Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Virtual Chassis is not Connecting to CSO

 

Problem

Description: Virtual Chassis (VC) is not connecting to CSO

Solution

To resolve this issue:

  • Ensure that all the members of the VC are up and the status of the members is PRSNT in the show virtual-chassis command.

  • Verify that the serial number that you entered while configuring the site is that of the primary member in the VC.

    Execute the show virtual-chassis command on any member of the VC to find the serial number of the primary.

    If the serial number you provided is not the same as the serial number of the primary, edit the serial number.

  • Log in to the primary member of the VC and try to access the ports 443 and 7804 on CSO by using Telnet to check reachability of CSO from the switch. Ping may or may not work.

  • Log in to the primary member and execute the tail -f /var/log/messages command to look for any error messages related to the VC not being able to connect to CSO.

    Table 1 lists the error messages to look for that indicate connectivity issues with CSO.

    Table 1: Error Messages Indicating Connectivity Issues with CSO

    Error

    Cause and Action

    404/400 from redirect server

    • Device serial number might not be registered in redirect server

      To resolve this issue, look into the site creation log in the CSO. If there is an error indicating that device serial number is not available, contact Juniper support to add the serial number to the redirect server.

    • Verify the serial number entered while creating a site to ensure there are no typos. You should provide the serial number of the primary device while configuring the site.

    • Verify the audit logs for the Site Creation job to ensure that the site is configured properly.

    401 Unauthorized

    It is normal for this error message to appear once. This error message indicates that the device can reach CSO and CSO is able to recognize the device.

    But, if this message appears multiple times, verify whether the Auto Activate option was disabled while configuring the site. If the option is disabled, activate the device manually from the Devices page..

    To verify, select the site and click the Edit icon (Pen) on the Sites page (Resources > Site Management). The Auto Activate field indicates whether auto activation was enabled or disabled while configuring the site. Enable the Auto Activate option, if needed.

    In some rare cases, if the same serial number is used in another tenant, the 401 unauthorized message may be thrown continuously.

    Unable to resolve hostname

    Device is not able to resolve redirect.juniper.net or the CSO hostname into IP address.

    Check the DNS server configuration on the device. The DNS server should be obtained either by using a DHCP server or should be configured statically. The DHCP server provides the DNS server to the switch for resolving the redirect server and CSO server hostnames.

    Execute the cat /etc/resolv.conf command on the switch to view the DNS server that is configured.

    If there is no DNS server configured to resolve the hostnames, do one of the following:

    • Map IP hostname manually in the /etc/hosts file on the switch.

    • Configure a static DHCP server by using the set system name-server 8.8.8.8 command.

    Certificate Verification Failed

    Ensure that the NTP server assigned to the switch is working fine and that the time displayed on the switch is close to the current time.