Showing results for 
Search instead for 
Did you mean: 

Stuck on "Repair Cert Verify" in UCS Central Integration


I am trying to register a UCS domain to UCS Central. This is the UCS Emulator version 2.1(2a) but I still feel that it's not an emulator-specific issue, so I'm posting here.

On the FSM tab, I'm stuck here:


It will go through steps 1-4 every 10 seconds or so, while hanging on the last one for about another 20 seconds. Then it re-tries, looping infinitely.

I have tried creating a new Keyring, and generating a new certificate request, but after going through the wizard for that, I don't get any window that shows me the certificate request, therefore I can't successfully generate the certificate. I'm not even sure this second step is required for UCS Central integration, frankly.



I re-installed UCS Central on another box, this time using local storage. My NFS array wasn't pulling the performance metrics that the UCSC setup wizard required, apparently, so I got a warning when it started. On a hunch, I re-installed elsewhere and tried again, and this time it worked.

FWIW, the second part about a certificate is not necessary for UCSC integration, it works fine with the default keyring.

I have same issue, as suggested, installed UCS central on other server-- same issue.

Is there any other work around?

I have fixed this issue by re generating new certificate on UCS Central. Below are commands used

connect local-mgmt

re-generate certificate



It will droup UCS Central GUI interface and should come up in quickly. Try registering UCS doamin.

Please post if above solution works.


Hetal Soni

Hi Hetal Soni,


I can't find the command "re-generate certificate" in ucs central 1.1.2.

I had the issue after I reinstalled ucs central (tried disaster recovery and so on). I deleted just the disks of the vm and added two new ones. After I reinstalled it again with a complete new vm with th ovf template, it worked.


Regenerating the Default Key Ring

The default key ring certificate must be manually regenerated if the cluster name changes or the certificate



Command or Action Purpose

Step 1 UCSC#connect policy-mgr Enters policy manager mode.

Enters organization mode for the specified


Step 2 UCSC(policy-mgr)#scope org

Enters device profile mode for the specified


Step 3 UCSC(policy-mgr) /org#scope device-profile

UCSC(policy-mgr) /org/device-profile#scope Enters security mode.


Step 4

Enters key ring security mode for the

default key ring.

UCSC(policy-mgr) /org/device-profile/security

# scope keyring default

Step 5

UCSC(policy-mgr) Regenerates the default key ring.

/org/device-profile/security/keyring # set

regenerate yes

Step 6

Commits the transaction to the system



/org/device-profile/security/keyring* #


Step 7

Cisco UCS Central CLI Reference Manual, Release 1.2


Hi there,

I had the same issue but in my case the ntp servers resolved the problem. In case you have a time mismatch, it prevents the ucsm from registering in ucs central. Maybe this works.

Best regards

Danny Sandner

If the reason is an old UCS "ghost", you have to remove this from the service-manager in UCS Central CLI.

It worked for me.


I reinstalled UCS Central and want to add the old UCS domain again. Got a Cert-failure. Time was synchronous (same NTP server).

I had to got to UCS Central CLI, service-manager, and remove the old "ucs client". After that, I could add the old ucs domain again.



I had the same problem, thanks to danny's idea I found the correct command. Was not very intuitive at all...

The client operational state has to be "Lost Visibility" in order for this to work:

UCS-Central-Test1#connect service-reg
UCS-Central-Test1(service-reg)# show clients detail
Registered Clients:
    ID: 1008
    Registered Client IP:
    Registered Client IPV6: ::
    Registered Client Connection Protocol: Ipv4
    Registered Client Name: UCSPE-192-168-44-131
    Registered Client GUID: c63876be-81f0-11e4-a68b-000c2964fdba
    Registered Client Version: 2.2(3a)
    Registered Client Type: Managed Endpoint
    Registered Client Capability: Policy Client Module
    Registered Client Last Poll Timestamp: 2014-12-16T10:41:51.734
    Registered Client Operational State: Lost Visibility <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
    Registered Client Suspend State: Off
    Registered Client License State: License Graceperiod
    Registered Client grace period used: 0
    Registered Client Network Connection State: Connected

UCS-Central-Test1(service-reg)# delete clients 1008
UCS-Central-Test1(service-reg)* # commit-buffer


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: