cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
40330
Views
85
Helpful
50
Replies

Viptela Vmanage

xshant
Level 1
Level 1

I installed Vmanage on a virtual machine. On Vmanage i selected manual root certificate and generated certificate with "Generate CSR", it generated a .csr file, now i wanted to install this certificate for vManage and when uploading the certificate it gives me error saying "cannot decrypt serial number from the certificate".? Where do i get the serial number, its a VM? Is this the right way to do it, do i need to install this certificate for vManage?

50 Replies 50

can you please suggest some other tools for windows ??? I'm also facing the same error like below while opting for Automated Symantec 

 

Unable to get response from signing server https://certmanager-webservices.websecurity.symantec.com/vswebservices/rest/services/enroll

Hi,

 

I'm facing a similar problem with my vEdges Cloud.

 

Following the expiration of my lab's root CA, I regenerated it and rebuilt the controllers correctly (1x vManage, 1x vSmart, 1x vBond), unfortunately, I cannot get the control-plane of the vEdges cloud back Up... I'm getting this following error constantly from the vBond, even if I can see the serial-numbers are valid on the vBond when I type show orchestrator valid-vedges.

 

I also uploaded the new ca.cert to the vEdges as well, and even regenerated the licenses from the Smart Account with the good root CA certificate... I also checked the NTP synchronization...

 

Here is the error seen from the vbond:

 

host namevBond
uuidhidden
organization namehidden
sp organization-namehidden
reasonERR_BID_NOT_VERIFIED

 

And from the vEdges:

 

vEdge11# show control connections-history
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default challenge_resp RXTRDWN BIDNTVRFD 5 2019-10-25T10:22:04+0000
vmanage tls 172.20.2.50 1 0 10.0.0.1 23556 10.0.0.1 23556 default tear_down VM_TMO NOERR 0 2019-10-25T10:18:35+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default up RXTRDWN VECRTREV 0 2019-10-25T10:18:23+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default challenge_resp RXTRDWN SERNTPRES 0 2019-10-25T10:17:51+0000
vmanage tls 172.20.2.50 1 0 10.0.0.1 23456 10.0.0.1 23456 default tear_down VM_TMO NOERR 0 2019-10-25T10:17:51+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default up

 

 

On the vEdge side, we can see the error VSCRTREV, pointing to a certificate revoked/invalidated on the vEdge/vSmart, but I also requested the root-ca reinstall with the good one so... I'm quite lost :)

 

From the vBond, we can see the following debug messages:

 

vBond# debug vdaemon misc high
vBond# show log /var/log/tmplog/vdebug tail -f
[...]
%VDAEMON_DBG_MISC-1: Peer's Certificate serial number not found in vedge-list
local7.info: Oct 25 14:41:54 vBond VBOND[1599]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 10/25/2019 14:41:54 vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:172.20.2.51 uuid:"<hidden>" organization-name:"<hidden>" sp-organization-name:"<hidden>" reason:"ERR_BID_NOT_VERIFIED"
local7.info: Oct 25 14:41:54 vBond VBOND[1599]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 10/25/2019 14:41:54 control-connection-auth-fail severity-level:major host-name:"vBond" system-ip:172.20.2.51 personality:vbond peer-type:vedge peer-system-ip::: local-system-ip:172.20.2.51 local-color:default reason:"ERR_BID_NOT_VERIFIED"

 

 

Any ideas? 

Thanks

I resolved my issue, here is how.

 

Even if I had installed via CLI my new root CA via this command:

vmanage# request root-cert-chain install /home/admin/ca.crt

+ resync my vManage DB via  https://<ip>/dataservice/system/device/sync/rootcertchain , it appeared that the root CA was still the previous one at Administration > Settings > Controller Certificate Autorization (Edit). (is it a bug or something? I'm in Platform Version: 18.4.1)

 

After replacing it in the GUI, and re-generating the bootstrap configs via Config > Devices + request vedge-cloud activate from the vEdges, they were finally able to bring up the control-plane.

 

Before that, as I already said, the clocks was synchronized, and certificates valid from the vBond (visible as valid via the command show orchestrator valid-vedges).

 

Hope this helps...

Hi Benoit, I had the same issue with 20.1. Resolved using your post. Thanks a lot!

I get error when trying to generate csr from vmanage. 

M1N10N
Level 1
Level 1

vBond Showing below error but Serial number already present in vManage

Event Name : vbond-reject-vedge-connection
Event Details : host-name=vBond; uuid=45e6fb6f-524d-07e6-e3cb-7f3823eb01a1; organization-name=ether-net; sp-organization-name=ether-net; reason=ERR_SER_NUM_NT_PRESENT

Review Cisco Networking for a $25 gift card