07-10-2023 10:07 PM
just noticed a
in a clients UCS-Manager.
"[FSM:FAILED]: keyring configuration(FSM:sam:dme:PkiEpUpdateEp). Remote-Invocation-Error: Failed to copy certstore (rsync failed)"
unlucky - it is not documented in https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ts/faults/reference/ErrMess/UCS_FSMs.html
So I'll try to manually regenerate the default-keyring (which should not be in use) and if this doesn't helps...
Since there are no hits at all in Bug-Toolkit and Google - I won't mess around and open an SR at Cisco-TAC.
... but any additional ideas highly appreciated!
07-10-2023 11:16 PM
update
(a) it is the default-keyring which is affected
(b) regenerating the key-ring with different modulus was successful
Cisco UCS Health-Check-Tool suggested this, too (https://github.com/CiscoDevNet/ucsm_health_check )...
To regenerate the certificate, please SSH to the UCS Manager CLI
(primary / VIP) and run the following commands:
UCS-Primary # scope security
UCS-Primary /security # scope keyring default
UCS-Primary /security/keyring # set regenerate yes
UCS-Primary /security/keyring # set modulus mod2048
UCS-Primary /security/keyring* # commit-buffer
Once you enter the 'commit-buffer' , UCSM GUI will be
disconnected for a while.
Login after few mins to verify the Cert status.
...but it didn't fix the issue
07-10-2023 11:32 PM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc78620
M.
07-10-2023 11:46 PM
weird, my attempt to use the bug-toolkit didn't brought any hits, the bug you found is obviously excaclty matching. Thank you!
So - I don't have to change my plan and go ahead to Cisco TAC.
07-28-2023 02:45 AM
Cisco TAC (it was excactly the Bug you mentioned) fixed it.
Since the "CID/Cisco Interactive Debug Shell" is required - only Cisco TAC can do this.
So, just if you are curious how it got fixed:
chmod 644
to
/opt/certstore/privKey.pem
This happens only to UCSM 4.2(2a) - which was the suggested release some time ago, but might have been upgraded at most installations...
But anyway: Cisco TAC can help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide