Guest

Preview Tool

Cisco Bug: CSCvs60294 - NSA 2.2.0.64 Android 9 devices getting "Certificate Generation Failed" when on-boarding

Last Modified

Jan 17, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.4(0.357)

Description (partial)

Symptom:
When Android devices running Android 9 Pie connect to the BYOD network and begin the process of on-boarding using the NSA version 2.2.0.64, upon certificate download are getting error message "Certificate Generation Failed".

spw.log shows:

2020.01.06 14:17:40 INFO:ISEDownloadProfileAsynchTask.onPostExecute :PASSED
2020.01.06 14:17:40 INFO:Making SCEP call
2020.01.06 14:17:40 INFO:Generating RSA key with key size: 2048
2020.01.06 14:17:42 INFO:SPW profile is having certificate parameters
2020.01.06 14:17:42 INFO:Cert request pending - Making pending  cert call
2020.01.06 14:17:44 INFO:checkServerTrusted call
2020.01.06 14:17:47 INFO:checkServerTrusted call
2020.01.06 14:17:49 INFO:checkServerTrusted call
2020.01.06 14:17:49 ERROR:Cert is null after retry 3 counts and 2retry time. Bailing out
2020.01.06 14:17:49 ERROR:Exception in pending cert call
2020.01.06 14:17:49 ERROR:com.cisco.cpm.exception.SPWSCEPRequestPendingException
2020.01.06 14:17:49 ERROR:Unable to download certificate nbkw8gk ab8dc68c000192b85e1387b1
2020.01.06 14:17:49 INFO:Internal system error.

Conditions:
ISE 2.4 patch 6
NSA 2.2.0.64
Android 9 Pie
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.