Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Import of 4215 fails on IPSMC 2.2

When we try to import our 4215 sensor to IPSMC 2.2, we receive the message in the IPSMC

Import

Import failed due to exceptionError importing configuration files from the sensor - Unable to get sensor version from the sensor. Possible reasons: X.509 certificate is invalid or sensor version was downgraded.

Import Completed

The sensor is at version 5.1(6)E1 Signature Update S295.0

What could be the problem and how can I resolve it?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Import of 4215 fails on IPSMC 2.2

Darlin,

Could be the tls certificate expired in device or time is not synchronized between IPS and IPS MC server.

Log into the sensor with administrator privilege and give the below command in privilege mode

"tls generate-key"

Query and apply the new key in the " Certificate Management " page of IPS MC. Now try reimport.

Check the time in both sensor and IPS MC server machine and it should be synchronized.

If still you have the issue. Please open a TAC case and contact me. We will debug further.

~Raja

2 REPLIES
New Member

Re: Import of 4215 fails on IPSMC 2.2

Darlin,

Could be the tls certificate expired in device or time is not synchronized between IPS and IPS MC server.

Log into the sensor with administrator privilege and give the below command in privilege mode

"tls generate-key"

Query and apply the new key in the " Certificate Management " page of IPS MC. Now try reimport.

Check the time in both sensor and IPS MC server machine and it should be synchronized.

If still you have the issue. Please open a TAC case and contact me. We will debug further.

~Raja

New Member

Re: Import of 4215 fails on IPSMC 2.2

Hi Raja;

Thank you for your help. I would have open a Cisco TAC case but it has become such and ordeal to get help via there new TAC web interface with the requesting for serial numbers of devices/contracts etc. the TAC must have decreased the number of tickets they receive by day in doing implementing that idea. Cool move!

Cisco 1 Clients 0? ;-)

Anyway Raja, the information that you provided, helped me to resolve my problem. Just a note however, it seamed necessary to have the order correct.

1 set the clock

2 use tls generate-key

3 import the device

Thanks for you help.

118
Views
0
Helpful
2
Replies