Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Stuck on "Repair Cert Verify" in UCS Central Integration

I am trying to register a UCS domain to UCS Central. This is the UCS Emulator version 2.1(2a) but I still feel that it's not an emulator-specific issue, so I'm posting here.

On the FSM tab, I'm stuck here:

cert.png

It will go through steps 1-4 every 10 seconds or so, while hanging on the last one for about another 20 seconds. Then it re-tries, looping infinitely.

I have tried creating a new Keyring, and generating a new certificate request, but after going through the wizard for that, I don't get any window that shows me the certificate request, therefore I can't successfully generate the certificate. I'm not even sure this second step is required for UCS Central integration, frankly.

Everyone's tags (3)
8 REPLIES
New Member

Stuck on "Repair Cert Verify" in UCS Central Integration

I re-installed UCS Central on another box, this time using local storage. My NFS array wasn't pulling the performance metrics that the UCSC setup wizard required, apparently, so I got a warning when it started. On a hunch, I re-installed elsewhere and tried again, and this time it worked.

FWIW, the second part about a certificate is not necessary for UCSC integration, it works fine with the default keyring.

New Member

Stuck on "Repair Cert Verify" in UCS Central Integration

I have same issue, as suggested, installed UCS central on other server-- same issue.

Is there any other work around?

New Member

Stuck on "Repair Cert Verify" in UCS Central Integration

I have fixed this issue by re generating new certificate on UCS Central. Below are commands used

connect local-mgmt

re-generate certificate

exit

commit-buffer

It will droup UCS Central GUI interface and should come up in quickly. Try registering UCS doamin.

Please post if above solution works.

Thanks

Hetal Soni

New Member

Hi Hetal Soni, I can't find

Hi Hetal Soni,

 

I can't find the command "re-generate certificate" in ucs central 1.1.2.

I had the issue after I reinstalled ucs central (tried disaster recovery and so on). I deleted just the disks of the vm and added two new ones. After I reinstalled it again with a complete new vm with th ovf template, it worked.

/Hugo

Cisco Employee

Regenerating the Default Key

Regenerating the Default Key Ring

The default key ring certificate must be manually regenerated if the cluster name changes or the certificate

expires.

Procedure

Command or Action Purpose

Step 1 UCSC#connect policy-mgr Enters policy manager mode.

Enters organization mode for the specified

organization.

Step 2 UCSC(policy-mgr)#scope org

Enters device profile mode for the specified

organization.

Step 3 UCSC(policy-mgr) /org#scope device-profile

UCSC(policy-mgr) /org/device-profile#scope Enters security mode.

security

Step 4

Enters key ring security mode for the

default key ring.

UCSC(policy-mgr) /org/device-profile/security

# scope keyring default

Step 5

UCSC(policy-mgr) Regenerates the default key ring.

/org/device-profile/security/keyring # set

regenerate yes

Step 6

Commits the transaction to the system

configuration.

UCSC(policy-mgr)

/org/device-profile/security/keyring* #

commit-buffer

Step 7

Cisco UCS Central CLI Reference Manual, Release 1.2

New Member

Stuck on "Repair Cert Verify" in UCS Central Integration

Hi there,

I had the same issue but in my case the ntp servers resolved the problem. In case you have a time mismatch, it prevents the ucsm from registering in ucs central. Maybe this works.

Best regards

New Member

If the reason an old UCS

If the reason is an old UCS "ghost", you have to remove this from the service-manager in UCS Central CLI.

It worked for me.

 

I reinstalled UCS Central and want to add the old UCS domain again. Got a Cert-failure. Time was synchronous (same NTP server).

I had to got to UCS Central CLI, service-manager, and remove the old "ucs client". After that, I could add the old ucs domain again.

 

/danny

New Member

I had the same problem,

I had the same problem, thanks to danny's idea I found the correct command. Was not very intuitive at all...

The client operational state has to be "Lost Visibility" in order for this to work:

UCS-Central-Test1#connect service-reg
UCS-Central-Test1(service-reg)# show clients detail
Registered Clients:
    ID: 1008
    Registered Client IP: 192.168.44.131
    Registered Client IPV6: ::
    Registered Client Connection Protocol: Ipv4
    Registered Client Name: UCSPE-192-168-44-131
    Registered Client GUID: c63876be-81f0-11e4-a68b-000c2964fdba
    Registered Client Version: 2.2(3a)
    Registered Client Type: Managed Endpoint
    Registered Client Capability: Policy Client Module
    Registered Client Last Poll Timestamp: 2014-12-16T10:41:51.734
    Registered Client Operational State: Lost Visibility <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
    Registered Client Suspend State: Off
    Registered Client License State: License Graceperiod
    Registered Client grace period used: 0
    Registered Client Network Connection State: Connected
UCS-Central-Test1(service-reg)#

UCS-Central-Test1(service-reg)# delete clients 1008
UCS-Central-Test1(service-reg)* # commit-buffer
UCS-Central-Test1(service-reg)#

 

3322
Views
13
Helpful
8
Replies
CreatePlease to create content