Showing results for 
Search instead for 
Did you mean: 

RESTConf Install error

Level 1
Level 1

Hi, I'm trying to use RESTConf to test IOS upgrades, but I'm getting a malformed message error. 

I'm on Cisco IOS XE Software, Version 17.02.01r trying to upgrade to 17.03.04a


I'm doing a post to 

https://{{ _.router }}/restconf/operations/Cisco-IOS-XE-install-rpc:install

with this in the body: 


    "Cisco-IOS-XE-install-rpc:input": {
        "uuid": "test",
        "one-shot": true,
	"path": "bootflash:isr4400-universalk9.17.03.04a.SPA.bin",
         reloadfast": true

but I receive a 400 Bad request error: 


	"errors": {
		"error": [
				"error-message": "application error",
				"error-path": "/Cisco-IOS-XE-install-rpc:install",
				"error-tag": "malformed-message",
				"error-type": "application"

Does anyone know what the issue is? Other RestConf operations like reload work fine


25 Replies 25

There is a root user with privilege level 15. I'm using basic auth in Insomnia to pass the user name and password with the the install request. If I don't include basic auth with the request I get a "401 Unauthorized" response. Is the uuid supposed to be associated to the user? From the description it sounds like it could be any string. 


        "The UUID (universally unique identifier) is a string and is textual representation of a UUID. UUID is used to uniquely identify the install action invoked via RPC and it is replayed back in the install progress notifications to correlate them back to the original install operation.";



can you post the debug output with a successful post ?

ROuter000001#show log profile restconf
Displaying logs from the last 0 days, 0 hours, 10 minutes, 0 seconds
executing cmd on chassis local ...

2022/06/04 23:09:28.300531 {dmiauthd_R0-0}{1}: [errmsg] [13816]: (note): %DMI-5-AUTH_PASSED: User 'root' authenticated successfully fromIP_ADDRESS:0 and was authorized for rest over http. External groups: PRIV15
2022/06/04 23:09:28.330489 {nginx_R0-0}{1}: [ngx_core] [15990]: (note): [15995] [access_log]IP_ADDRESS - root [04/Jun/2022:23:09:28 +0000] "POST /restconf/operations/Cisco-IOS-XE-rpc:reload HTTP/1.1" 200 89 "-" "insomnia/2022.3.0"

I'm not sure why it's logged as a [errmsg] but then passes authentication



not sure why it throws the error code either...


I looked at the RFC for RESTCONF. Since nothing else works, I guess we have to look at some 'weird' stuff. What if you try HTTP/2 in the post (instead of the default HTTP/1.1. Or actually, try both:


https://{{ _.router }}/restconf/operations/Cisco-IOS-XE-install-rpc:install HTTP/1.1

https://{{ _.router }}/restconf/operations/Cisco-IOS-XE-install-rpc:install HTTP/2


Also, since I think you said you are using SSH, can you post the output of:


show ip ssh


from the device ? Which router model do you have ?



I'm currently using a 4451. I set my Insoshmnia preferences to HTTP/2, but it looks like all the request to RESTConf fall back to HTTP/1.1. 


Here is the output of "show ip ssh" 


SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
Hostkey Algorithms:x509v3-ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa
Encryption Algorithms:aes128-gcm,aes256-gcm,aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512
KEX Algorithms:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-617534083



I don't know if the SSH version used by your router matters. It currently supports only version 2. You could try and change that with the global config command 'no ip ssh version 2', which should result in the output of 'sh ip shh' displaying version 1.99 (which means it supports both v1 and v2).


Also, can you post a screenshot of the Insomnia Dashboard ?


You could obviously try and set the Preferences to HTTP 1.1 in Insomnia...



Is this what you want to see? 


Screenshot 2022-06-07 132946.png

I set the presences to both 1.1 and 2.0. Cisco always logs the request as 1.1 either way. 



can you try the below:


4451(config)#no ip http secure-server

4451(config)#no restconf


4451#conf t

4451(config)#ip http secure-server




So you basically remove and reinstall the restconfg part of the configuration...


After re-enabling restconf, try the install again...



I tried disabling and re-enabling restconf. I still get the same error: 


Screenshot 2022-06-07 142926.png

To rule out any Insomnia specific weirdness, I tried Postman and got the same result: 


Screenshot 2022-06-07 144636.png



do you have another router that you can test this on ? I wonder if this is a router-specific problem...

We do have other routers, but none that would be super convenient to test this on. Do you think it's a high probability that this issue is with this specific router ?