cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1068
Views
0
Helpful
2
Replies

WLC Telemetry after upgrade to 2.1.2.7

rasmus.elmholt
Level 7
Level 7

Hi,

I have just upgraded my DNAC verison 1.3.3.7 to version 2.1.2.7.

Under provision and inventory I have a box the some fixes the DNAC want to apply.

One of them says: "We detected IOS-XE device(s) in your network where new telemetry subscription for assurance data needs to be enabled and some of the existing subscription needs to be optimised for performance. Do you want to take an action to provision these subscriptions? Apply Fix"

Does anybody know where I can find some documentation on what this fix is actually doing to my WLC before I apply it?

After the upgrade we don't get any telemetry data from the WLC at all.

2 Replies 2

extac
Level 1
Level 1

It can be this bug , https://quickview.cloudapps.cisco.com/quickview/bug/CSCvw15829

Can you check logs if you see this log Telemetry Subscription failed for <IP Address >. Index 0 out of bounds for length 0"

I would open a case with TAC .

As far as I can se this bug is on 1.3.3.7 and we just upgraded from that one. And I cannot find anything in the log about the error.

 

But I do find a lot of SSL exceptions in the collector-iosxe-db log:

{"timeMillis":1629282186474,"thread":"nioEventLoopGroup-4-5","level":"ERROR","loggerName":"com.cisco.iosxe.stream.collector.ChannelMessageHandler","message":"Channel Exception cause: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown","endOfBatch":false,"loggerFqcn":"org.apache.logging.slf4j.Log4jLogger","threadId":150,"threadPriority":10}

 

On the WLC show telemetry internal connection is in the Connecting State:

show telemetry internal connection 
Telemetry connections

 

Index Peer Address               Port  VRF Source Address             State
----- -------------------------- ----- --- -------------------------- ----------
 1021 10.x.x.5               25103   0 10.x.x.25                Connecting
On the WLC I also see some SSL errors:
2021/08/18 10:34:06.488941 {pubd_R0-0}{1}: [pubd] [26418]: (note): CNDP_MGR:conn_id[]TLS handshake failure [SSL error]
2021/08/18 10:34:06.488941 {pubd_R0-0}{1}: [pubd] [26418]: (note): CNDP_MGR:conn_id[]TLS ECODE[SSL error]
2021/08/18 10:34:06.488937 {pubd_R0-0}{1}: [opssl_parser] [26418]: (ERR): OPSSL:140314718745536:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1921:
2021/08/18 10:34:06.488924 {pubd_R0-0}{1}: [opssl_parser] [26418]: (ERR): OPSSL:Handshake: Unexpected error. non default 1
2021/08/18 10:34:06.488671 {pubd_R0-0}{1}: [pubd] [26418]: (note): CNDP_MGR:conn_id[]Resume TLS Handshake
2021/08/18 10:34:03.475189 {pubd_R0-0}{1}: [pubd] [26418]: (note): CNDP_MGR:conn_id[]TLS handshake failure [SSL error]
2021/08/18 10:34:03.475188 {pubd_R0-0}{1}: [pubd] [26418]: (note): CNDP_MGR:conn_id[]TLS ECODE[SSL error]
2021/08/18 10:34:03.474598 {pubd_R0-0}{1}: [pubd] [26418]: (note): CNDP_MGR:conn_id[]Resume TLS Handshake
2021/08/18 10:34:03.474585 {pubd_R0-0}{1}: [cndp-mgr] [26418]: (note): CNDP_MGR:conn_id[10.x.x.5:25103:0:10.x.x.25]socket 109 become readable.
 
 

Review Cisco Networking for a $25 gift card