Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3597
Views
0
Helpful
5
Replies

vEdge onboarding , "ERR_CERT_VER_FAIL" in vBond

yvivekan
Cisco Employee
Cisco Employee

‎04-12-2019 05:07 AM - edited ‎04-12-2019 05:08 AM

Hi,

 

i'm trying to bring up the control plan (manual)

vManage->settings->Enterprise Root Certificate

using openssl, creating self signed certificate (CA) and installed in vManage.

vSmart and vBond  but validated and control connections are up between vManage, vSmart, vBond.

 

Now, while adding vEdge:

1. installed vEdge, using "show certificate serial" got the chassis number

2. signing is done to get .viptela file with this serial number

3. in vManage,  upload WAN edge list, used the .viptela file

4. got the token visible in the UI and in all three , could see the device listed in "show valid-vedge" 

5. did generate bootstrap , copied the OTP

6. inside the vEdge cloud, 

6.1  installed the root CA for certificate root-chain

6.2. issued the command "request vedge-cloud activate chassis << chassis >> token <<OTP>>

 

Now i'm expecting the vBond to come into picture and validate the device , which is not happening


from logs saw:

local7.info: Apr 11 16:01:52 vBond VBOND[2229]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 4/11/2019 16:1:52 vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:194.168.1.51 uuid:"6DFF7A3C-466D-4A5A-9CF0-C96ACB99B58C" organization-name:"<<removed>>" sp-organization-name:"<<removed>>" reason:"ERR_CERT_VER_FAIL"

This is sure of certificate issue, just wondering  what is the certificate install step missed ?

Also checked:

1.  request csr upload vedge.csr

2. using openssl and root CA certificate, created  vEdge.crt and installed  ... this also doesn't work

 

Any help ?

 

 

 

 

 

3 people had this problem
Labels:
0 Helpful
5 Replies 5

ekhabaro
Cisco Employee
Cisco Employee

‎04-12-2019 05:28 AM - edited ‎04-12-2019 05:51 AM

Here is the link to great article by Shankar about troubleshooting control connections:

 

https://community.cisco.com/t5/networking-documents/sd-wan-routers-troubleshoot-control-connections/ta-p/3813237

0 Helpful

jgardner150
Level 4
Level 4

‎04-15-2019 12:38 PM

Do you have a valid NTP server configured & is it accessible on VPN0? Time being off can cause this issue and has bit me in the past.

0 Helpful

maritpra
Level 1
Level 1
In response to jgardner150

‎03-03-2020 12:56 AM

I have ntp server in vpn512, is it valid?

0 Helpful

adcampos
Level 1
Level 1

‎08-02-2020 12:24 PM

Where you able to fix the "reason=ERR_CERT_VER_FAIL" issue? How?

0 Helpful

adcampos
Level 1
Level 1
In response to adcampos

‎08-02-2020 01:10 PM

I did the following to solve this issue for me:

 

1) I went to the vMnage: Administration | Settings | WAN Edge Cloud Certificate Authorization and set it to Manual.

 

Then using the CLI on the vEdge Cloud device, I entered "show certificate root-ca-cert"

I realized the CA cert was not the correct one, then I fixed that, and made sure it was the correct one this time.

I finally issued the "request vedge-cloud activate chassis-number ..." command and waited for like 2 min.

The vEdge was finally authenticated by the vBond.

 

Then on vManage I went to CONFIGURATION | CERTIFICATES and downloaded the vEdge CSR, I signed it using the XCA, and installed the cert. After like 3min the vEdge is now reachable and up in the vManage.

 

I have to say you need lots of patient with these processes.... and all the help you can find. BTW: I am using 18.4.5 Viptela versions. Good luck everyone!

 

 

 

0 Helpful
Customers Also Viewed These Support Documents