OPERATIONAL DEFECT DATABASE
...
...
-Onboarding a new cEdge to an existing overlay may fail. -The control connections fails due to the certificate being mismatched with the certificate that exists on vManage. -The output of "show control connections-history" or "show sdwan control connection-history" on the cEdge/vEdge devices, may show the following: PEER PEER LOCAL REMOTE REPEAT TYPE PROTOCOL STATE ERROR ERROR COUNT DOWNTIME ------------------------------------------------------------------------------------- vbond dtls tear_down CRTVERFL NOERR 55 2020-02-05T15:24:23-0600 vbond dtls tear_down CRTVERFL NOERR 54 2020-02-05T15:24:07-0600 -vBond rejects the edge claiming it doesn't have the correct Cert.
So far a New cEdge out of the box running 16.10.3a and/or upgraded to 16.12.2r
a) if this is an on-prem setup, then use the below workaround: On the vManage/vBond, 1. ssh into the CLI and drop into the shell. 2. Run the command "cat /usr/share/viptela/root-ca.crt" 3. Copy the output making sure to capture everything On cEdges, 1. Save the copied information on the cEdge in a file 2. Run the command "request platform software sdwan root-cert-chain install bootflash:certificate-file.crt" 3. Check if the control connections are established "show sdwan control connections". You may have to go through the request process again. On vEdges, 1. Save the copied information on the vEdge under /home/admin 2. Run the command "request root-cert-chain install /home/admin/certificate-file.crt" 3. Check if the control connections are established "show control connections". You may have to go through the request process again. If you would prefer to use scp, ftp, or some other method to get the file on the Edge, that is fine as long as the whole file in its entirety is installed. b) if this is a hosted solution: -The proper fix for this issue, is to use PNP portal and install the root-cert of the controllers into the controller profile section. Then the Edge device can call-home using ZTP to install the proper cert.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
