Guest

Preview Tool

Cisco Bug: CSCvt82136 - iCAP blocked due to cert issue, fix from Assurance side after maglev fix

Last Modified

Sep 02, 2020

Products (1)

  • Cisco Network Integration Applications

Known Affected Releases

DNAC-Wolverine DNAC1.3.3.5

Description (partial)

Symptom:
On the Device 360 page for an AP, the Intelligent Capture panel shows the warning message "GRPC link is not ready (TRANSIENT FAILURE)". However, contrary to what the message suggests, the condition persists.

From the Maglev CLI, issuing "magctl service logs grpc-collector" shows one or more messages of the form

{"level":"warning","msg":"grpc: Server.Serve failed to complete security handshake from \"10.0.0.10:54321\": remote error: tls: bad certificate","packagename":"grpc-collector:grpc","time":"2019-07-31T18:17:37.969Z"}

Since this message is logged for each connection attempt from an AP, there will likely be many instances of the message.

Conditions:
The DNAC SSL/TLS certificate chain has been changed/updated. The gRPC collector is currently not notified when this occurs, and continues to present the previous certificate, which APs may not recognize as being valid.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.