Symptom
Telemtry connection will be in "connecting" state:
device-1#show telemetry internal connection
Telemetry connections
Index Peer Address Port VRF Source Address State
----- -------------------------- ----- --- -------------------------- ----------
258 XXX.XXX.XXX.65 25103 0 XXX.XXX.XXX.145 Connecting
in Logs :
Jan 4 09:04:05.627: CRYPTO_PKI: status = 65535: failed to send out the pki message <<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Jan 4 09:04:05.627: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint DNAC-CA failed<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Reason : Failed to select socket. Timeout : 5 (Connection timed out) <<<<<<<<<<<<<<<<<<<<<
Conditions
Cofnig applied:
crypto pki trustpoint DNAC-CA
revocation-check crl none
CRL needs to be unreachable.
WLC 9800 (maybe even eWLC)
Running 17.3.X
Workaround
crypto pki trustpoint DNAC-CA
revocation-check none <<<<<<<<
OR make sure CRL is available and reachable.
Further Problem Description
