I have at least one major issue, perhaps even two.
We have a small demo-lab, one APIC, two leaf switches, one spine. A critical fault (F3031) is raised with a description of "Node Certificate is invalid: Failed to parse the subject line as a valid ACI fabric certificate AND Invalid Serial Number AND Invalid Product ID". The fault is raised for the APIC.
For a time everything went fine, though. We had this fault but nothing really happened. Now I reset the fabric to factory defaults and started building it up from scratch. All nodes are discovered successfully, however they turn to an "inactive" state right after discovery. I have seen this happen in other environments for a short period, maybe up to a couple of minutes but in this case it's been hours now, since the devices have been discovered. I have a hunch this issue might be related to the invalid certificate.
Am I on the right track or are those problems not related? What can I do to get back a valid certificate?
Thank you and kind regards,
In 4.2 we introduced a new cli command "show discoveryissues" which can be run on leaf cli.
the cli basically runs a script in backend and perform multiple checks, certificate check is one of them.
If invalid certificate is the issue, please open a tac case.
Thank you Gaurav,
unfortunately the switches are still running 3.2(7f) so the command is not available.
I think I'll go with the TAC case. I'll update the discussion when we have a solution.