a certificate issue. Clear all cookies, cache, history in every browser. Do not use a saved link to access a NMC because session cookies will have expired and other security elements will be invoked to deny access.

If your site is one of the so many Government institutions that insist on using EOL IE 8~11 - There's nothing but pain in your future. ☹️

3. Firewall: Verify on your network that policies are not restricting access to the NMC web interface. A simple test would be to connect directly with a laptop to the NMC. If you are able to gain web portal access there is a network firewall policy / antivirus policy in place.

4. Format: As stated up above the reset button (hole) allows two modes. Password reset and format of the NMC hardware to a factory state. You can format one card to see what happens and this will resolve a possible corruption of the card. It will NOT resolve any network restrictions currently in place, browser access issues as it relates to old NMC firmware that doesn't support the latest browser (SSL / TLS) encryption standards.

Nor will it resolve any physical network issues like bad cabling, switch, ports, etc.

Let me know what you find and the results . . 👍

Oktoberfest · ‎2024-03-15

Hi, Thanks for all your suggestions.

All of our APC5000 UPS's are model SRT5KRMXLI and none have the extra NMI module in the expansion slot - ours only use the built-in network adapter mounted on the system board, so it doesn't appear to be something which can be re-seated. It is listed as a AP9537SUM on one of the identical UPS's which I can still access via the web, running f/w v6.5.0.

All UPS's are in the same subnet and since two of them still are still accessible via HTTP I don't think it's a firewall issue. They all worked fine not too long ago and I'm not aware of any changes to the network or UPS.

I've tried this from multiple browsers (Chrome / Firefox) and cleared the cache, but still no joy.

I was thinking of maybe changing the IP address to something else via the front panel to see if this reboots the NIC and then restarts web services. If I can find a UPS cable and connect via a laptop I'll see if there's a NIC reset option in there somewhere. If the only thing left to try is the reset button on the back and setting the NIC back to factory defaults, then I'll give this a try as it appears that this does not impact UPS operation.

If you can think of anything else I can try, please let me know.

Thanks.

Teken · ‎2024-03-19

The NMC has a built in watch dog timer which resets the unit if it can’t properly negotiate on the network. This watch dog timer normally starts upon first power up.

Unplug the Ethernet cable and wait ten minutes and see what happens. As stated this may not operate as expected as it happens during first start. You could create a blocking rule to mimic the same and this may cause the NMC to reset (warm boot) the NIC.

I would engage APC Technical Support to identify the correct reset procedure for the embedded NMC. Along with the CLI commands to reset / default the unit. As an aside SSH should always be enabled for this very reason to enable local support personnel to resolve / troubleshoot network related issues.

Oktoberfest · ‎2024-04-23

A bit of feedback on the previous suggestion to remove the network cable for 10 minutes and see if it reboots the NMC... We had someone on-site today who tried this and it worked. We left the cable out for about 20 mins and once re-inserted the UPS was manageable via the web interface. I could see in the logs that it did take 10 minutes for force an NMC reboot.

Many thanks for your advice. We'll be enabling SSH connectivity now so that we can reboot the NMC that way if this happens again in the future.

Teken · ‎2024-04-23

Glad this suggestion worked to help gain access to the NMC. Now the next step is to identify the root cause to the inaccessible NMC.

First steps are to insure all NMC are on the latest firmware. HTTPS is enabled

and certificates are valid if self signed certs are in place.

Session cookies should be disabled if your environment is unique otherwise leave it enabled. NMC 2 only supports TLS 1.2 so verify nothing in your network is set to use TLS 1.3 as this will restrict access for sure!

802.1X: It goes without saying if this is enabled and in place everything must be in order on the network as it relates to authentication.

Cheers! 👍