APIC-EM PNP isues provisioning 4331

Guymarkcurtis · ‎04-25-2017

Hey

Has any one come accros this issue

we are trying pnp auto provision a 4331 router in our lab but on registration with apic-em it is having the following error

Received response from pnp agent for message correlatorId: CiscoPnP-1.0-5-621-7F53216FC1E8-5 but with error code : ZTD_CMD_ERROR Response String: ERROR:PnP Service Error 3300:Certificate installation not successful

this is comming from the apic-em device history

the connection process is then stalling with status of error and it never becomes an unclaimed device

we are using a boot strap config from usb to get the router to the point that it can connect to APIC-EM as it needs to bring up DMVPN tunnels to do this

i have tried updating to the latest recommended FW for the device

Thanks for any comments in advance

Guy

ngoldwat · ‎04-26-2017

Hi

Are you using vrf Mgmt-intf? If so you need to enable http.

aradford · ‎04-27-2017

Hi Guy,

are you able to provide the following:

1) APIC-EM version

2) Software version(s) on the 4331

3) a sanitized version of the bootstrap config

A couple of things to look at:

1) Did you look for console error messages in "show logging"

2) did you turn on debugging on the switch as a part of the bootstrap "debug pnp all"

Adam

leedavies-gds · ‎04-27-2017

I've seen this when trying pnp from a VRF. Solved it by moving pnp to Global. I suspect revocation checking does not recognise the VRF properly (missing "vrf" command under trustpoint) so certificate install fails.

aradford · ‎05-02-2017

Hi Lee, did you add the

ip http client source-interface <interface>

command as Nick suggested You need this if you are using a vrf.