Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
5
Helpful
11
Replies

Unable to create a building in DNA 2.3.5.5-70026

Go to solution
MatteoComisso50310
Level 1
Level 1

‎04-24-2024 12:35 PM

Hi,

we have this fresh install of DNA Center 2.3.5.5-70026. I've been able to create areas using the Intent API but I can't create a building.

sitePath = "/dna/intent/api/v1/site"
headers = {'content-type': 'application/json'}
headers["X-Auth-Token"] = get_token()
headers['__runsync'] = 'true'
headers['__runsynctimeout'] = '30'

site_building = {
    "type": "building",
    "site": {
        "building": {
            "name": "TestBuilding",
            "address":"London",
            "parentName": "Global/EMEA"
        }
    }
}

response = requests.post(dnaCluster + sitePath, headers=headers, json=site_building, verify=False)
print(response.text)

Result:

{
  "executionId" : "b75e0b7b-84db-4788-bc98-57d75cdf084e",
  "statusCode" : 500,
  "errorResponse" : {
    "bapiErrorResponse" : {
      "bapiKey" : "50b5-89fd-4c7a-930a",
      "bapiName" : "Create Site",
      "bapiErrorCode" : "",
      "bapiErrorMessage" : ""
    },
    "componentErrorResponse" : [ {
      "compId" : "uuid4b784701",
      "compName" : "GET Location info",
      "compErrorCode" : "500",
      "compErrorMessage" : "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
      "componentType" : "REST_CLIENT"
    } ]
  }
}

Any idea on how to troubleshoot this any further?

Thanks,

Matteo

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MatteoComisso50310
Level 1
Level 1

‎05-14-2024 05:32 AM

Hi,

I've been working with the TAC engineer and we have solved it, almost. The problem was in our SWG that was forcing SSL inspection for tiles.mapbox.com and the DNA was unable to negotiate SSL because of that. The underlying problem is that I did install the SWG CA certificate as per documentation but that didn't work: has been installed, shows as installed, but still that SSL communication doesn't work. The only solution has been asking our sec team to add an exception for tiles.mapbox.com and now it works! It's a workaround, I know, but gets the job done in the intended timeline!

Regards,

Matteo

View solution in original post

11 Replies 11

Go to solution
Gabriel Zapodeanu
Cisco Employee
Cisco Employee

‎04-24-2024 01:58 PM

@MatteoComisso50310 Please follow the API docs. There are required parameters that have not been provided. The address must be a real street address
Example of params required:
```
building_info:
name: LO
address: 5400 Meadows Rd, Lake Oswego, Oregon 97035, United States
lat: 45.41676
long: -122.73312
```
Example of working payload:
```
building_payload = {
'type': 'building',
'site': {
'building': {
'name': building_name,
'parentName': 'Global/' + area_name,
'address': building_address,
'latitude': building_lat,
'longitude': building_long
}
}
}
```

 

0 Helpful

Go to solution
MatteoComisso50310
Level 1
Level 1
In response to Gabriel Zapodeanu

‎04-24-2024 02:07 PM

Hi @Gabriel Zapodeanu ,

thanks, but it didn't work.

site_building = {
    "type": "building",
    "site": {
        "building": {
            "name": "LO",
            "address":"5400 Meadows Rd, Lake Oswego, Oregon 97035, United States",
            "parentName": "Global/EMEA",
            "latitude": "45.41676",
            "longitude": "-122.73312"
        }
    }
}

Same as before:

{
  "executionId" : "e46d9b14-372d-47c8-b5ac-c7a2f7c463a2",
  "statusCode" : 500,
  "errorResponse" : {
    "bapiErrorResponse" : {
      "bapiKey" : "50b5-89fd-4c7a-930a",
      "bapiName" : "Create Site",
      "bapiErrorCode" : "",
      "bapiErrorMessage" : ""
    },
    "componentErrorResponse" : [ {
      "compId" : "uuid4b784701",
      "compName" : "GET Location info",
      "compErrorCode" : "500",
      "compErrorMessage" : "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
      "componentType" : "REST_CLIENT"
    } ]
  }
}

