cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
392
Views
0
Helpful
4
Replies

Embedded Cisco CBD Probe issues

austin-martinez
Level 1
Level 1

Hello, I am working with a CBS350 series switch that is up to date on the latest firmware. I am trying to enable the CBD probe to check into the dashboard, which was also recently updated to the latest version. I run through all the steps as provided through the dashboard, but when I click on "apply" on the switch, it gives me an error "CBD Retrieve Certificate failed." Anybody have any suggestions on how to fix this?

Thanks!

1 Accepted Solution

Accepted Solutions

I'm sorry that it did not resolve the issue. 

Is your CBD server address a domain name? If so, please ensure that your switch has the correct DNS server configuration.

Is the certificate for your CBD server signed by a public Certificate Authority (CA) or is it self-signed? If it is a public CA signed certificate, there is a known issue in CBS version 3.4 where the certificate retrieval error message is incorrectly displayed even though the switch has successfully connected to CBD. Please check the network status on CBD to confirm if it shows as online.

If you have console access to the switch, you can also try connecting using the CLI method. On the CBD portal, navigate to the network details page. If the network is offline, there should be an onboarding tab available. Select the Probe Type as "Embedded Probe" and the Device Type as "Cisco Business 350 Series Managed Switch". Switch to the CLI tab, and in step 4, select your CBS350 switch. Finally, copy and paste the CLI commands into the switch console to execute.

View solution in original post

4 Replies 4

Mark Fang
Cisco Employee
Cisco Employee

It sounds like the switch is having trouble reaching the CBD server. A common cause for this issue is the switch using a static IP address without a properly configured default gateway. If your browser is on the same subnet as the switch but the CBD server is not, you can open the switch GUI to run the wizard but the switch may fail to connect to the CBD server. 

Here are the steps to troubleshoot and potentially resolve the issue:

1. Check Default Gateway Configuration:

You can verify this via CLI with the command: show running-config | include default-gateway

Alternatively, check through the switch GUI: navigate to IPv4 Configuration > IPv4 Static Routes.

2. Ping Test:

Once the default gateway is configured correctly, perform a ping test to the CBD server from the switch to ensure connectivity.

3. Rerun the Connection Wizard:

If the connection is successful, rerun the CBD connection wizard.

 

 

Hello,

I have confirmed that there is a default gateway on this switch. In regards to a ping test, the destination server have pings disabled on the firewall, so the test is unable to be accurately preformed at this time. I do however have other switches that are able to communicate to the CBD portal, and there is a Virtual Machine running CBD Probe software that is able to run for this same office, but managing a different network. I did make sure that the Firewall at the location of the switch had a temporary bypass policy to allow any and all traffic to and from the switch and ran the test again, but still got the certificate retrieval error.

Thanks!

I'm sorry that it did not resolve the issue. 

Is your CBD server address a domain name? If so, please ensure that your switch has the correct DNS server configuration.

Is the certificate for your CBD server signed by a public Certificate Authority (CA) or is it self-signed? If it is a public CA signed certificate, there is a known issue in CBS version 3.4 where the certificate retrieval error message is incorrectly displayed even though the switch has successfully connected to CBD. Please check the network status on CBD to confirm if it shows as online.

If you have console access to the switch, you can also try connecting using the CLI method. On the CBD portal, navigate to the network details page. If the network is offline, there should be an onboarding tab available. Select the Probe Type as "Embedded Probe" and the Device Type as "Cisco Business 350 Series Managed Switch". Switch to the CLI tab, and in step 4, select your CBS350 switch. Finally, copy and paste the CLI commands into the switch console to execute.

Hello,

Looks like it was a DNS issue in this case. Resolving the DNS server allowed the device to get the certificate.

Thanks!