Hi all,
We used to have the Splunk Add-on for Cisco UCS properly configured, but this stopped unexpected one night a couple of months ago. To my knowledge (and as per the claims of the relevant team), there were no changes done at this time. We have attempted to get this working again since, but to no avail.
Main error message we get is this:
Failed to get cookie for
We've tried a few different things; reducing password length, removing special characters, ensuring the domain is correctly capitalised. Nothing has worked.
We have managed to log in successfully via SSL session (ssh -l ucs-DOMAIN\SERVICE_ACCOUNT HOSTNAME), as well as through the UI, so there is nothing wrong with the account itself.
Has anyone seen this issue before? I can see similar posts (listed below), but none of them have solutions:
https://answers.splunk.com/answers/694661/splunk-add-on-for-cisco-ucsauthentication-failed.html
https://answers.splunk.com/answers/682438/splunk-add-on-for-cisco-ucs-is-not-collecting-data.html
https://answers.splunk.com/answers/729800/cisco-ucs-addon-authentication-failed-error.html
Thanks in advance,
Alex
So I've not got a particularly satisfying answer, but it has been 'solved'. Exactly why, I'm not particularly sure, however I'm pretty sure it revolves around one of two issues:
For the first point, this app does not support special characters in passwords as described by ADDON-19169.
For the second, the account, as it was authenticating against AD, was locking quite regularly. While we were setting the account to be unlocked and were able to authenticate via webpage or SSL, it wouldn't authenticate through the app. My solution to this was to turn the inputs off for a week and then turn them on a week later.
Hope this helps anyone with the same issue.
So I've not got a particularly satisfying answer, but it has been 'solved'. Exactly why, I'm not particularly sure, however I'm pretty sure it revolves around one of two issues:
For the first point, this app does not support special characters in passwords as described by ADDON-19169.
For the second, the account, as it was authenticating against AD, was locking quite regularly. While we were setting the account to be unlocked and were able to authenticate via webpage or SSL, it wouldn't authenticate through the app. My solution to this was to turn the inputs off for a week and then turn them on a week later.
Hope this helps anyone with the same issue.
Thanks for the follow up.
By the way, do you add domain name to the login in the add-on?
Yes, you need to put the domain in the username, as you would if you were logging into the webpage equivalent.
What version of splunk are you running and what version of the Cisco UCS addon are you running?
Splunk - 7.2.4
Cisco UCS addon - 2.0.3
Any updates on this?
Not yet. Opened a call with Splunk, will provide an update if I have one.