By default, the system pulls the Docker image using the Center's FQDN with TLS certificate verification. Configure two settings in this scenario:

1. Name Resolution: Resolve the FQDN through a reachable DNS server or a local configuration.

2. Certificate: Ensure the Center and Docker access the same certificate authority, or manually share the Center's certificate.

Observe name resolution issues during Docker container creation.

If there is a certificate issue, the following problem can occur:

This means that the certificate found is incorrect, or the folder containing the local certificate does not have the correct name.

If the Center's FQDN and TLS certificate verification are not usable, pull the Docker image using the Center's IP address directly. Add an exception on the Docker host to allow insecure registry usage.

If the option to allow insecure registry usage is not properly configured, the following message appears:

Error response from daemon: Get "https://192.168.49.30:443/v2/": tls: failed to verify certificate: x509: cannot validate certificate for 192.168.49.30 because it doesn't contain any IP SANs.

In this case, configure the system to allow insecure registry usage. Add the Center's IP to /etc/docker/daemon.json and restart Docker with sudo systemctl restart docker.service.

For example:

A deployment token issue prevents the sensor from starting. Observe the sensor logs in the Docker container during the sensor startup. For example:

• ccv-sensor-1 | 10/12/2024 10:52:16 gosh EROR Auto enroll failed: error during enroll: got status 403 [caller=environment.go:378]

• ccv-sensor-1 | 10/12/2024 10:52:16 gosh INFO no provisioning package found in /data/appdata/sbs-sensor-config-Docker01-enp6s0.zip: sleeping [caller=environment.go:383]

In the Cisco Cyber Vision Center user interface, some messages can help with troubleshooting. The Sensor Explorer page displays a following message if the deployment token is no longer valid or has already been used.

The deployment token page identifies other causes. For example, a token that is already used displays the message: "invalid nonce."

Some Ethernet boards are not supported, as explained in the prerequisites. The Cisco Cyber Vision Docker sensor cannot use them as DPI interfaces because they do not support the applied Docker network configuration.

Cisco tests different vendors and recommends using Intel Ethernet adapters. It does not support USB adapters.

An incompatible Ethernet board produces error messages during Docker container creation, such as:

• Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: failed to add interface vethd56cba0 to sandbox: error setting interface "vethd56cba0" MAC to "02:42:ac:13:00:02": device or resource busy: unknown