Cloud Managed Networks

 View Only
last person joined: yesterday 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

AOS8 to 10 Migration - Pre-Validate Failure (dns error)

This thread has been viewed 22 times

  • 1.  AOS8 to 10 Migration - Pre-Validate Failure (dns error)

    Posted 28 days ago

    The controller and APs are currently running 8.10.0.5 LSR

    We are migrating AOS8 Campus APs to Central. When trying to do a pre-validate check from the controller all APs are failing with the following error message :  

    Pre Validate Failed  dns error(Central) device-uswest4.central.arubanetworks.com  

    I was able to SSH into the AP and confirmed that it can resolve DNS, including the central FQDN, and also reach the internet

    As an extra validation, I ran a capture on the APs switchport. During the pre-validation, I see the AP resolve the record, but then it never attempted to reach out to any of the returned IPs.   It only reaches out to devices.arubanetworks.com

    I opened a TAC case, and they responded that they don't support migrations from AOS8 to AOS10???  We would need to involve Aruba professional services, even though this is a specific question about the documented process.

    Has anyone seen this error in the past and/or have recommendations on how to proceed?   Is it possible its a bug in the AOS8 code they are on (8.10.0.5).  I searched the defect database but could not find any documented bugs. 

    My only idea now is to upgrade to a later 8.10 version.

    If the documented method of converting AOS8 controller-managed APs doesn't work, what other methods are there to migrate a few hundred APs?



  • 2.  RE: AOS8 to 10 Migration - Pre-Validate Failure (dns error)

    Posted 27 days ago

    The documented method does work, we have done over 100 of them.  I have seen this error once or twice.  I got around it by changing the native VLAN on the port so the AP gets a fresh set of info from the DHCP server.  Then do a clear and use no-prevalidation on the ap convert command.  The ap convert process isn't perfect but it does work.  I'm guessing it's a bug too.  



    ------------------------------
    DanOBrien
    ------------------------------

    Original Message


  • 3.  RE: AOS8 to 10 Migration - Pre-Validate Failure (dns error)

    Posted 26 days ago

    I did some testing with 345 and a 503r using a virtual controller. 
    What I noticed on my firewall is that you need to open DNS, NTP and HTTPS. For NTP and DNS you can get away with running it locally as well. I did not run into any issues. Was running aid 8.9.

    There is a thread about it. What did your firewall report?



    ------------------------------
    Martijn van Overbeek
    Architect, Netcraftsmen a BlueAlly Company
    ------------------------------

    Original Message


  • 4.  RE: AOS8 to 10 Migration - Pre-Validate Failure (dns error)

    Posted 26 days ago

    Our Aruba SE replicated the issue in his lab, so I know it is not an issue with this specific environment.   I know it is not a firewalling issue because a capture of the switch port never sees the AP trying to communicate out.

    The workaround right now is forgoing the pre-validation and forcing the migration without the checks.

    The APs I have tested with so far have been successful, but unfortunately, without the pre-validation, we run the risk of an AP not being properly added to Greenlakes and having to track it down.

    For anyone in the future, the command is:  ap convert active specific-aps local-flash "image-name" no-pre-validation

    I'm waiting to hear back if this is a bug in just 8.10.0.5 or if potentially other 8.10 releases are impacted. 


    Original Message