Cloud Managed Networks

 View Only
last person joined: 15 hours ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Expand all | Collapse all

2930F Web socket Connection Failed Aruba Central

This thread has been viewed 51 times
  • 1.  2930F Web socket Connection Failed Aruba Central

    Posted May 12, 2023 11:35 AM

      2930F is not connecting to Aruba Central. In the logs it states:
    W 05/12/23 10:22:54 05232 central: SSL negotiation failed with status = -7629.
    I 05/12/23 10:22:54 05235 central: Websocket connection failed. Config channel
                is not established. Retry after 60 seconds.

     I have added the foundation license, and aruba-central enable, and activate provision force. I have checked all firewall settings, however I could have missed something. Any help would be greatly appreciated as I'm quite new to Aruba Central.
    Some more information:

      Server URL              : https://device-uswest4.central.arubanetworks.com/ws
      Connected               : No
      Mode                    : NA
      Last Disconnect Time    : NA
      Server DNS Lookup       : Success
      Proxy Server DNS Lookup : NA
      Error Reason            : TLS generic error (code: -7629)


    Configuration and Status - Activate Provision Service
     
      Activate Provision Service    : Enabled
      Activate Server Address       : devices-v2.arubanetworks.com
      Activation Key                : ********
      Time Sync Status              : Time sync from SNTP server
      Activate DNS Lookup           : Success
      Proxy Server DNS Lookup       : NA
      Activate Connection Status    : Success
      Error Reason                  : NA
      Override Default Config Check : Disabled






  • 2.  RE: 2930F Web socket Connection Failed Aruba Central

    EMPLOYEE
    Posted May 12, 2023 07:00 PM

    this looks like a cert trust issue with Activate or something that is inline messing with 
    was this switch ever connected to Central?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 12, 2023 07:14 PM

    The switch has never been connected to central. First time setup. After some research, I think it's not able to communicate to central itself, but it is communicating to activate. 

     I do greatly appreciate the assistance!




  • 4.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 12, 2023 07:16 PM

    There are 2 other 6300 that were connected to central, but are no longer working properly. However those I'll figure out later as my priority is the 2930F




  • 5.  RE: 2930F Web socket Connection Failed Aruba Central

    EMPLOYEE
    Posted May 12, 2023 07:42 PM

    what is the current firmware version on the 2930F?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 6.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 12, 2023 07:43 PM

    I updated it to one of the latest, I'm not in office at the moment but it was 16_11_0011 or something similar.




  • 7.  RE: 2930F Web socket Connection Failed Aruba Central

    EMPLOYEE
    Posted May 12, 2023 07:50 PM

    ok , check the debug output aruba-central



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 8.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 17, 2023 05:28 PM

     I have checked debugs /ztp/aruba-central/destination session/ I'm not seeing anything that is eye catching, other than SSL and various errors. If you'd like the full log list let me know. 
     I have checked the firewall and everything seems to be correct, even allowed the entire switch through. The switch did connect for 8 hours, then just dropped connection and I'm banging my head trying to fix it




  • 9.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 22, 2023 09:07 AM

    The switch intermittently connects to central, then randomly it will disconnect for an unknown period of time.




  • 10.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 15, 2023 09:58 AM

    The error message "SSL negotiation failed with status = -7629" indicates that the device is having trouble establishing a secure connection with the Aruba Central server. This could be caused by a number of issues, including incorrect firewall settings or an issue with the device's SSL certificate.

    You have already checked the firewall settings, so the next step would be to verify the SSL certificate. Make sure that the device's SSL certificate is valid and matches the certificate configured on the Aruba Central server. If there are any mismatches or errors, you may need to update the SSL certificate on the device or on the server.   MyGeorgiaSouthern

    If the SSL certificate is not the issue, you could try restarting the device and checking the configuration settings to ensure that they are correct. If the problem persists, you may need to contact Aruba support for further assistance. Please check this if it can help..  




  • 11.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 17, 2023 11:00 AM

    Paige, the switch did randomly start connecting to aruba-central for about 9 hours, then it completely disconnected and went back to the same original issue. I have been doing some research on SSL certificate but can't find any information pertaining to the switch and certificates with aruba-central. Do you have any further information about the SSL?




  • 12.  RE: 2930F Web socket Connection Failed Aruba Central

    EMPLOYEE
    Posted May 25, 2023 11:01 AM

    You may run a packet capture and if you are lucky can see the used certificates and possibly the certifcates in use. But if you have not done that before, it may be better to work with your Aruba partner or Aruba support.

    Some firewalls do SSL inspection, which basically breaks SSL and requires changes to each of your clients. If your firewall (possibly) performs SSL inspection/decryption, turn it of for traffic from your switch or traffic going to Aruba Central.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 13.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted May 25, 2023 04:55 PM

    I'll give that a shot using wire shark. We have checked the firewall, no luck. Do you know if  curl utility on the switch can be configured to skip the SSL cert validity check, or if Aruba has some way of refreshing the built-in "cacert" file for the on-board curl utility?




  • 14.  RE: 2930F Web socket Connection Failed Aruba Central

    EMPLOYEE
    Posted May 25, 2023 06:50 PM

    i think curl command has a flag option "--insecure" which avoids cert validation



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 15.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted Sep 07, 2023 12:59 PM

    Hi MoJoPBS, were you able to resolve this issue?  I am running into the same problem, and have followed the exact same steps that you had taken.




  • 16.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted Sep 07, 2023 01:55 PM

    Gman! 

     Just got back from lunch, yes I did resolve the issue!

    I found the firewall was blocking connection to central. Also make sure your switch had the DNS, gateway, time server, and of course added vlan 1 ip in firewall. I hope this helps!

    You have to add the URL, I was resolving it and adding the ip address of each in the below link lol:

    Opening Firewall Ports for Device Communication

    Arubanetworks remove preview
    Opening Firewall Ports for Device Communication
    Provides information on the domain names and ports required to allow devices to communicate over a network firewall in Aruba Central.
    View this on Arubanetworks >




  • 17.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted Sep 07, 2023 06:52 PM

    Thanks for the response.  Looks like it ended up being a F/W issue on my end as well..  I had the FQDN's whitelisted, which are mentioned in the article, but the one which I was missing was 'devices-v2.arubanetworks.com', which allows connectivity between devices and Aruba Activate!  




  • 18.  RE: 2930F Web socket Connection Failed Aruba Central

    Posted Sep 08, 2023 08:48 AM

    Classic! If you need any further help let me know.

    See below for a few of my notes on how to get some telemetry data from the switches to report to central:

    Switch Configuration Commands For Full Aruba_Central Connection
     
    AOS-S:
    ip client-tracker :: IP Information
     
    *working on device-fingerprint
     
     
     
    AOS-CX
    ip client-tracker :: IP Information
    int vlan 1
    ip client-tracker :: IP Information on vlan
     
    device-fingerprint profile a
    (a)dhcp
    (a)cdp
    (a)http
    device-fingerprint apply-profile a 1/1/1-1/1/52