Solved: Re: Cannot remove trustpoint from ASA

brett.harrison · ‎06-04-2009

I am trying to clear out all the trustpoints on my ASA to reconfigure the ASA phone-proxy. However, I cannot remove the ctl-file asdm_CTL_File.

When I enter the command clear configure crpyto ca trustpoint I receive this error.

ERROR: The trustpoint phoneproxy_trustpoint appears to be in use. Unable to remove this trustpoint.

ERROR: Trustpoint cannot be removed There are 1 open sessions.

ERROR: The trustpoint _internal_PP_asdm_CTL_File appears to be in use. Unable to remove this trustpoint.

ERROR: Trustpoint cannot be removed There are 1 open sessions.

INFO: Be sure to ask the CA administrator to revoke your certificates.

I'm sure it's one or two commands that I am missing. Any help would be great.

Alan Huseyin Kayahan · ‎06-06-2009

Hello Brett

Have you tried removing CA certificate first?

clear configure crypto ca certificate "certname"

Also try clearing crls

clear crypto ca crls

An IPSEC transform-set in use by a crypto-map, containing RSA may also be causing this. Try removing the transform-set first

Regards

Alan Huseyin Kayahan · ‎06-06-2009

Hello Brett

Have you tried removing CA certificate first?

clear configure crypto ca certificate "certname"

Also try clearing crls

clear crypto ca crls

An IPSEC transform-set in use by a crypto-map, containing RSA may also be causing this. Try removing the transform-set first

Regards

Farrukh Haroon · ‎06-07-2009

If this issue is still not solved, do a "show tls-proxy sessions" and clear any in-use sessions.

Regards

Farrukh

brett.harrison · ‎06-12-2009

Looks like the commands took. Thank you for your help!

Farrukh Haroon · ‎06-12-2009

Please mention which command specifically solved your problem.

Please rate any solutions if you find them helpful.

Regards

Farrukh