Guest

Preview Tool

Cisco Bug: CSCuq92631 - Repeating Event logs: resource-unavailable Code: Err-role-set-error.

Last Modified

Sep 09, 2019

Products (1)

  • Cisco Unified Computing System

Known Affected Releases

2.2(2c)C

Description (partial)

Symptom:
STAGE:sam:dme:AaaUserEpUpdateUserEp:SetUserPeer)

From Cli:

=================
^CINFUCSM004-A /security # show event  | grep error

2014-09-16T15:29:23.928    579256 E4195249 [FSM:STAGE:REMOTE-ERROR]: Result: resource-unavailable Code: ERR-role-set-error Message: Failed to set role(s)(sam:dme:AaaUserEpUpdateUserEp:SetUserLocal)

If the reboot does not occur, you will see the error below when connecting to nxos

========================
POD4-B(local-mgmt)# con nx b

Warning: the output may not have all the roles 
User has obsolete role: read-only << read only for admin user.
User has obsolete role: admin
POD4-B(nxos)#

==========================

Additionally, the system role "san-admin" is deleted.  Compare the difference between a working FI with the system role versus the broken one below. The working FI has been rebooted to restore the system roles.

Non-working

POD4-B(nxos)# show role 
Warning: the output may not have all the roles  << notice the warning.

Role: network-admin
  Description: Predefined network admin role has access to all commands
  on the switch
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  

Role: network-operator
  Description: Predefined network operator role has access to all read
  commands on the switch
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read        

Role: vdc-admin
  Description: Predefined vdc admin role has access to all commands within
  a VDC instance
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  

Role: vdc-operator
  Description: Predefined vdc operator role has access to all read commands
  within a VDC instance
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read        

Working:

POD4-A(nxos)# show role

Role: network-admin
  Description: Predefined network admin role has access to all commands
  on the switch
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  

Role: network-operator
  Description: Predefined network operator role has access to all read
  commands on the switch
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read        

Role: vdc-admin
  Description: Predefined vdc admin role has access to all commands within
  a VDC instance
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  

Role: vdc-operator
  Description: Predefined vdc operator role has access to all read commands
  within a VDC instance
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read        

Role: san-admin
  Description: Predefined system role for san administrators. This role
  cannot be modified.
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  27      permit  read        
  26      permit  read-write  feature             fcdomain                
  25      permit  read-write  feature             rdl                     
  24      permit  read-write  feature             trunk                   
  23      permit  read-write  feature             fcmgmt                  
  22      permit  read-write  feature             fcfe                    
  21      permit  read-write  feature             port-track              
  20      permit  read-write  feature             fcoe                    
  19      permit  read-write  feature             port-security           
  18      permit  read-write  feature             copy                    
  17      permit  read-write  feature             rmon                    
  16      permit  read-write  feature             rscn                    
  15      permit  read-write  feature             fspf                    
  14      permit  read-write  feature             fdmi                    
  13      permit  read-write  feature             fcsp                    
  12      permit  read-write  feature             fcns                    
  11      permit  read-write  feature             span                    
  10      permit  read-write  feature             zone                    
  9       permit  read-write  feature             wwnm                    
  8       permit  read-write  feature             vsan                    
  7       permit  read-write  feature             vsanIfvsan              
  6       permit  read-write  feature             fabric-binding          
  5       permit  read-write  feature             interface               
  4       permit  read-write  feature             trapRegEntry            
  3       permit  read-write  feature             snmpTargetAddrEntry     
  2       permit  read-write  feature             snmpTargetParamsEntry   
  1       permit  read-write  feature             snmp                    

Role: server-equipment
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  3       permit  read-write  feature             sam-pn-maintenance      
  2       permit  read-write  feature             sam-pn-policy           
  1       permit  read-write  feature             sam-pn-equipment        

Role: facility-manager
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  feature             sam-power-mgmt          

Role: server-security
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  3       permit  read-write  feature             sam-ls-security-policy  
  2       permit  read-write  feature             sam-ls-security         
  1       permit  read-write  feature             sam-pn-security         

Role: server-compute
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  3       permit  read-write  feature             sam-ls-compute          
  2       permit  read-write  feature             sam-ls-server-oper      
  1       permit  read-write  feature             sam-ls-server-policy    

Role: server-profile
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  6       permit  read-write  feature             sam-ls-server-oper      
  5       permit  read-write  feature             sam-ls-ext-access       
  4       permit  read-write  feature             sam-ls-server-policy    
  3       permit  read-write  feature             sam-ls-config-policy    
  2       permit  read-write  feature             sam-ls-server           
  1       permit  read-write  feature             sam-ls-config           

Role: operations
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  2       permit  read-write  feature             sam-fault               
  1       permit  read-write  feature             sam-operations          

Role: read-only
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  feature             sam-read-only           

Role: network
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  12      permit  read-write  feature             sam-ls-qos-policy       
  11      permit  read-write  feature             sam-ls-network-policy   
  10      permit  read-write  feature             sam-ls-qos              
  9       permit  read-write  feature             sam-ls-network          
  8       permit  read-write  feature             sam-ext-lan-qos         
  7       permit  read-write  feature             sam-ext-lan-security    
  6       permit  read-write  feature             sam-ext-lan-policy      
  5       permit  read-write  feature             sam-ext-lan-config      
  4       permit  read-write  feature             sam-pod-qos             
  3       permit  read-write  feature             sam-pod-security        
  2       permit  read-write  feature             sam-pod-policy          
  1       permit  read-write  feature             sam-pod-config          

Role: storage
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  6       permit  read-write  feature             sam-ls-storage-policy   
  5       permit  read-write  feature             sam-ls-storage          
  4       permit  read-write  feature             sam-ext-san-qos         
  3       permit  read-write  feature             sam-ext-san-security    
  2       permit  read-write  feature             sam-ext-san-policy      
  1       permit  read-write  feature             sam-ext-san-config      

Role: admin
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  feature             sam-admin               

Role: aaa
  Description: new role
  vsan policy: permit (default)
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity                  
  -------------------------------------------------------------------
  1       permit  read-write  feature             sam-aaa

Conditions:
System user  role "san-admin" manually deleted by admin.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.