Solved: config certificate and log issues

zhuo zhao · ‎11-15-2012

I config certificate and use it to connect ipsec vpn ， I just config

jinan-neusoft(config)#ip domain-name neusoft.com

jinan-neusoft(config)#crypto key generate rsa general-keys
The name for the keys will be: jinan-neusoft.neusoft.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

jinan-neusoft(config)#
Nov 16 01:05:44.435: RSA key size needs to be atleast 768 bits for ssh version 2
jinan-neusoft(config)#
Nov 16 01:05:44.435: %SSH-5-ENABLED: SSH 1.5 has been enabled

jinan-neusoft(config)#crypto pki trustpoint CA1

jinan-neusoft(ca-trustpoint)# enrollment url http://59.44.43.217:80

jinan-neusoft(ca-trustpoint)# revocation-check crl

jinan-neusoft(ca-trustpoint)# rsakeypair DMVPN-SY-KEY

jinan-neusoft(ca-trustpoint)# auto-enrol

jinan-neusoft(config)#crypto pki authenticate CA1
Certificate has the following attributes:
Fingerprint MD5: D5F9D56B 4D9A4260 43F21D39 811D7AD5
Fingerprint SHA1: 1E49B228 DD57F4DB 43DD2C2F 03870C18 840DA12A

% Do you accept this certificate? [yes/no]: y

Trustpoint CA certificate accepted.

then I have log issues like below ，even I config auto-enroll , I don t get certificate pending information from my certificate server ，

my device is C3925 and ios is c3900-universalk9-mz.SPA.151-4.M4.bin ，how to deal with it ，top players ， THX~~~~

Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1

Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair

Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F

Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089

Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6

jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0

Pool: Processor Free: 731143916 Cause: Interrupt level allocation

Alternate Pool: None Free: 0 Cause: Interrupt level allocation

-Process= "<interrupt level>", ipl= 3

-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z

Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

jinan-neusoft(config)#

Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1

Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F

Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089

jinan-neusoft(config)#

Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

jinan-neusoft(config)# Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 731143916 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#
Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
jinan-neusoft(config)#
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#

olpeleri · ‎11-19-2012

Hello,

I did'nt decode your traceback but it looks like a well known issue:

CSCty42626 RSA operations fail with '(malloc) at interrupt level' msg

Upgrade to at least

15.2(03)T01

15.1(04)M5

15.1(01)T05

15.2(04)M1

Cheers,

Olivier

View solution in original post

njerred · ‎11-15-2012

I do not have the answer but have exactly the same issue, looks as if it is a bug of some kind :

Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 980992K/67584K bytes of memory.
Processor board ID FCZ163371P3
6 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

System image file is "flash0:c3900-universalk9-mz.SPA.151-4.M4.bin"

Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442

.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D

.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412

7784z

.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0

Pool: Processor Free: 704933204 Cause: Interrupt level allocation

Alternate Pool: None Free: 0 Cause: Interrupt level allocation

-Process= "", ipl= 3

-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC

B9F4z Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
7784z
.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 704933204 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
B9F4z

zhuo zhao · ‎11-18-2012

that is a ios bug , i have certain it in cisco.com

Memory Allocation Failure at Process = interrupt level

This situation can be identified by the process in the error message. If the process is listed as , as in the following example, then the memory allocation failure is being caused by a software problem.

"%SYS-2-MALLOCFAIL: Memory allocation of 68 bytes failed from 0x604CEF48, 
pool Processor, alignment 0-Process= , ipl= 3"

This is a Cisco Internet Operating System (IOS) bug. You can use the Bug Toolkit (registered customers only) to search for a matching software bug ID for this issue. Once the software bug has been identified, upgrade to a Cisco IOS software version that contains the fix to resolve the problem.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6f3a.shtml

zhuo zhao · ‎12-03-2014

thanks a lot , may i know how to search the bug information in cisco.com

olpeleri · ‎11-19-2012