cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
103
Views
0
Helpful
2
Replies
Highlighted
Beginner

Node certificate invalid - all switches inactive

Hi community,

 

I have at least one major issue, perhaps even two.

We have a small demo-lab, one APIC, two leaf switches, one spine. A critical fault (F3031) is raised with a description of "Node Certificate is invalid: Failed to parse the subject line as a valid ACI fabric certificate AND Invalid Serial Number AND Invalid Product ID". The fault is raised for the APIC.

For a time everything went fine, though. We had this fault but nothing really happened. Now I reset the fabric to factory defaults and started building it up from scratch. All nodes are discovered successfully, however they turn to an "inactive" state right after discovery. I have seen this happen in other environments for a short period, maybe up to a couple of minutes but in this case it's been hours now, since the devices have been discovered. I have a hunch this issue might be related to the invalid certificate.

Am I on the right track or are those problems not related? What can I do to get back a valid certificate?

 

Thank you and kind regards,

Nik

2 REPLIES 2
Cisco Employee

Re: Node certificate invalid - all switches inactive

In 4.2 we introduced a new cli command "show discoveryissues" which can be run on leaf cli.

the cli basically runs a script in backend and perform multiple checks, certificate check is one of them.

 

If invalid certificate is the issue, please open a tac case.

 

 

 

Beginner

Re: Node certificate invalid - all switches inactive

Thank you Gaurav,

unfortunately the switches are still running 3.2(7f) so the command is not available.

I think I'll go with the TAC case. I'll update the discussion when we have a solution.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards