Upgrade Tool Problems

Unanswered Question
Aug 11th, 2010

v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";}


I’m having problems using the Upgrade tool, using the internal TFTP server try as I might I can’t persuade that there isn’t a firewall or ACL blocking TFTP:


-          I’ve tried using v3.2 and v3.4

-          I’ve tried using different machines

-          I’ve turned off all firewalls and removed all ACLs from the APs

-          I’ve traced the route across the network and can’t see any reason why any traffic would be blocked between the two

-          I can confirm from the TACACS server that the upgrade tool is authenticating


Using the external TFTP Server I can’t persuade it to work as there seems to be a fault in the script that the upgrade tool tries to run, I’ve looked throught the log the important bit seems to be below where it tries to answer exit to a yes/no question:

KCHCam.Gnd.Ap1130.4(config)#crypto ca enroll CISCO_IOS_SSC_Cert

The router has already generated a Self Signed Certificate for

trustpoint TP-self-signed-3298014188.

If you continue the existing trustpoint and Self Signed Certificate

will be deleted.

Do you want to continue generating a new Self Signed Certificate? [yes/no]: yes

% The fully-qualified domain name will not be included in the certificate

Generate Self Signed Router Certificate? [yes/no]: exit

% Please answer 'yes' or 'no'.

Generate Self Signed Router Certificate? [yes/no]:  test ssc enable

% Please answer 'yes' or 'no'.

Generate Self Signed Router Certificate? [yes/no]: show crypto ca certificates

% Please answer 'yes' or 'no'.

Generate Self Signed Router Certificate? [yes/no]:

The failure message is below:

2010/08/10 11:17:50 ERROR  Unable to Get Root Certificate Status

Any help would be greatly appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nuttea Jirattiv... Fri, 08/13/2010 - 03:47

Have you try remove domain configuration on your autonomous ap? or just write erase and try again.


This Discussion