Can you provide a link to the documentation? This is what I've followed and doesn't provide many details: Create Site - Cisco Catalyst Center 2.3.7 - Cisco DevNet

Thanks,

Matteo

0 Helpful

Go to solution
Tomas de Leon
Cisco Employee
Cisco Employee
In response to MatteoComisso50310

‎04-24-2024 07:48 PM

Matteo,


Here are an example of API Requests that I just ran in my cluster to demonstrate adding an:
- Area
- Building
- Floor

 

DESIGN.HIERARCHY - (Create AREA - "Area1-API") - API TOOLKIT
------------------------------------------------------------
POST
{{PROTOCOL}}://{{CATC.IP.ADDRESS}}/dna/intent/api/v1/site

BODY
{
"type": "AREA",
"site": {
"area": {
"name": "Area1-API",
"parentName": "Global"
}
}
}


DESIGN.HIERARCHY - (Create BUILDING - "Building1-API") - API TOOLKIT
--------------------------------------------------------------------
POST
{{PROTOCOL}}://{{CATC.IP.ADDRESS}}/dna/intent/api/v1/site

BODY
{
"type": "BUILDING",
"site": {
"area": {
"name": "Area1-API",
"parentName": "Global"
},
"building": {
"name": "Building1-API",
"address": "175 West Tasman Drive, San Jose, California 95134, United States",
"parentName": "Global/Area1-API",
"latitude": "37.4096",
"longitude": "-121.951577"
}
}
}


DESIGN.HIERARCHY - (Create FLOOR- "Floor1-API") - API TOOLKIT
--------------------------------------------------------------------
POST
{{PROTOCOL}}://{{CATC.IP.ADDRESS}}/dna/intent/api/v1/site

BODY
{
"type": "FLOOR",
"site": {
"area": {
"name": "Area1-API",
"parentName": "Global"
},
"building": {
"name": "Building1-API",
"address": "150 West Tasman Drive, San Jose, California 95134, United States",
"parentName": "Global/Area1-API",
"latitude": "37.40803",
"longitude": "-121.952639"
},
"floor": {
"name": "Floor1-API",
"parentName": "Building1-API",
"rfModel": "Free Space",
"width": "100",
"length": "100",
"height": "10"
}
}
}

 

Hierarchy_Greenfield.pngHierarchy_Create-Area.pngHierarchy_Create-Building.pngHierarchy_Create-Floor.png

Go to solution
Gabriel Zapodeanu
Cisco Employee
Cisco Employee

‎04-24-2024 02:12 PM

This will give you more details about the Site APIs: https://developer.cisco.com/docs/dna-center/sites/#site-api
Catalyst Center has the API docs under:
Menu --> Platform --> Developer Toolkit --> APIs

 

0 Helpful

Go to solution
alikhtin77
Level 1
Level 1
In response to Gabriel Zapodeanu

‎05-14-2024 05:00 AM

Gabriel, thank you for the link you provided. I have unsuccessfully tested the code from Sites - Cisco Catalyst Center 2.3.7 - Cisco DevNet on dCloud "Cisco 4D IBN Campus PoV Sandbox 4.0 Revision 2.3.7.4" lab at LON.

the code completed with the following error:

Traceback (most recent call last):
  File "C:\Users\admin\Documents\py\test.py", line 128, in <module>
    main()
  File "C:\Users\admin\Documents\py\test.py", line 101, in main
    building_id = response['siteId']
                  ~~~~~~~~^^^^^^^^^^
KeyError: 'siteId'

 I added print command after the post request

    response = create_site(headers, site_building)
    print(response)

 and got the following:

{'executionId': 'c1384e43-9459-4428-a709-7067e7ddb1c1', 'statusCode': 500, 'errorResponse': {'bapiErrorResponse': {'bapiKey': '50b5-89fd-4c7a-930a', 'bapiName': 'Create Site', 'bapiErrorCode': '', 'bapiErrorMessage': ''}, 'componentErrorResponse': [{'compId': 'uuid4b784701', 'compName': 'GET Location info', 'compErrorCode': '500', 'compErrorMessage': 'sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target', 'componentType': 'REST_CLIENT'}]}}

 Please assist.

