Troubleshooting POPs, Tenants, and Devices Issues
Failure While Creating a Hub, Site, or Tenant
Problem
Description: A failure occurred when creating a hub, site, or tenant.
Solution
- Check the job logs in the CSO Administration Portal for
the task failure and the reason for the failure.
- Login to the Administration Portal and select Monitor
> Jobs
The Jobs page is displayed.
- Select the failed log and click the Detailed View icon
that appears before the failed log name.
The Detailed View page appears, showing the details of the job and the number of tasks associated with the job.
- Click View Logs.
The Job status page is displayed.
- Login to the Administration Portal and select Monitor
> Jobs
- If the failure cannot be determined from the job logs,
log in to Kibana and check for the logs using the job ID.
Use the Kibana dashboard http://<central- Infra-vm-IP-Address>:5601 to view the detailed logs of hub, site, and tenant failures.
- Log in to the CSO central microservices virtual machine
and execute kubectl get pods –n central to get the
status of tssm and topology POD running on
the central and regional microservices virtual machine.
root@centralmsvm:~# kubectl get pods –n central | grep tssmcsp.csp-tssm-711204925-ncjww 1/1 Running 1 18h csp.csp-tssm-core-407531667-x57cf 1/1 Running 1 18h
root@centralmsvm:~# kubectl get pods –n central| grep topologycsp.csp-topology-service-3409064476-30hfr 1/1 Running 1 18h csp.csp-topology-service-core-1954971038-x5v0w 1/1 Running 1 18h
Check the status of the POD.
Execute kubectl logs -f pod-name –n central.. For example,
root@centralmsvm:~# kubectl logs -f csp.csp-tssm-core-* –n central - For further troubleshooting, collect the logs and output results and contact Juniper Networks Technical Support team.
Base Configuration for CPE Activation
Problem
Description: User was unable to activate a CPE device. Specify the base configuration to activate a CPE device after loading a factory default configuration.
Solution
For Zero Touch Provisioning (ZTP) using the Juniper Networks redirect server and the Dynamic Host Configuration Protocol (DHCP) on a WAN interface (ge-0/0/0), no configuration is required from the user. The CPE activation proceeds with the factory default configuration.
If the CPE device has to be pre-staged based on customer-specific requirements such as a static IP address on WAN interfaces, using the CSO activation server as a phone-home server instead of the Juniper Networks redirect server, then execute the following additional configurations on the CPE device after the factory default configuration.
CPE-SRX [Two WAN Links]
set interfaces ge-0/0/0 unit 0 family inet address 192.1.1.1/29 set interfaces ge-0/0/1 unit 0 family inet address 192.1.1.2/24 set routing-options static route 0.0.0.0/0 next-hop 198.1.1.1 set security zones security-zone untrust interfaces ge-0/0/0.0 set security zones security-zone untrust interfaces ge-0/0/1.0 set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh set system phone-home server https://regionalmsvm.englab.juniper.netset system phone-home ca-certificate-file /root/ssl_cert.crt set system static-host-mapping regional msvm.englab.juniper.net
CPE-NFX (JDM Console)
set system phone-home server https://CSO-regional-ms-vm-ip set interfaces jsxe0 unit 0 family inet dhcp [or] set interfaces jsxe0 unit 0 family inet address 192.1.1.5/29 set routing-options static route 0.0.0.0/0 next-hop 198.1.1.2 set interfaces jmgmt0 unit 0 disable << disable to avoid the default route overlap
You must copy the ssl_cert.crt certificate to NFX CPE device/JDM: /var/phone-home/phcd-ca.crt