Cisco Bug: CSCvv85487 - Enforcement Endpoint vault tokens expired after long duration without upgrade
Sep 26, 2020
- Cisco Tetration Workload Security
Known Affected Releases
Symptom: Service Status shows failures for Enforcement Endpoint services with failures to check if SSL certificates are expired. Details on the failures seen in services status : Enforcement Endpoint failing "Dependencies Failed, Certificate will not expire found in stdout:Certificate will not expire cmd: true | openssl s_client -connect <IP ADDRESS>:5660 | openssl x509 -checkend 604800" Checking using a user having customer supprot role and going to left hand menu -> maintenance -> explore : Using POST as action, using the affected IP ADDRESS as snapshot host and using "sv?args=status efe". Output shows the Enforcement endpoint service is restarting every few seconds. Checking Enforcement Endpoint logs sing a user having customer supprot role and going to left hand menu -> maintenance -> explore : Using POST as action, using the affected IP ADDRESS as snapshot hoist and using "tail?args=-30 /local/logs/tetration/efe/current". Output contains errors fetching password for policystore from vault : "2020-09-15_10:02:36.51002 E0915 10:02:36.510010 31510 mongo_reader.cpp:89] Unable to fetch password for policystore for path: secret/policystore/efe/password 2020-09-15_10:02:36.51004 E0915 10:02:36.510035 31510 mongo_reader.cpp:130] Unable to fetch password from vault." Conditions: The cluster has not been rebooted or upgrade since one year.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases