Failed to retrieve the public/pvt keys from appliance : Versa Support

This article will describe how to fix an onboarding issue if you are running into the following Error on the Task

Make sure secure mode is disabled on the appliance

Note: Please ensure the secure-mode is disabled before onboarding.In a out-of-box unit secure-mode is disabled by default. To check the Secure mode status #From CLI request system secure-mode status

To Disable Secure mode

#From CLI

request system secure-mode disable

If secure-mode is disabled and still the Director fails to retrieve the public/pvt keys from appliance proceed follow the below steps.

Confirm the reachability between the Director and Appliance Management IP

admin@Director-1:~$ ping <appliance management-IP> -s 1200 <<<-- Make sure there is no packet drops

If there are ping drops then troubleshoot the issue from VOS, make sure there is no underlay issue with the appliance,

admin@Branch-01-cli> ping 8.8.8.8 routing-instance <WAN-Transport-VR> count 500 rapid enable packet-size 1300

admin@Branch-01-cli> ping <Controller-WAN-IP> routing-instance <WAN-Transport-VR> count 500 rapid enable packet-size 1300

Confirm the reachability of the following ports from the Director shell

admin@Director-1:~$ telnet <appliance management-IP> 2022

admin@Director-1:~$ telnet <appliance management-IP> 22

Try to SSH from the Director shell to the appliance and confirm if SSH works

admin@Director-1:~$ ssh admin@<appliance management-IP>

If there is an issue with the 22 and 2022 port reachability then check the IPTABLES on the VOS and SSH jail command to confirm the Director southbound IP is not added there along with VOS is listening on port 22 and 2022

[admin@Branch-01: ~] $ sudo iptables -S

admin@Branch-01-cli> show jail ssh

[admin@Branch-01: ~] $ sudo lsof -i:22

[admin@Branch-01: ~] $ sudo lsof -i:2022

If you are still noticing a problem with the public/pvt key then follow the below action

Failed to retrieve the public/pvt keys from appliance <Branch>

Check if are you able to read the ckey file from the appliance and check the file size

[admin@versa-flexvnf: ~] $ ls -la /var/lib/vs/.ckey

-rwx------ 1 root versa 0 Nov 1 02:37 /var/lib/vs/.ckey

[admin@versa-flexvnf: ~] $ sudo cat /var/lib/vs/.ckey

[admin@versa-flexvnf: ~] $

If the .ckey file doesn't show any output, please delete the file, restart the Versa Services, and then re-check if the file exists. The steps are as follows:

1) [admin@versa-flexvnf: ~] $ sudo rm /var/lib/vs/.ckey

2) [admin@versa-flexvnf: ~] $ vsh restart

3) Once the services come up, please run the below:

4) [admin@versa-flexvnf: ~] $ sudo cat /var/lib/vs/.ckey

If it shows the .ckey, then re-onboard the appliance.

Note: Before re-onboarding the appliance, please make sure you deleted the device from Administrator > Appliances and redeployed the device from Workflow > Devices to clear the cache on the Director.

If you are still running into an issue after following the above steps, please reach out to Versa Support support@versa-networks.com

Failed to retrieve the public/pvt keys from appliance

Modified on: Mon, 11 Nov, 2024 at 8:04 PM

More articles in Troubleshooting