cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
317
Views
0
Helpful
2
Replies

Import of 4215 fails on IPSMC 2.2

darin.marais
Level 4
Level 4

When we try to import our 4215 sensor to IPSMC 2.2, we receive the message in the IPSMC

Import

Import failed due to exceptionError importing configuration files from the sensor - Unable to get sensor version from the sensor. Possible reasons: X.509 certificate is invalid or sensor version was downgraded.

Import Completed

The sensor is at version 5.1(6)E1 Signature Update S295.0

What could be the problem and how can I resolve it?

1 Accepted Solution

Accepted Solutions

rpalanis
Level 1
Level 1

Darlin,

Could be the tls certificate expired in device or time is not synchronized between IPS and IPS MC server.

Log into the sensor with administrator privilege and give the below command in privilege mode

"tls generate-key"

Query and apply the new key in the " Certificate Management " page of IPS MC. Now try reimport.

Check the time in both sensor and IPS MC server machine and it should be synchronized.

If still you have the issue. Please open a TAC case and contact me. We will debug further.

~Raja

View solution in original post

2 Replies 2

rpalanis
Level 1
Level 1

Darlin,

Could be the tls certificate expired in device or time is not synchronized between IPS and IPS MC server.

Log into the sensor with administrator privilege and give the below command in privilege mode

"tls generate-key"

Query and apply the new key in the " Certificate Management " page of IPS MC. Now try reimport.

Check the time in both sensor and IPS MC server machine and it should be synchronized.

If still you have the issue. Please open a TAC case and contact me. We will debug further.

~Raja

Hi Raja;

Thank you for your help. I would have open a Cisco TAC case but it has become such and ordeal to get help via there new TAC web interface with the requesting for serial numbers of devices/contracts etc. the TAC must have decreased the number of tickets they receive by day in doing implementing that idea. Cool move!

Cisco 1 Clients 0? ;-)

Anyway Raja, the information that you provided, helped me to resolve my problem. Just a note however, it seamed necessary to have the order correct.

1 set the clock

2 use tls generate-key

3 import the device

Thanks for you help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: