Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
40070
Views
85
Helpful
50
Replies

Viptela Vmanage

Go to solution
xshant
Level 1
Level 1

‎08-06-2018 09:56 PM - edited ‎03-08-2019 05:31 PM

I installed Vmanage on a virtual machine. On Vmanage i selected manual root certificate and generated certificate with "Generate CSR", it generated a .csr file, now i wanted to install this certificate for vManage and when uploading the certificate it gives me error saying "cannot decrypt serial number from the certificate".? Where do i get the serial number, its a VM? Is this the right way to do it, do i need to install this certificate for vManage?

6 people had this problem
Labels:
0 Helpful
50 Replies 50

Go to solution
rimran2712
Level 1
Level 1
In response to David Klebanov

‎11-19-2018 05:22 AM

Hi David,

thank you so much for your help. I tried to access "software.cisco.com" but unfortunately I dont have access for this portal. 

 

I am testing it in SD-WAN in lab at the moment so do I have to follow same procedure to get Demo licenses for vEdgecloud routers or any other way to download .viptela file for WAN edges in lab testing for partners?

 

Thanks

Imran

0 Helpful

Go to solution
cisabucho
Level 1
Level 1
In response to David Klebanov

‎12-27-2018 09:21 AM

Hi David,

 

I am trying to build my own lab on vmware esxi. I have already deployed the vmanage, vbond and vsmart using Enterprise root CA. The valida vedge cloud list is also uploaded. But when I want to apply the bootstrap config for the vedge, I couldn't find where to apply it. When I use the request vedge-cloud activate command with the chassis and token genereated from vmanage, I get a certificate installation failure message on vmanage and the vbond reject the connection with the error "ERR_SER_NUM_NT_PRESENT". Is there a step or setting I am missing here?

0 Helpful

Go to solution
ekhabaro
Cisco Employee
Cisco Employee
In response to cisabucho

‎12-28-2018 05:33 AM

@cisabucho you need provisioning file uploaded to vManage for this. You can generate it on software.cisco.com under your Smart Account - Controller profile if you have software subscription license for vEdge Clouds. 

0 Helpful

Go to solution
scjmosclts
Level 1
Level 1
In response to David Klebanov

‎01-30-2019 12:08 AM

Hi David, 

I have interesting problem with trying to spin-up vEdge-cloud:

Everything went well until the registration attempt. Then in some cases the command "request vedge-cloud activate" didn't register vEdge in vManage. In vManage GUI the red badge with message Certificate Installation Error appears when you mouse over the badge. However, if you went to affected vEdge CLI and just repeat the command (arrow up then enter) the vEdge get registered.

Problem is repeatable for some VM instances and not appear on other. the VM hypervisors are the same, the network are the same, the only differences is hosting PC CPU performance. I stuck with guesses why it sporadically happened. 

 

Preview file
28 KB
0 Helpful

Go to solution
mamamou
Cisco Employee
Cisco Employee
In response to scjmosclts

‎04-26-2019 09:40 AM

Hello @scjmosclts 
I am encountering more or less the same problem. Were you able to solve it? If yes can you please tell me how?

Thanks

0 Helpful

Go to solution
David Klebanov
Cisco Employee
Cisco Employee
In response to mamamou

‎04-28-2019 06:13 PM

Hi @mamamou and @scjmosclts,

 

I had recently seen the same. The issue was the clock on the vEdge Cloud. Please either synchronize it with NTP or set it manually. Also make sure to setup the timezone. Needless to say, all your controllers should have accurate clock. With vEdge Cloud, vManage issues the certificate post-OTP authentication. This process fails when the time drift between vEdge Cloud and vManage is too significant.

 

Hope this helps.

