Showing results for 
Search instead for 
Did you mean: 

Cisco DNA Center PNP Trustpool download

Julian Häusl
Level 1
Level 1

I have a DNAC running on (About says and want to get PNP to work.

First we tried with the default certificate the DNAC creates when starting it first time, there the onboarding process will be stuck at the planned state. The show pnp tasks command said, that the certification installation task was unsuccessful.


After that i wanted to try with a certificate from our own PKI. So i created a CSR using the API endpoint /certificate/csr, got it signed from our PKI and imported it with the same endpoint. Good so far, in the browser i see that the certificate is valid and secure.


If i now want to pnp a cisco switch, the switch recognizes pnpserver.domain and starts, but then it stops at the trustpool download and i get these messages:

Loading http://pnpserver.domain/ca/trustpool !!!!!!

%PKI-4-TRUSTPOOL_DOWNLOAD_FAIL: Trustpool download failed due to low nvram storage


I tried with Cisco 2960 and Cisco 2960-C Switches, all have the same problem.


The question is though, why did it not stop at the trustpool download with the own certificate from the DNAC and why does it now try to download a 121kB file into a 64kB NVRAM.


I also tried manually downloading the trustpool and storing it into flash. This worked, but then i cannot use PNP.


Has anyone else the same problem or even a solution?


Thanks in advance.!

0 Replies 0