0 Helpful

Go to solution
Gabriel Zapodeanu
Cisco Employee
Cisco Employee

‎04-24-2024 02:18 PM

 

API tested in my lab:

GabrielZapodeanu_0-1713993455444.png

GabrielZapodeanu_1-1713993478203.png

 

0 Helpful

Go to solution
MatteoComisso50310
Level 1
Level 1
In response to Gabriel Zapodeanu

‎04-24-2024 10:04 PM

Hi,

thanks but I keep on getting the same error. I'd say it's not a payload issue, since the same payload works for you.

 

      "compName" : "GET Location info",
      "compErrorCode" : "500",
      "compErrorMessage" : "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",

 

What is this error about? It mentions "certification path" and made me think that we have an outbound transparent proxy that performs SSL decryption. I've already installed the CA certificate in the DNA following the Cisco DNA Center Administrator Guide, Release 2.3.4 - Configure System Settings [Cisco Catalyst Center] - Cisco. 

I can create buildings from GUI, so I don't think it's about the proxy, but still I tried. Any idea what that error is about?

Thanks,

Matteo

Go to solution
alikhtin77
Level 1
Level 1

‎05-14-2024 04:27 AM

Hello,

I have absolutely the same error. I am able to create site but not able to create building with API request.

 The error pointing to the SSL certificate. 

{
  "executionId" : "6b6f4281-a59f-49c7-a49e-4166015b3bcb",
  "statusCode" : 500,
  "errorResponse" : {
    "bapiErrorResponse" : {
      "bapiKey" : "50b5-89fd-4c7a-930a",
      "bapiName" : "Create Site",
      "bapiErrorCode" : "",
      "bapiErrorMessage" : ""
    },
    "componentErrorResponse" : [ {
      "compId" : "uuid4b784701",
      "compName" : "GET Location info",
      "compErrorCode" : "500",
      "compErrorMessage" : "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
      "componentType" : "REST_CLIENT"
    } ]
  }
}

 I am using self-signed certificate and using verify=False at the post requests.

Any assistance or workaround to solve it? 

0 Helpful

Go to solution
estetson
Cisco Employee
Cisco Employee

‎05-14-2024 05:17 AM - edited ‎05-14-2024 05:20 AM

Is this the error you see when using the developer toolkit, or a  tool like Postman? And do you see an error if you manually create a site?

If you go to System > Settings > Trustpool, is there a banner that says something along the lines of 'A new Cisco PKI turstpool certificate bundle is available. . . ".? If there is, can you choose to 'Update' and try again? 

Go to solution
alikhtin77
Level 1
Level 1
In response to estetson

‎05-14-2024 05:39 AM

There is no Trustpool in the current DNA version,

but you were right. I found a similar message at Settings > Certificates > Trusted Certificates. Updated Cisco PKI from external source and it solved this issue.

Thanks a lot!

Go to solution
MatteoComisso50310
Level 1
Level 1

‎05-14-2024 05:32 AM

Hi,

I've been working with the TAC engineer and we have solved it, almost. The problem was in our SWG that was forcing SSL inspection for tiles.mapbox.com and the DNA was unable to negotiate SSL because of that. The underlying problem is that I did install the SWG CA certificate as per documentation but that didn't work: has been installed, shows as installed, but still that SSL communication doesn't work. The only solution has been asking our sec team to add an exception for tiles.mapbox.com and now it works! It's a workaround, I know, but gets the job done in the intended timeline!

Regards,

Matteo

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card