Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
7
Replies

Upgrade Failed in WAE's from 4.1.5f to ver 4.2.3c with SSL Error.

dhanasekaran.r
Level 1
Level 1

‎01-25-2011 02:10 PM

Hi all,

I am in the process upgarding the OS from 4.1.5f to 4.2.3c . There was no issue upgarding the central manger.

While upgarding the other WAE's from the CM and also from the CLI there is an Alarm as below.

        Alarm ID                 Module/Submodule               Instance
   ---------------             --------------------          ---------------
   1 mstore_key_retrieval      cms                          ssl_mstore_key
   2 mstore_key_failure        sslao                        mstore_key_failure

Also the central manager shows that devices offline.

Thanks for your help

Dhana

0 Helpful
7 Replies 7

Bhavin Yadav
Cisco Employee
Cisco Employee

‎01-25-2011 02:18 PM

Hi Dhana,

Please apply following commands from CLI on the WAEs that are hsowing up this error:


1. cms disable on WAE. commnd: CM deregister OR CMS deregister force
2. delete the device from CM
4.Apply following commands to WAE:


WAE-674-1(config)#no accelerator ssl  enable
Disabled ssl accelerator.
WAE-674-1(config)#end
WAE-674-1#crypto pki managed-store initialize
All certificate/private keys in SSL managed store will be deleted and optimized SSL traffic will be interrupted. Are you sure you want to continue(yes/no)? [no]:yes
SSL managed store token file not present. Continuing with deletion of certificates in SSL managed store
Restarting SSL accelerator. Done.
WAE-674-1#conf t
WAE-674-1(config)# accelerator ssl  enable
Enabled ssl accelerator
WAE-674-1(config)#cms enable

Hope this helps.

Regards.

PS: Please mark this Answered, if it resolves the issue.

0 Helpful

dhanasekaran.r
Level 1
Level 1
In response to Bhavin Yadav

‎01-25-2011 02:41 PM

Hi Bhavin, Thanks for the support, but it did not help, still alarm exists.

Is this is a Known bug in 4.2.3c. Or if there is any special steps to be followed for upgrade from 4.1.5f to 4.2.3c

0 Helpful

Bhavin Yadav
Cisco Employee
Cisco Employee
In response to dhanasekaran.r

‎01-25-2011 03:07 PM

Hi,

No, this is not a known issue.

Please make sure to verify "sh cms secure-store" command from the device then perform the steps I mentioned.

If the secure store is not open, please perform following first:


cms secure-store init

crypto pki managed-store initialize

conf t
no acc ssl enable

after few seconds enter the command


acc ssl enable

You may want to check the CM secure store, too.

Regards,

Bhavin.

0 Helpful

dhanasekaran.r
Level 1
Level 1
In response to Bhavin Yadav

‎01-26-2011 10:14 AM

Hi Bhavin,

When i enter the command "cms secure-store init" it throws an error as below.

'Failed to init Key from key manager. No primary CM found/unreachable."

I tried pinging the CM from the device and it is reachable. I tried re-initilaizing the secure store in the CM also , still no luck.

0 Helpful

Patrick Moubarak
Level 4
Level 4
In response to dhanasekaran.r

‎01-28-2011 10:27 AM

try enabling cms first (conf --> cms enable) then wait for it to register with the central manager

0 Helpful

Bhavin Yadav
Cisco Employee
Cisco Employee
In response to dhanasekaran.r

‎01-31-2011 11:49 AM

Hi Dhana,

Do you have CM configured on WAE?

Please verify. Can attach show run ? (you can repalce the real ip addresses with some fake ips).

Thanks.

0 Helpful

dhanasekaran.r
Level 1
Level 1
In response to Bhavin Yadav

‎02-02-2011 04:32 PM

The issue got resolved. We had a corrupted Secure store in the Central manager. Thanks for your Help - Dhana

0 Helpful
Customers Also Viewed These Support Documents