Just getting started with Aruba Central and will only be looking at the switch managment features.
I am getting this error on 2 factory-defaulted 2530 switches in my lab:
05604 activate: EST enrollment with server failed because of unable to generate CSR
Nothing has come up on any searches.
Check to make sure the switch has the correct time.
If you upgrade your code to the 004 version of code and above, it could solve the problem of setting the correct time.
I am on
I have the NTP server option set and have UTC time set on the switch.
HP-2530-48G-PoEP# sho timeMon Dec 18 22:52:22 2017
Try these commands:
debug ztpdebug destination sessiondebug aruba-central
Type "show activate provision"
Both switches were able to enroll around 10pm yesterday. I didn't make any changes on my side at that time.
I will try adding another switch today.
Now getting a new error trying to activate a new 3rd switch:
W 12/19/17 11:37:45 05602 activate: EST provision with activate server failed because of not-authenticated.I 12/19/17 11:37:45 05226 activate: Successfully resolved the Activate server address device.arubanetworks.com to 18.104.22.168.W 12/19/17 11:32:55 05602 activate: EST provision with activate server failed because of of Activate SSL receive failure.I 12/19/17 11:32:44 05226 activate: Successfully resolved the Activate server address device.arubanetworks.com to 22.214.171.124.
I could never get the system to work as expected so I just removed our devices.
Sorry I can't help out.
Not mentioned in any of these posts, and then assumptions is the mo.. Was the switches visible/registered in your device inventory? And did you assign it a subscription? We usually get these errors when the switches are either not registered to a/the customer in Central, or no subscription added. Correct time is essential for all devices not shipped with .004.
And.. If you have entered any config elements at all - the switch will never sign up with Central. Need to reset it completely.
I went through this process yesterday. No matter what I did, it would not register on aruba central or activate. I called tech support and went through four different techs. The last tech kept trying the same commands over and over. Until finally he relented and said he was going to have the someone manually enter the serial number on the back end. After an hour or so, I came back to aruba central, and lo and behold the switch was there. I didn't get any specifics unfortunately. He mentioned that this was a somewhat common issue on the 2530 switch series. I have yet to try it on on any other switches.
In the end, I am somehwat disappointed in aruba central's management of switches. It seems to completely take over. The web gui is now disabled, and I can no longer use the cli to configure the switch. Just about every command shows invalid input. Making config changes on aruba central seems finnicky as well. Some changes happen other changes don't. I would be happy if all I could do was store my configs in the cloud and get system down notifications, but that seems to not be that simple.
Have you tried template groups in Central? I would recommend those over UI groups.
UI groups do not provide you complete configuration flexibility. e.g. spanning tree, modules are inconfigurable etc.
Template groups combine a template file and variable file to provide a per device configuration, that is exactly like, the device's running configuration.
CLI snippet is there to help you push CLI commands to device, for feature not in UI group. However, its a one time operation and a factory reset on the switch will fail to learn the CLI snippet change. Also there is no way to track, the CLI snippets pushed in past.
If you want, i can elaborate on the template groups.
2530 have been retro - fitted with cloud funcitionality, it lacks a TPM chip, so has to generate a certificate and a lot of folks are looking at the CSR error. The error fixes itself after a while though & switch connects to Central. Let me come back with engineering official stance on it. However if you choose any other model from the line up and they all have TPM chipset, & will not run into the CSR issue.
If you can elaborate on template groups, that would be very helpful. We've just signed up for central, but I'm finding it very limiting.
This is specific to the 2530, as this model does not have a TPM chip.
You need to have the switch in Activate, but then TAC needs to manually whitelist the serial as well. Once that is complete, unsubscribe / re-subscribe your switch and it should show up.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.