Error when updating: Could not generate configuration.

  • 1
  • Question
  • Updated 4 months ago
  • Answered
We have been using Hivemanger NG for a while and have to say one thing I noticed was that from upgrade to upgrade it seems less and less diagnostic tools are available.
Now the current version of Hivemanager NG is 'Build Version: 12.7.4.1' and since then attempts to apply config updates fail. Worse even it's really hard to troubleshoot why they fail. All I get is 'could not generate configuration' and believe that is returned by the HM NG platform itself before the config is even pushed to the AP. I have been going over our configuration with a fine comb, but nothing out of the ordinary sticks out.
Now I really need to do some config changes to support our WiFi user better, but am kind of stuck.
Does anyone know if there's a log some where, the error comes from HiveManager and I have already tried everything out of the old toolbox
  • reboot before applying config
  • push complete config
  • reset AP to factory default - Hmm that was a dumb one, now I have a non working AP250
Any tips are really appreciated

Thanks heaps Carsten
Photo of Carsten Loemker

Carsten Loemker

  • 14 Posts
  • 0 Reply Likes

Posted 4 months ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Carsten,

Do you know if you have any accounting-only RADIUS servers configured? We are aware of a bug in configuration generation where this is configured.

Thanks,

Nick
Photo of Carsten Loemker

Carsten Loemker

  • 14 Posts
  • 0 Reply Likes
Thank you heaps Nick,
yes we do have an accounting only Radius server configured, which is our Netbox netfilter, it uses Radius accounting requests to determine a users identity. 
Carsten
 
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Carsten,

Thanks for confirming. We are tracking and handling this issue via CFD-3121.

A shorter term workaround to use supplemental CLI, either applied to the Network Policy or to the device.

To do this:

1) Review the output at the HiveOS CLI of "show run | inc radius" to locate the name of the applicable security-object and the existing configuration.

2) Remove the reference to the accounting-only RADIUS server from the HMNG UI.

3) Configure the security policy via per-device or per-network policy supplemental CLI. (Supplemental CLI needs to be enabled as documented in the help guide.)

You will need to set the security-object name, the destination IP and the shared secret.

A designation of primary, backup1, backup2 or backup3 is used to set a server in position 1, 2, 3 or 4.

security-object ChangeMe security aaa radius-server accounting primary 192.168.123.234 shared-secret ChangeMe123! acct-port 1813

4) Push a full configuration. 

5) Review the output at the HiveOS CLI of "show run | inc radius" to verify the changes.

I can only apologise for the inconvenience.

Regards,

Nick
(Edited)
Photo of Carsten Loemker

Carsten Loemker

  • 14 Posts
  • 0 Reply Likes
Hello Nick,
thanks so much for your help, you were spot on, Have now configured the workaround and looks all good.
TA Carsten