David

@DavidKlebanov

 

Twitter: @DavidKlebanov

Go to solution
mamamou
Cisco Employee
Cisco Employee
In response to David Klebanov

‎04-29-2019 09:32 AM

@David Klebanov 
Thanks a lot for your quick answer. Your advise have been really helpful. 
However now I am facing another problem. 
I can see that vsmart, vedge and vbond are up and synchronized on vManage graphical interface. However on the dashboard I still get that the control plane connectivity is down. And when I run the command "show control connectivity" I see that the vedge have not established a dtls tunnel with vSmart.
Any clue for what can be the probllem?

Thanks,

Mouna

0 Helpful

Go to solution
David Klebanov
Cisco Employee
Cisco Employee
In response to mamamou

‎04-29-2019 09:37 AM

Please go to vEdge CLI and execute “show control connections-history” command. Paste the output here. There are various error codes that typically very clearly indicate why control connections are failing.
Twitter: @DavidKlebanov

Go to solution
mamamou
Cisco Employee
Cisco Employee
In response to David Klebanov

‎04-30-2019 01:56 AM

so this is what  get after running the show command.
and I suppose the errors I am getting are "DISTLOC - TLOC Disabled. " and "DCONFAIL - DTLS connection failure."

 

Thanks,

Mouna

 

Preview file
25 KB
0 Helpful

Go to solution
mamamou
Cisco Employee
Cisco Employee
In response to David Klebanov

‎04-30-2019 08:10 AM

It is me again, 
thanks for suggesting the show command. 
It helped me figure out that some how I changed the certificate of  the vedge while trying to reach the control plane, so it ened up connecting to vmanage and vbond but not to vsmart. 

Thanks a lot for your help,

 

Best regards, Mouna

0 Helpful

Go to solution
David Klebanov
Cisco Employee
Cisco Employee
In response to mamamou

‎04-30-2019 03:29 PM

I am glad it helped ☺
Twitter: @DavidKlebanov
0 Helpful

Go to solution
derebaz
Level 1
Level 1
In response to David Klebanov

‎03-19-2019 12:52 PM

Hi, David.

I am trying to build my own lab on vmware esxi. I have already deployed the vmanage, vbond and vsmart using Enterprise root CA.
The valida vedge cloud list (.viptela) is also uploaded.
According to the second scenario:
1. I have made configuration on the vEdge.
2. Installed root CA to the vEdge.
3. On vManage made Configuration > Devices. Select unused vEdgeCloud entry, click on the right sight on the more options button and select Generate bootstrap configuration.
4. On vEdge made configration: request vedge-cloud activate chassis <UUID> token <token>
5. I check on vManage: Configuration -> Certificates -> WAN Edge List and see status for the current vEdge:
State - "red icon" (certificate installation failed)
Hostname - correct
IP address - correct
Validate - valid.

The same status: Configuration -> DEVICES -> WAN Edge List.
State - "red icon" (certificate installation failed)

Could help me. How I can solve problem with invalid cert for vEdge router.

Thank you.
0 Helpful

Go to solution
Redtone
Level 1
Level 1
In response to David Klebanov

‎07-13-2019 09:00 PM

@David Klebanov I have been using sd-wan in production environment. Now, my certificates are expired and the auto-generation process is failed. How do i get new certificates.

 

 

 

REgards,

 

AA

0 Helpful

Go to solution
thaibinh_rk
Level 1
Level 1
In response to xshant

‎10-13-2018 10:33 AM

Do not enable a tunnel interface under the vpn0 interface or the vManage will not be able to connect to the vBond to add it.
I hope this is helpful :D

Go to solution
Ian Waddell
Level 1
Level 1
In response to thaibinh_rk

‎12-21-2018 05:45 AM

I deleted everything under VPN0 but still can't add the vbond device from the vmanage. I can ping the vmanage via vpn 512 from vbond. I just get the 'failed to add device Network is unreachable'.

Any other ideas?

vpn 0
!
vpn 512
interface eth0
description Mgmt
ip address 192.168.x.142/25
no shutdown
!
ip route 0.0.0.0/0 192.168.x.129
!
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card