11-13-2023 07:42 AM
Hello Community!
I have a cluster of FI 6332 System version: 4.0(4n):
A: UP, SUBORDINATE
B: UP, PRIMARY
And I have an error trying to ssh primary B or vip ip:
Unable to login. You have reached the maximum allowed number of concurrent sessions. Please clear shell sessions from UCSM CLI/GUI.
The reason is obvious for me, our NMS utilized all 32 allowed shell connections, we cleared them in UCSM GUI. But, somehow, they got stuck on the primary fabric B. I don't see sessions in GUI, but I do see them on FI:
A: connect local-mgmt B
B(local-mgmt)# show processes | i ciscoprime
403 root 20 0 154m 100m 69m S 0.0 0.3 0:00.59 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
408 root 20 0 154m 100m 69m S 0.0 0.3 0:00.60 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
1046 root 20 0 154m 100m 69m S 0.0 0.3 0:00.58 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
1391 root 20 0 154m 100m 69m S 0.0 0.3 0:00.56 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
1500 root 20 0 154m 100m 69m S 0.0 0.3 0:00.58 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
2189 root 20 0 154m 100m 69m S 0.0 0.3 0:00.60 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
2771 root 20 0 154m 100m 69m S 0.0 0.3 0:00.57 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
2990 root 20 0 154m 100m 69m S 0.0 0.3 0:00.57 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
3300 root 20 0 154m 100m 69m S 0.0 0.3 0:00.58 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
3394 root 20 0 154m 100m 69m S 0.0 0.3 0:00.58 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
3559 root 20 0 154m 100m 69m S 0.0 0.3 0:00.58 /isan/bin/ucssh --ucs-mgmt -p ciscoprime
4312 root 20 0 154m 100m 69m S 0.0 0.3 0:00.57 /isan/bin/ucssh --ucs-mgmt -p ciscoprime ...
I need help to clear all these hung processes to restore ssh access.
I have no option to make management switchover to A (cluster lead a), as I can't access primary FI B.
And I dont see hung sessions from UCSM GUI. Is there any chance to access shell of UCS FI to kill hung ssh sessions? Appretiate any advice to resolve the issue.
Solved! Go to Solution.
11-15-2023 07:47 AM
This sounds like the opposite of old CDET CSCvm68038 where SSH on the subordinate FI would have too many open SSH sessions as this is on the primary FI.
That CDET details (temporarily) enabling telnet to access the "inaccessible FI" and then accessing a debug shell (which requires TAC) to stop outstanding SSH processes.
But judging by the snippet you posted, it seems ciscoprime is SSH'ing in to the UCS FI. . . .
Can ciscoprime be temporarily disabled to see if the FI recovers SSH ability after a little time.
11-15-2023 07:47 AM
This sounds like the opposite of old CDET CSCvm68038 where SSH on the subordinate FI would have too many open SSH sessions as this is on the primary FI.
That CDET details (temporarily) enabling telnet to access the "inaccessible FI" and then accessing a debug shell (which requires TAC) to stop outstanding SSH processes.
But judging by the snippet you posted, it seems ciscoprime is SSH'ing in to the UCS FI. . . .
Can ciscoprime be temporarily disabled to see if the FI recovers SSH ability after a little time.
11-16-2023 04:56 AM
Appreciate your feedback, Steven.
We managed to connect to Primary with console, executed "clusted lead A". Primary is alive now.
I disabled ciscoprime for a while, but FI-B still unavailable, stuck processes still there...
Is there any chanse to clear hung process without TAC? Or my option is to evacuate the FI and reboot it?
11-28-2023 11:52 PM
We Finally rebooted the FI. No way to acceess debug shell without TAC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide