Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7871
Views
30
Helpful
5
Replies

vEdge to vBond control connection failing with error CRTVERFL

Go to solution
jay3
Level 1
Level 1

‎04-15-2020 06:41 AM

Hi Guys,

May you kindly assist me in troubleshooting the control connection between my vEdge and vBond. It seems they are failing to verify each other's certificates.I am using vManage signed certificates for my WAN edge devices and I have loaded the vManage root certificate into my vEdge root CA store.

 

3 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jay3
Level 1
Level 1
In response to elesani

‎04-17-2020 02:45 AM

H Elesani,

Thanks for your response. I managed to figure it out.For some reason, the vEdge was failing to verify the vBond certificate although they were both signed by the same Enterprise root CA. To ensure they were using the exact same root-cert-chain, I opened a vshell and copied the master.root.crt file(which had my root CA installed) from vBond to /home/admin on the vEdge and installed it and everything came up fine!

View solution in original post

5 Replies 5

Go to solution
elesani
Cisco Employee
Cisco Employee

‎04-16-2020 05:02 PM

You need to sync the new authorised list of devices/controllers from vManage to vBond and vSmart controllers once you introduced any new Edge device or even new Control Plane controller. 

 

Can you confirm bellow:

 

From vManage go to Configuration|Certificates

 

if "Send to Controller" button colour is in red, means that you haven't synced vManage with other controllers including vBond.

Go to solution
jay3
Level 1
Level 1
In response to elesani

‎04-17-2020 02:45 AM

H Elesani,

Thanks for your response. I managed to figure it out.For some reason, the vEdge was failing to verify the vBond certificate although they were both signed by the same Enterprise root CA. To ensure they were using the exact same root-cert-chain, I opened a vshell and copied the master.root.crt file(which had my root CA installed) from vBond to /home/admin on the vEdge and installed it and everything came up fine!

Go to solution
millenski
Level 1
Level 1

‎08-17-2021 06:29 AM

Hello, 

can you provide guidance from how you copied the root CA. I have the same problem now with 2x vedge2000 failed to establish control connections to vbond.

 

                  LOCAL               REMOTE
STATE         ERROR              ERROR
-----------------------------------------
tear_down CRTVERFL NOERR
tear_down CRTVERFL NOERR


Thanks. 

Kind regards
Milen

0 Helpful

Go to solution
rajivrajan1
Level 3
Level 3
In response to millenski

‎10-04-2021 09:31 AM

For the Benefit of all, SCP worked better than cut and paste,

Login to your vedge ( mine was a vedge 5k)

vshell

cd /home/admin

scp admin@<vbond-ip>:/home/admin/master_root.crt .   

 

Ps : There is a dot at the end of the command for current directory, I did a copy from vbond to local directory.

 

Thanks,

 

Go to solution
pgasparovic
Level 1
Level 1
In response to rajivrajan1

‎10-10-2021 12:23 AM

Few days later with my vE-2000 running old 17.1 (to match 20.6 Cisco PKI) I had to do the same, thanks for your quick hints and for completeness of information (like Stack Overflow world teaches us) I add:

request root-cert-chain install /home/admin/master_root.crt

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card