Import of 4215 fails on IPSMC 2.2

Answered Question
Aug 9th, 2007
User Badges:

When we try to import our 4215 sensor to IPSMC 2.2, we receive the message in the IPSMC


Import

Import failed due to exceptionError importing configuration files from the sensor - Unable to get sensor version from the sensor. Possible reasons: X.509 certificate is invalid or sensor version was downgraded.

Import Completed


The sensor is at version 5.1(6)E1 Signature Update S295.0


What could be the problem and how can I resolve it?

Correct Answer by rpalanis about 9 years 8 months ago

Darlin,


Could be the tls certificate expired in device or time is not synchronized between IPS and IPS MC server.


Log into the sensor with administrator privilege and give the below command in privilege mode

"tls generate-key"


Query and apply the new key in the " Certificate Management " page of IPS MC. Now try reimport.


Check the time in both sensor and IPS MC server machine and it should be synchronized.


If still you have the issue. Please open a TAC case and contact me. We will debug further.


~Raja


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rpalanis Thu, 08/16/2007 - 05:39
User Badges:

Darlin,


Could be the tls certificate expired in device or time is not synchronized between IPS and IPS MC server.


Log into the sensor with administrator privilege and give the below command in privilege mode

"tls generate-key"


Query and apply the new key in the " Certificate Management " page of IPS MC. Now try reimport.


Check the time in both sensor and IPS MC server machine and it should be synchronized.


If still you have the issue. Please open a TAC case and contact me. We will debug further.


~Raja


darin.marais Fri, 08/17/2007 - 00:28
User Badges:

Hi Raja;


Thank you for your help. I would have open a Cisco TAC case but it has become such and ordeal to get help via there new TAC web interface with the requesting for serial numbers of devices/contracts etc. the TAC must have decreased the number of tickets they receive by day in doing implementing that idea. Cool move!

Cisco 1 Clients 0? ;-)


Anyway Raja, the information that you provided, helped me to resolve my problem. Just a note however, it seamed necessary to have the order correct.


1 set the clock

2 use tls generate-key

3 import the device


Thanks for you help.

Actions

This Discussion