Registration Issues

Date and Time Mismatch

Date and time mismatch is the most common issue with registration. If the certificate is not valid, regenerate the default keyring certificate from Cisco UCS Central:

Before you begin

To ensure that the date and time between Cisco UCS Central and Cisco UCS domains are in sync, ensure that you have a valid NTP configuration with Cisco UCS Central and the Cisco UCS domains.

Procedure

  Command or Action Purpose
Step 1

UCSC#connect policy-mgr

Enters policy manager mode.

Step 2

UCSC(policy-mgr)#scope org

Enters organization mode for the specified organization.
Step 3

UCSC(policy-mgr) /org#scope device-profile

Enters device profile mode for the specified organization.
Step 4

UCSC(policy-mgr) /org/device-profile#scope security

Enters security mode.
Step 5

UCSC(policy-mgr) /org/device-profile/security # scope keyring default

Enters key ring security mode for the default key ring.

Step 6

UCSC(policy-mgr) /org/device-profile/security/keyring # set regenerate yes

Regenerates the default key ring.

Step 7

UCSC(policy-mgr) /org/device-profile/security/keyring* # commit-buffer

Commits the transaction to the system configuration.

Updating Shared Secret

If you have issues after correcting the configuration, you may need to update the shared secret in Cisco UCS Manager.

Procedure

  Command or Action Purpose
Step 1

UCSM#scope system

Enters system mode.

Step 2

UCSM /system #scope control-ep policy

Scopes the control-ep policy.
Step 3

UCSM /system/control-ep #set shared-secret

Sets the shared secret.
Shared Secret for Registration:
Step 4

UCSM system/control-ep #commit-buffer

Enters security mode.

What to do next


Important

Before calling Cisco TAC, make sure that:

  • You synchronize the date and time in Cisco UCS Central and registered Cisco UCS domains.

  • Cisco UCS Domain is not in suspended or lost visibility state.

  • The registration status for the domain displays Registered.

TCP Packet Loss Issues

Sometimes, TCP package loss may result in registration failure. If this happens, contact Cisco TAC.

Other Registration Issues

The following issues may also affect registration:

  • Port 443 must be open between Cisco UCS Manager and Cisco UCS Central.

    • To check TCP connectivity on Cisco UCS Manager (from root shell or from primary node), type: 

      (local-mgmt) # test ucsm-connectivity <ip_address_of_UCSM_machine>

  • If the Cisco UCS domains are over WAN, upgrade to Cisco UCS Central release 1.3(1a) to avoid a timeout issue over the slow speed connection.

  • View the log files in the following locations:

    • Cisco UCS Manager Log files (/var/sysmgr/sam_logs/):

      • svc_sam_dme.log (looks for curl errors)

      • svc_sam_dcosAG.log (invokes cert-gen.pl script)

      • pa_setup.log (contains cert generation errors)

    • Cisco UCS Central log files (/var/log/):

      • core/httpd.log

      • core/error_log.1442275635

      • Service-reg/svc_reg_dme.log