I had to add a new WAE to the system that needs to be AO.
I put in the basic config to get it on my network. Then did the cms enable, it showed as already activated on the Central Manager even though the command "no auto-register enable" is set. I was fine with that, however, when I look at Services in the Central Manager it is Blank on the device listing and just shows as "WAE" in the device dashboard on the CM. I would expect to see Applicatoin Accelerator.
I also don't see the configuration that I have in my AllDeviceGroup going from the Central Manager to the WAE.
I checked License on the WAE and Enterprise is Active, show cms info shows Online, I'm just not seeing the config that I would expect the CM to push to the WAE on the WAE.
Any ideas, suggestions?
I've done a cms deregister force, removed from CM. Added back. Still the same result. It does appear that the WAE is doing acceleration, but I'm not able to see that information on my Central Manager.
Just to let you know I do have a TAC case opened on this too. It appears that the issue is SSLCyrpto.. I see the following in the syslog on the CM:
2012 Jan 6 06:35:05 waas-cm java: %WAAS-CMS-4-700001: cdm(RpcWorker-
1): SSCrypto.decrypt:unable to decrypt data. Failed to decrypt data for UserCon
fig_26849. Unable to calculate configuration updates for device device-
waas2/CeConfig_219522012 Jan 6 06:35:05 waas-cm java: %WAAS-CMS-4-700001: cdm(RpcWorker- 1): SSCrypto.decrypt:unable to decrypt data. Failed to decrypt data for UserCon fig_26849. Unable to calculate configuration updates for device device- waas2/CeConfig_21952
I'm not certain when this started, but I am going to guess when I started converting Legacy Core/Edge to AO
I still have one more Core left to convert to AO
It appears that since SSL Acceleration was enabled that is the cause of the issue with the device not being able to get the update as per the syslog message.
I just need to find a way to correct this. I would prefer not having to enable secure store on the Central Manager as from reading appears to require all users being deleted and TACACS disabled.
If there is something I can do (Even If I need to touch every remote WAE/WAVE) that would be great.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...