Symptom
A wireless LAN controller stops sending telemetry data to Cisco DNA Center, so Assurance stops plotting health.
"Show telemetry internal connection" will show the connection stuck in Connecting state.
Conditions
This applies to Catalyst 9800 controllers. This problem occurs exactly one year from the date that the wireless LAN controller is added to the site in Cisco DNA Center. The following syslog message confirms the problem:
Aug 18 02:19:05.640: %PKI-3-KEY_CMP_MISMATCH: Key in the certificate and stored key does not match for Trustpoint-sdn-network-infra-iwan.
Workaround
Do the following to reconfigure the certificate:
1. In the Cisco DNA Center GUI, choose Provision > Network Devices > Inventory.
2. Choose the device and from the Actions drop-down list, choose Telemetry > Update Telemetry Settings.
3. In the Update Telemetry Settings window, do the following:
a. Check the Force Configuration Push check box to push the configuration changes to the device.
b. Click Next.
c. Click the Now radio button.
d. Click Apply.
4. Wait 5-10 minutes for connection to reestablish. "show telemetry internal connection" will show the state change from Connecting to Active.
Further Problem Description
This issue occurs during PKI key rollover. PKI will name the new key to be 'keyname#' then rollover to using that key by deleting key 'keyname' and renaming 'keyname#' to 'keyname'. However SKA was never given rename capabilities so it leaves SKA with the old key.
Adding this defect will fix the issue at next rollover but to remidy the issue a reload is required.
