Cloud Managed Networks

 View Only
last person joined: 22 hours ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

HP-2530 Switch Disconnected From Aruba Central (SSL Connect Error)

This thread has been viewed 20 times

  • 1.  HP-2530 Switch Disconnected From Aruba Central (SSL Connect Error)

    Posted Mar 29, 2021 10:55 AM
    Hi all, 

    I have a case where one of my Aruba HP2530-8G-PoEP Switch is suddenly disconnected from Aruba Central. I have 4 unit of same Aruba switch model deployed on buildings and only this one is disconnected from and not in sync with Aruba Central. 

    I tried to follow troubleshooting tips mentioned in other thread, and I found out that problem occured due to "SSL connect error".  
    0000:15:25:23.09 ZTP tSvcWorkQ:Sending message to activateCB.ctrlTask
    0000:15:25:23.09 ZTP mactivateCtrl:Activate reprovision : connecting to Activate
    server
    0000:15:25:23.09 ZTP mactivateCtrl:The Standard DNS server 8.8.8.8 is added to
    the list of servers
    0000:15:25:23.09 ZTP mactivateCtrl:The Standard DNS server 8.8.8.8 is removed
    from the list of servers
    0000:15:25:23.09 ZTP mactivateCtrl:Hostname resolved with IP: 52.43.137.217:443
    0000:15:25:23.09 ZTP mactivateCtrl:Proxy IP is not Configured
    0000:15:25:23.09 ZTP mactivateCtrl:EndPoint Url :
    https://52.43.137.217/estprovision
    0000:15:25:23.09 ZTP mactivateCtrl:SOCKET IS OPEN!!!
    0000:15:25:23.30 ZTP mactivateCtrl:curl operation failed : SSL connect error
    0000:15:25:23.30 ZTP mactivateCtrl:Retrying connection to Activate server after
    300 seconds

    Below is the show aruba-central output, it shown the error reason is TSL generic error (code: -1007)
    Show Aruba-Central output
    Below is the show activate provision result. 
    Show Activate Provision result
    Anyone have ever face the same issue here? What is the meaning of the SSL connect error and TSL generic error? And may I know how to resolve this problem? 
    Feedback is appreciated. 

    Thank you. 


    ------------------------------
    Adiputra Pandypta
    ------------------------------


  • 2.  RE: HP-2530 Switch Disconnected From Aruba Central (SSL Connect Error)

    EMPLOYEE
    Posted Mar 31, 2021 04:22 AM
    I see this seems to happen more often on 2530 switches at which point a zeroize of the crypto keys or removing the IDEVID_ROOT ta-profile (no crypto pki ta-profile IDEVID_ROOT) resolves the issue.

    Best, in a production situation, is to reach out to Aruba TAC support to find out that you don't break things that are specific in your environment, especially if you ever did something with certificates on the switch.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message