OPERATIONAL DEFECT DATABASE
...
...
The affected device reloads after license registration is attempted with a Smart Licensing Satellite Server. The crashinfo file reports that 'HTTP CORE' or 'Crypto PKI-CRL' as the culprit of the reload: UNIX-EXT-SIGNAL: Segmentation fault(11), Process = HTTP CORE or UNIX-EXT-SIGNAL: Segmentation fault(11), Process = Crypto PKI-CRL
Certificate Revocation List (CRL) check is configured: revocation-check crl And the result of these debugs show that the reload triggers after CRL check: - debug call-home trace - debug call-home error - debug call-home smart-licensing all - debug ip http client all - debug crypto pki API - debug crypto pki callb - debug crypto pki mess - debug crypto pki scep - debug crypto pki serv - debug crypto pki tran - debug crypto pki val - debug ssl openssl err - debug ssl openssl ext - debug ssl openssl msg - debug ssl openssl sta %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed Reason : Received 303 (See Other) from cdp :http://www.cisco.com/security/pki/crl/clrca.crl or %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint failed Reason : Failed to fetch IP address from host
Set revocation check to none: revocation-check none
Crash not present in version 16.12.5 Please, see the call home restrictions before setting the configs for on-Prem licensing: https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/csa/b-csa-asr-920-book/csa-xe-16-5-1-asr-920-configuring-call-home.html#Cisco_Concept.dita_41f48a0d-5e36-44e3-88ef-5df6f9b2cd65
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
