Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6641
Views
18
Helpful
8
Replies

Stuck on "Repair Cert Verify" in UCS Central Integration

Mierdin21
Level 1
Level 1

‎07-26-2013 09:26 PM - edited ‎03-01-2019 11:09 AM

I am trying to register a UCS domain to UCS Central. This is the UCS Emulator version 2.1(2a) but I still feel that it's not an emulator-specific issue, so I'm posting here.

On the FSM tab, I'm stuck here:

cert.png

It will go through steps 1-4 every 10 seconds or so, while hanging on the last one for about another 20 seconds. Then it re-tries, looping infinitely.

I have tried creating a new Keyring, and generating a new certificate request, but after going through the wizard for that, I don't get any window that shows me the certificate request, therefore I can't successfully generate the certificate. I'm not even sure this second step is required for UCS Central integration, frankly.

3 people had this problem
Preview file
32 KB
0 Helpful
8 Replies 8

Mierdin21
Level 1
Level 1

‎07-26-2013 11:15 PM

I re-installed UCS Central on another box, this time using local storage. My NFS array wasn't pulling the performance metrics that the UCSC setup wizard required, apparently, so I got a warning when it started. On a hunch, I re-installed elsewhere and tried again, and this time it worked.

FWIW, the second part about a certificate is not necessary for UCSC integration, it works fine with the default keyring.

hetalsoni
Level 1
Level 1
In response to Mierdin21

‎09-26-2013 04:59 AM

I have same issue, as suggested, installed UCS central on other server-- same issue.

Is there any other work around?

0 Helpful

hetalsoni
Level 1
Level 1
In response to Mierdin21

‎09-27-2013 01:43 PM

I have fixed this issue by re generating new certificate on UCS Central. Below are commands used

connect local-mgmt

re-generate certificate

exit

commit-buffer

It will droup UCS Central GUI interface and should come up in quickly. Try registering UCS doamin.

Please post if above solution works.

Thanks

Hetal Soni

0 Helpful

Danny Sandner
Level 1
Level 1
In response to hetalsoni

‎04-03-2014 08:48 AM

Hi Hetal Soni,

 

I can't find the command "re-generate certificate" in ucs central 1.1.2.

I had the issue after I reinstalled ucs central (tried disaster recovery and so on). I deleted just the disks of the vm and added two new ones. After I reinstalled it again with a complete new vm with th ovf template, it worked.

/Hugo

0 Helpful

Ignacio Orozco
Cisco Employee
Cisco Employee
In response to Danny Sandner

‎10-31-2014 12:57 PM

Regenerating the Default Key Ring

The default key ring certificate must be manually regenerated if the cluster name changes or the certificate

expires.

Procedure

Command or Action Purpose

Step 1 UCSC#connect policy-mgr Enters policy manager mode.

Enters organization mode for the specified

organization.

Step 2 UCSC(policy-mgr)#scope org

Enters device profile mode for the specified

organization.

Step 3 UCSC(policy-mgr) /org#scope device-profile

UCSC(policy-mgr) /org/device-profile#scope Enters security mode.

security

Step 4

Enters key ring security mode for the

default key ring.

UCSC(policy-mgr) /org/device-profile/security

# scope keyring default

Step 5

UCSC(policy-mgr) Regenerates the default key ring.

/org/device-profile/security/keyring # set

regenerate yes

Step 6

Commits the transaction to the system

configuration.

UCSC(policy-mgr)

/org/device-profile/security/keyring* #

commit-buffer

Step 7

Cisco UCS Central CLI Reference Manual, Release 1.2

Preview file
6182 KB

dennisermisch
Level 1
Level 1

‎10-01-2013 08:57 AM

Hi there,

I had the same issue but in my case the ntp servers resolved the problem. In case you have a time mismatch, it prevents the ucsm from registering in ucs central. Maybe this works.

Best regards

Danny Sandner
Level 1
Level 1

‎07-16-2014 03:52 AM

If the reason is an old UCS "ghost", you have to remove this from the service-manager in UCS Central CLI.

It worked for me.

 

I reinstalled UCS Central and want to add the old UCS domain again. Got a Cert-failure. Time was synchronous (same NTP server).

I had to got to UCS Central CLI, service-manager, and remove the old "ucs client". After that, I could add the old ucs domain again.

 

/danny

0 Helpful

Raphael
Level 1
Level 1
In response to Danny Sandner

‎12-16-2014 07:25 AM

I had the same problem, thanks to danny's idea I found the correct command. Was not very intuitive at all...

The client operational state has to be "Lost Visibility" in order for this to work:

UCS-Central-Test1#connect service-reg
UCS-Central-Test1(service-reg)# show clients detail
Registered Clients:
    ID: 1008
    Registered Client IP: 192.168.44.131
    Registered Client IPV6: ::
    Registered Client Connection Protocol: Ipv4
    Registered Client Name: UCSPE-192-168-44-131
    Registered Client GUID: c63876be-81f0-11e4-a68b-000c2964fdba
    Registered Client Version: 2.2(3a)
    Registered Client Type: Managed Endpoint
    Registered Client Capability: Policy Client Module
    Registered Client Last Poll Timestamp: 2014-12-16T10:41:51.734
    Registered Client Operational State: Lost Visibility <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
    Registered Client Suspend State: Off
    Registered Client License State: License Graceperiod
    Registered Client grace period used: 0
    Registered Client Network Connection State: Connected
UCS-Central-Test1(service-reg)#

UCS-Central-Test1(service-reg)# delete clients 1008
UCS-Central-Test1(service-reg)* # commit-buffer
UCS-Central-Test1(service-reg)#

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card