03-31-2021 01:47 AM - edited 04-06-2021 05:42 AM
Hi,
After I upgraded the router ISR 4451-X/K9 to AMSTERDAM 17.3.2, I had issues with the RESTCONF 'testing'.
I found the issue with POSTMEN and did the RESTCONF via CURL.
In POSTMEN = error 80
in Curl/Windows terminal:
C:\WINDOWS\system32>curl -k -v https://10.242.1.92/restconf/data/Cisco-IOS-XE-native:native/router/router-eigrp -u "***:***" * Trying 10.242.1.92... * TCP_NODELAY set * Connected to 10.242.1.92 (10.242.1.92) port 443 (#0) * schannel: SSL/TLS connection with 10.242.1.92 port 443 (step 1/3) * schannel: disabled server certificate revocation checks * schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates. * schannel: using IP address, SNI is not supported by OS. * schannel: sending initial handshake data: sending 147 bytes... * schannel: sent initial handshake data: sent 147 bytes * schannel: SSL/TLS connection with 10.242.1.92 port 443 (step 2/3) * schannel: failed to receive handshake, need more data * schannel: SSL/TLS connection with 10.242.1.92 port 443 (step 2/3) * schannel: encrypted data got 7 * schannel: encrypted data buffer: offset 7 length 4096 * schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log. * Closing connection 0 * schannel: shutting down SSL/TLS connection with 10.242.1.92 port 443 * schannel: clear security context handle curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
LAB-ISR-092-01#show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
nginx : Not Running
ndbmand : Running
pubd : Running
nginx is not running... and it should be to be able to respond to the GET?
-- removing all configuration lines and start over again solved the nginx issue.
-- TLS still fails
04-15-2021 07:53 AM
Hello,
Please allow me to make three points / suggestions regarding this:
Hope this help!
06-29-2021 04:24 AM
Changed IOS and the problem was solved. Indeed a temporary bug/issue.
discovering where the magic is, will be more difficult :-). Sorry for the late reply
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide