Symptom
When the IOS PKI Client tries to renew it's existing certificate [i.e. the RENEW timer in "show crypto pki timer" reaches 0], if the first attempt is interrupted due to communication failure [for example: the link between the client and the RA/CA is broken], the subsequent attempts to renew the certificate fail.
Debugs will show:
[debug crypto pki transaction]
CRYPTO_PKI: Failed to send the request. There is another request in progress.
Because of this, removing the trustpoint also fails with the following error:
Error: There is an auto enrolment transaction in progress.
Please wait until the current auto enrolment to finish before
starting a new enrolment transaction.
no crypto pki enroll _TP-Name_ - Does not help in this case
Conditions
IOS PKi Client configured to enroll through an RA, with auto-renewal configured:
crypto pki trustpoint TP
enrollment mode ra
auto-enroll 80
Workaround
Reload the router
Further Problem Description
Although deleting the certificate chain [no crypto pki certificate chain _TP-Name_], followed by the trustpoint authentication and enrollment may also resolve the issue, future renewals may get affected unless the router is reloaded.
