03-13-2018 09:00 AM - edited 03-01-2019 03:22 PM
Hi,
We performed a turboboot install of 5.3.4 onto an RSP2 line card installed in an ASR9006 without any problems.
However we now repeatedly get the error on the CLI;
RP/0/RSP0/CPU0:Mar 13 15:56:51.158 GMT: cepki[162]: %SECURITY-CEPKI-6-ERR : cepki_restore_keychain failed
RP/0/RSP0/CPU0:Mar 13 15:56:51.228 GMT: sysmgr[97]: %OS-SYSMGR-3-ERROR : cepki(1) (jid 162) exited, will be respawned with a delay (slow-restart)
RP/0/RSP0/CPU0:Mar 13 15:56:51.228 GMT: sysmgr[97]: %OS-SYSMGR-3-ERROR : cepki(162) (fail count 30) will be respawned in 120 seconds
We understand this to be related to a lack of certificate and time related, so we have fixed an NTP server and is synchronized, however we still cannot create a new certificate (hostname and domain is set);
RP/0/RSP0/CPU0:BYF-LAB-BBR-1#crypto key generate rsa
Tue Mar 13 15:58:33.751 GMT
The name for the keys will be: the_default
Choose the size of the key modulus in the range of 512 to 4096 for your General Purpose Keypair. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [1024]:
Generating RSA keys ...
Error connecting to server channel.
crypto_set_key_req: Error sending request to server.
Cannot execute the command : Not a directory
03-13-2018 09:47 AM
Alternatively, does anyone know how to export a set of keys from a working ASR9006 router, which we could maybe import into this turboboot'ed one (which cannot generate its own keys)?
03-13-2018 11:57 AM
Can be several problems here, thus openeing TAC case can be faste rapproach:
- Time may still not be in sync
- Cepki process can be blocked on some other:
"show process block loc all" -- look for cepki process and see if it stuck in Mutex/Reply for long time - you may need to restart it or process it is blocked on
- Can be NVRAm corruption - you may erase NVRAM to clear old keys.
Niko
03-13-2018 12:38 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: