cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7918
Views
30
Helpful
5
Replies

vEdge to vBond control connection failing with error CRTVERFL

jay3
Level 1
Level 1

Hi Guys,

May you kindly assist me in troubleshooting the control connection between my vEdge and vBond. It seems they are failing to verify each other's certificates.I am using vManage signed certificates for my WAN edge devices and I have loaded the vManage root certificate into my vEdge root CA store.

 

1 Accepted Solution

Accepted Solutions

H Elesani,

Thanks for your response. I managed to figure it out.For some reason, the vEdge was failing to verify the vBond certificate although they were both signed by the same Enterprise root CA. To ensure they were using the exact same root-cert-chain, I opened a vshell and copied the master.root.crt file(which had my root CA installed) from vBond to /home/admin on the vEdge and installed it and everything came up fine!

View solution in original post

5 Replies 5

elesani
Cisco Employee
Cisco Employee

You need to sync the new authorised list of devices/controllers from vManage to vBond and vSmart controllers once you introduced any new Edge device or even new Control Plane controller. 

 

Can you confirm bellow:

 

From vManage go to Configuration|Certificates

 

if "Send to Controller" button colour is in red, means that you haven't synced vManage with other controllers including vBond.

H Elesani,

Thanks for your response. I managed to figure it out.For some reason, the vEdge was failing to verify the vBond certificate although they were both signed by the same Enterprise root CA. To ensure they were using the exact same root-cert-chain, I opened a vshell and copied the master.root.crt file(which had my root CA installed) from vBond to /home/admin on the vEdge and installed it and everything came up fine!

millenski
Level 1
Level 1

Hello, 

can you provide guidance from how you copied the root CA. I have the same problem now with 2x vedge2000 failed to establish control connections to vbond.

 

                  LOCAL               REMOTE
STATE         ERROR              ERROR
-----------------------------------------
tear_down CRTVERFL NOERR
tear_down CRTVERFL NOERR


Thanks. 

Kind regards
Milen

For the Benefit of all, SCP worked better than cut and paste,

Login to your vedge ( mine was a vedge 5k)

vshell

cd /home/admin

scp admin@<vbond-ip>:/home/admin/master_root.crt .   

 

Ps : There is a dot at the end of the command for current directory, I did a copy from vbond to local directory.

 

Thanks,

 

Few days later with my vE-2000 running old 17.1 (to match 20.6 Cisco PKI) I had to do the same, thanks for your quick hints and for completeness of information (like Stack Overflow world teaches us) I add:

request root-cert-chain install /home/admin/master_root.crt

Review Cisco Networking for a $25 gift card