Guest

Preview Tool

Cisco Bug: CSCvt02382 - Missing support for MSI on CSR in Azure GovCloud for HA solution version 3

Last Modified

Jun 04, 2020

Products (1)

  • Cisco Cloud Services Router 1000V Series

Known Affected Releases

16.12.2s

Description (partial)

Symptom:
When the user tries to do a peer Fail command for HA version 3 in Azure gov cloud, we see the following error:

show logging:

CSR HA: peerFail event for node
Requesting token for fetching the routes from route table
Requesting token from default authentication application
Obtained token successfully
Route GET request failed with code 401
Route table get response:
 {"error":{"code":"InvalidAuthenticationTokenAudience","message":"The access token has been obtained for wrong audience or resource 'https://management.azure.com/'. It should exactly match with one of the allowed audiences 'https://management.core.usgovcloudapi.net/','https://management.core.usgovcloudapi.net','https://management.usgovcloudapi.net/','https://management.usgovcloudapi.net'."}}
Route table not found.

We see that the token was received, but from the wrong resource.

Conditions:
This issue was seen on Azure platform for usgovcloud, while trying to setup HA version 3.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.