Hi,

I'm facing a similar problem with my vEdges Cloud.

Following the expiration of my lab's root CA, I regenerated it and rebuilt the controllers correctly (1x vManage, 1x vSmart, 1x vBond), unfortunately, I cannot get the control-plane of the vEdges cloud back Up... I'm getting this following error constantly from the vBond, even if I can see the serial-numbers are valid on the vBond when I type show orchestrator valid-vedges.

I also uploaded the new ca.cert to the vEdges as well, and even regenerated the licenses from the Smart Account with the good root CA certificate... I also checked the NTP synchronization...

Here is the error seen from the vbond:

And from the vEdges:

vEdge11# show control connections-history
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default challenge_resp RXTRDWN BIDNTVRFD 5 2019-10-25T10:22:04+0000
vmanage tls 172.20.2.50 1 0 10.0.0.1 23556 10.0.0.1 23556 default tear_down VM_TMO NOERR 0 2019-10-25T10:18:35+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default up RXTRDWN VECRTREV 0 2019-10-25T10:18:23+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default challenge_resp RXTRDWN SERNTPRES 0 2019-10-25T10:17:51+0000
vmanage tls 172.20.2.50 1 0 10.0.0.1 23456 10.0.0.1 23456 default tear_down VM_TMO NOERR 0 2019-10-25T10:17:51+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default up

On the vEdge side, we can see the error VSCRTREV, pointing to a certificate revoked/invalidated on the vEdge/vSmart, but I also requested the root-ca reinstall with the good one so... I'm quite lost :)

From the vBond, we can see the following debug messages:

vBond# debug vdaemon misc high
vBond# show log /var/log/tmplog/vdebug tail -f
[...]
%VDAEMON_DBG_MISC-1: Peer's Certificate serial number not found in vedge-list
local7.info: Oct 25 14:41:54 vBond VBOND[1599]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 10/25/2019 14:41:54 vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:172.20.2.51 uuid:"<hidden>" organization-name:"<hidden>" sp-organization-name:"<hidden>" reason:"ERR_BID_NOT_VERIFIED"
local7.info: Oct 25 14:41:54 vBond VBOND[1599]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 10/25/2019 14:41:54 control-connection-auth-fail severity-level:major host-name:"vBond" system-ip:172.20.2.51 personality:vbond peer-type:vedge peer-system-ip::: local-system-ip:172.20.2.51 local-color:default reason:"ERR_BID_NOT_VERIFIED"

Any ideas? 

Thanks

I resolved my issue, here is how.

Even if I had installed via CLI my new root CA via this command:

vmanage# request root-cert-chain install /home/admin/ca.crt

+ resync my vManage DB via  https://<ip>/dataservice/system/device/sync/rootcertchain , it appeared that the root CA was still the previous one at Administration > Settings > Controller Certificate Autorization (Edit). (is it a bug or something? I'm in Platform Version: 18.4.1)

After replacing it in the GUI, and re-generating the bootstrap configs via Config > Devices + request vedge-cloud activate from the vEdges, they were finally able to bring up the control-plane.

Before that, as I already said, the clocks was synchronized, and certificates valid from the vBond (visible as valid via the command show orchestrator valid-vedges).

Hope this helps...

Hi Benoit, I had the same issue with 20.1. Resolved using your post. Thanks a lot!