Guest

Preview Tool

Cisco Bug: CSCvt18315 - UCSM 4.0(4g) Integrated Rack Server - KVM "Page Not Found" on cert redirect URL

Last Modified

Jul 14, 2020

Products (1)

  • Cisco Unified Computing System

Known Affected Releases

4.0(4g)A 4.0(4g)C

Description (partial)

Symptom:
If you are encountering this issue, KVM will fail to load for a specific server. When launching KVM redirects the user to negotiate SSL/TLS for HTTPS communication, the cert redirect URL will fail to load.

Conditions:
The following conditions must be met before the cert issue impacts KVM:
- HTTPS enabled
- HTTPS redirects enabled (no HTTP access to KVM)
- So far this has only been seen on servers with custom SSL certificates (non-default keychain in use for HTTPS communication).
- The CIMC IP(s) are reachable over the network (ping works fine)
- /var/log/messages on the affected rack server will show the following messages which appear to be a corrupt partition table which causes CIMC to fail to read its local certificate before restarting nginx in an attempt to recover:

4:2020 Feb 25 14:03:44 EST:4.0(2l):avct_server:3970: [4003] initCtxThread: failed to initialize SSL context, retrying in 3 seconds
3:2020 Feb 25 14:03:44 EST:4.0(2l):avct_server:3970: [4003] Failed to load certificate chain file '/etc/certs/host.cert'.
4:2020 Feb 25 14:03:44 EST:4.0(2l):kernel:-:<4>iget() failed for ino #8362
3:2020 Feb 25 14:03:44 EST:4.0(2l):kernel:-:<3>JFFS2 error: (4003) jffs2_do_read_inode: requestied to read an nonexistent ino 8362
6:2020 Feb 25 14:03:43 EST:4.0(2l):avct_server:3970: [4003] Private key file path = '/etc/certs/host.key'
6:2020 Feb 25 14:03:43 EST:4.0(2l):avct_server:3970: [4003] Failed to retrieve variable 'KEY_FILE'.
6:2020 Feb 25 14:03:43 EST:4.0(2l):avct_server:3970: [4003] Certificate file path = '/etc/certs/host.cert'
6:2020 Feb 25 14:03:43 EST:4.0(2l):avct_server:3970: [4003] Failed to retrieve variable 'CERT_FILE'.
4:2020 Feb 25 14:03:42 EST:4.0(2l):doctor-bmc-app-mon:2146: app_monitor.c:626:Restarting Process nginx
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.