01-25-2011 02:10 PM
Hi all,
I am in the process upgarding the OS from 4.1.5f to 4.2.3c . There was no issue upgarding the central manger.
While upgarding the other WAE's from the CM and also from the CLI there is an Alarm as below.
Alarm ID Module/Submodule Instance
--------------- -------------------- ---------------
1 mstore_key_retrieval cms ssl_mstore_key
2 mstore_key_failure sslao mstore_key_failure
Also the central manager shows that devices offline.
Thanks for your help
Dhana
01-25-2011 02:18 PM
Hi Dhana,
Please apply following commands from CLI on the WAEs that are hsowing up this error:
1. cms disable on WAE. commnd: CM deregister OR CMS deregister force
2. delete the device from CM
4.Apply following commands to WAE:
WAE-674-1(config)#no accelerator ssl enable
Disabled ssl accelerator.
WAE-674-1(config)#end
WAE-674-1#crypto pki managed-store initialize
All certificate/private keys in SSL managed store will be deleted and optimized SSL traffic will be interrupted. Are you sure you want to continue(yes/no)? [no]:yes
SSL managed store token file not present. Continuing with deletion of certificates in SSL managed store
Restarting SSL accelerator. Done.
WAE-674-1#conf t
WAE-674-1(config)# accelerator ssl enable
Enabled ssl accelerator
WAE-674-1(config)#cms enable
Hope this helps.
Regards.
PS: Please mark this Answered, if it resolves the issue.
01-25-2011 02:41 PM
Hi Bhavin, Thanks for the support, but it did not help, still alarm exists.
Is this is a Known bug in 4.2.3c. Or if there is any special steps to be followed for upgrade from 4.1.5f to 4.2.3c
01-25-2011 03:07 PM
Hi,
No, this is not a known issue.
Please make sure to verify "sh cms secure-store" command from the device then perform the steps I mentioned.
If the secure store is not open, please perform following first:
cms secure-store init
crypto pki managed-store initialize
conf t
no acc ssl enable
after few seconds enter the command
acc ssl enable
You may want to check the CM secure store, too.
Regards,
Bhavin.
01-26-2011 10:14 AM
Hi Bhavin,
When i enter the command "cms secure-store init" it throws an error as below.
'Failed to init Key from key manager. No primary CM found/unreachable."
I tried pinging the CM from the device and it is reachable. I tried re-initilaizing the secure store in the CM also , still no luck.
01-28-2011 10:27 AM
try enabling cms first (conf --> cms enable) then wait for it to register with the central manager
01-31-2011 11:49 AM
Hi Dhana,
Do you have CM configured on WAE?
Please verify. Can attach show run ? (you can repalce the real ip addresses with some fake ips).
Thanks.
02-02-2011 04:32 PM
The issue got resolved. We had a corrupted Secure store in the Central manager. Thanks for your Help - Dhana
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide