Loading...
Loading...
When the IOS PKI Client tries to renew it's existing certificate [i.e. the RENEW timer in "show crypto pki timer" reaches 0], if the first attempt is interrupted due to communication failure [for example: the link between the client and the RA/CA is broken], the subsequent attempts to renew the certificate fail. Debugs will show: [debug crypto pki transaction] CRYPTO_PKI: Failed to send the request. There is another request in progress. Because of this, removing the trustpoint also fails with the following error: Error: There is an auto enrolment transaction in progress. Please wait until the current auto enrolment to finish before starting a new enrolment transaction. no crypto pki enroll _TP-Name_ - Does not help in this case
IOS PKi Client configured to enroll through an RA, with auto-renewal configured: crypto pki trustpoint TP enrollment mode ra auto-enroll 80
Reload the router
Although deleting the certificate chain [no crypto pki certificate chain _TP-Name_], followed by the trustpoint authentication and enrollment may also resolve the issue, future renewals may get affected unless the router is reloaded.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
BugZero Plan
Streamline upgrades with automated vendor bug scrubs
BugZero Prevent
Wish you caught this bug sooner? Get proactive today.