Hi,
I'm not able to bring up vEdgeCloud device.
Connectivity to controllers over all transports is correct. System settings and root-cert is correct:
LAB-BR11# show control local-properties
sp-organization-name HIDDEN
organization-name HIDDEN
root-ca-chain-status Installed
certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Jan 20 15:48:41 2020 GMT
certificate-not-valid-after Jan 17 15:48:41 2030 GMT
dns-name vbond.sdwan.lab
site-id 11
domain-id 1
protocol dtls
system-ip 192.168.0.11
chassis-num/unique-id 184fbda9-2cc2-8c4b-9c04-03b7abe6496c
serial-num 746E02AD
vEdge is not accepted by vBond:
vbond dtls 0.0.0.0 0 0 <vbond.sdwan.lab> 12346 <vbond.sdwan.lab> 12346 public-internet challenge_resp RXTRDWN BIDNTVRFD 138 2020-01-20T18:55:40+0100
vbond dtls 0.0.0.0 0 0 <vbond.sdwan.lab> 12346 <vbond.sdwan.lab> 12346 mpls challenge_resp RXTRDWN BIDNTVRFD 137 2020-01-20T18:55:24+0100
It looks to BIDNTVRFD problem, but on vBond is vEdge cert valid:
vbond# show orchestrator valid-vedges serial-number 746E02AD
184FBDA9-2CC2-8C4B-9C04-03B7ABE6496C 746E02AD valid <orgname-hidden> N/A
vBond log:
local7.debug: Jan 20 18:22:17 vbond VBOND[2342]: vbond_handshake_event_cb[6501]: %VDAEMON_DBG_MISC-1: Get CA RSA Public key
local7.debug: Jan 20 18:22:17 vbond VBOND[2342]: vdaemon_verify_peer_bidcert[384]: %VDAEMON_DBG_MISC-1: Peer's Certificate validation Failed (expected Viptela) got "SD-WAN PoC"
local7.info: Jan 20 18:22:17 vbond VBOND[2342]: %Viptela-vbond-vbond_0-6-INFO-1400002: Notification: 1/20/2020 17:22:17 vbond-reject-vedge-connection severity-level:major host-name:"vbond" system-ip:10.23
8.162.251 uuid:"184fbda9-2cc2-8c4b-9c04-03b7abe6496c" organization-name:"<hidden>" sp-organization-name:"<hidden>" reason:"ERR_BID_NOT_VERIFIED"
vBond is expected Viptela's cert but I'm using in my lab my own root-cert (it is imported on all controllers and VE devices).
martin
