cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
315
Views
0
Helpful
1
Replies
Highlighted
Beginner

FindIT Probe fail to associate with Manager

Hello,

I was just setting up a FindIT installation. But I can't get the probe connected to the manager. The manager runs on Ubuntu, the probe is the VMware appliance.

The setup process of the probe runs normally up to the point where I specify the location. Here I click on Finish, then I am redirected to the start page of the probe. But this is not linked to the manager.

In the log of the probe I find the following entry:

 

May 25 13:11:26 findit-probe finditprb[945]: INFO System[9a1c5700]: ChagentManager::Execute result hostname: findit-probe#012user:  <86><F2>:Z^?#012Agent version: 2.1.0#012Agent status: up#012Callhome Agent status: up#012Channel Manager
 status: up#012Channel status: down#012 remote IP: findit.xxxxx remote Port: 443#012 latest connector errors: #012#012 latest connection errors: #0121590412284041/2020-May-25 13:11:24.041000/asio.ssl/336134278/certificate verify faile
d#0121590412274024/2020-May-25 13:11:14.024000/asio.ssl/336134278/certificate verify failed#0121590412264009/2020-May-25 13:11:04.009000/asio.ssl/336134278/certificate veri


Can anyone help?

1 REPLY 1
Highlighted
Cisco Employee

Before connecting to the manager, the probe will verify that the HTTPS certificate details presented by the manager match the configuration on the probe.  From the Quick Start Guide, we have:

 

When establishing a connection to the manager, the probe checks to ensure the certificate presented by the manager is valid and can be trusted. For the certificate to be acceptable and the connection to proceed, the certificate must meet the following conditions:

  • The certificate must be signed by a trusted Certificate Authority (CA), or the certificate itself must be added to the device configuration as a trusted certificate. Refer the device administration guide for details on adding a trusted certificate.

  • If the manager is configured as an IP address, then either the Common Name field or the Subject-Alt-Name field of the certificate must contain that IP address

  • If the manager is configured as a hostname, then either the Common Name field or the Subject-Alt-Name field of the certificate must contain that hostname

Most likely your certificate is not set up correctly.  So there are a couple of approaching depending on the environment:

1. First of all, make sure you are configuring the Manager address in the Probe using the FQDN or IP address that is explicitly listed in the Manager certificate.  If the Manager has been set up correctly, then this will almost certainly be the problem.  Usually this occurs when you enter the IP address of the manager into the probe, but the certificate only has the FQDN listed.

2. If you are using a self-signed certificate on the manager (i.e. the default behaviour out of the box), go to the System > Certificate page and regenerate the certificate.

3. If you are using a CA-signed certificate, then you should make sure that the FQDN that you supplied to the CA matches the name you are using for the Manager.

 

Generally speaking, one of the above should resolve the issue.  If you are still stuck after checking those, I'd suggest contacting the support center (https://cisco.com/go/sbsc) for assistance.  They will want to know exactly what you have configured in the probe, and will want to see a copy of the certificate, which you can download from the System > Certificate page or display by clicking the padlock in the browser toolbar when you are connected to the manager.

 

Cheers,

Dave.