1 2 Previous Next 18 Replies Latest reply: Nov 6, 2018 9:15 AM by Jay RSS

    Failed to collect current salt contact status

    Jay

      Hello,

       

      Getting the following error when trying to validate my license:

       

      Failed to collect current salt contact status: Cisco contact was not established. This may be temporary. Please make sure the VIRL server is connected to the Internet and capable of reaching the configured Cisco master. Also make sure that the minion key provided to you matches your minion ID and domain, and remains valid. Current status is: License renewal never completed successfully. Last license renewal final result was (2018-10-22 16:44:24): Call has timed out; failed to connect or minion key not accepted.

       

      Connection to Virl License server is successful however - vsm-us-51.virl.info

       

      No connectivity issues to Virl License server and I have confirmed my License ID, PEM Key, and NTP connection. I have attached output from VIRL Server Salt Connectivity Validation script.

        • 1. Re: Failed to collect current salt contact status
          Karlo Bobiles

          Hello Jay,

           

          I just received confirmation from the VIRL Team, one of the Salt Masters experienced issues, but has since been restored. Please perform the following:

           

          1. From UWM, navigate to VIRL Server > Salt Configuration and Status
          2. Click on Check status now (this resolves most errors)

           

          Thank you,

          Karlo Bobiles

          Cisco Learning Network

          • 2. Re: Failed to collect current salt contact status
            Jay

            Hi Karlo,

             

            Tried that as well as reseting keys and ID with no luck.

             

            As per the tshoot salt status link I've only configured access to one Salt Master to expedite troubleshooting after I confirmed access to all salt servers.

             

            vsm-us-51.virl.info

            • 3. Re: Failed to collect current salt contact status
              Karlo Bobiles

              Hello Jay,

               

              Please re-run the VIRL Server Config Validation script and attach the full results to this thread. Also, when was the last time you rebooted your VIRL box?


              Thank you,

              Karlo Bobiles

              Cisco Learning Network

              • 4. Re: Failed to collect current salt contact status
                Jay

                !Hi Karlo,

                 

                Reboot did not resolve the license issue. FYI - As per TShoot guide I only have enabled access to vsm-us-51.virl.info.

                 

                Attached is the output from the validation script.

                 

                Jay

                • 5. Re: Failed to collect current salt contact status
                  Karlo Bobiles

                  Hello Jay,

                   

                  This request has been escalated to alegalle for further investigation. Please stand by.


                  Thank you,

                  Karlo Bobiles

                  Cisco Learning Network

                  • 6. Re: Failed to collect current salt contact status
                    R

                    HI Karlo, I rebooted and reset the keys but having same issues and I don't have option to attach any files here so you can investigate.

                    • 7. Re: Failed to collect current salt contact status
                      Karlo Bobiles

                      Hello R,

                       

                      I did receive your email and have responded back. For future references, for any new cases, please open a new thread.

                       

                      Thank you,

                      Karlo Bobiles

                      Cisco Learning Network

                      • 8. Re: Failed to collect current salt contact status
                        alejo-VIRL Support

                        Hello Jay, based on the output it looks the problem is with NTP. Ensure that your environment does not restrict NTP traffic or point the VIRL PE server to a local NTP server. Once NTP has been resolved and the server is able to sync time, your license should work as expected. Please keep us posted.

                        • 9. Re: Failed to collect current salt contact status
                          Jay

                          Hi Alejo,

                           

                          It does not appear the issue is with NTP as I have connectivity to our local NTP Server.

                           

                          virl@virl:~$ ntpq -pn

                               remote           refid      st t when poll reach   delay   offset  jitter

                          ==============================================================================

                          192.168.41.102  .LOCL.           1 u   41   64  377    0.724  -7139.2  11.179

                          72.14.183.239   .INIT.          16 u    - 1024    0    0.000    0.000   0.000

                          • 10. Re: Failed to collect current salt contact status
                            Jay

                            Hi Alejo,

                             

                            Here is output as per T-Shoot: NTP errors and connectivity on VIRL

                             

                            As you can see below I have connectivity to my local NTP Server

                             

                            virl@virl:~$ sudo ntpdate -d bldc1.borderlands.dom
                            31 Oct 04:03:04 ntpdate[17642]: ntpdate 4.2.8p4@1.3265-o Wed Feb 14 14:56:31 UTC 2018 (1)
                            Looking for host bldc1.borderlands.dom and service ntp
                            192.168.41.102 reversed to bldc1.borderlands.dom
                            host found : bldc1.borderlands.dom
                            transmit(192.168.41.102)
                            receive(192.168.41.102)
                            transmit(192.168.41.102)
                            receive(192.168.41.102)
                            transmit(192.168.41.102)
                            receive(192.168.41.102)
                            transmit(192.168.41.102)
                            receive(192.168.41.102)
                            server 192.168.41.102, port 123
                            stratum 1, precision -6, leap 00, trust 000
                            refid [LOCL], delay 0.04189, dispersion 0.00357
                            transmitted 4, in filter 4
                            reference time:    df824d8b.49a8155d  Tue, Oct 30 2018  8:24:59.287
                            originate timestamp: df8361a5.57fe1975  Wed, Oct 31 2018  4:03:01.343
                            transmit timestamp:  df8361ae.9c2cd167  Wed, Oct 31 2018  4:03:10.610
                            filter delay:  0.04192  0.04189  0.04189  0.04189
                                     0.00000  0.00000  0.00000  0.00000
                            filter offset: -9.25716 -9.26031 -9.26351 -9.26665
                                     0.000000 0.000000 0.000000 0.000000
                            delay 0.04189, dispersion 0.00357
                            offset -9.260314

                            31 Oct 04:03:10 ntpdate[17642]: step time server 192.168.41.102 offset -9.260314 sec

                             

                             

                            virl@virl:~$ sudo tcpdump -ni eth0 udp port 123

                            tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

                            listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

                            04:02:23.454009 IP 192.168.41.232.1230 > 255.255.255.255.123: NTPv3, Client, length 48

                            04:02:40.553748 IP 192.168.41.232.1230 > 255.255.255.255.123: NTPv3, Client, length 48

                            04:02:57.650484 IP 192.168.41.232.1230 > 255.255.255.255.123: NTPv3, Client, length 48

                            04:03:04.610141 IP 192.168.41.81.39637 > 192.168.41.102.123: NTPv4, Client, length 48

                            04:03:04.610621 IP 192.168.41.102.123 > 192.168.41.81.39637: NTPv3, Server, length 48

                            04:03:06.610110 IP 192.168.41.81.39637 > 192.168.41.102.123: NTPv4, Client, length 48

                            04:03:06.610612 IP 192.168.41.102.123 > 192.168.41.81.39637: NTPv3, Server, length 48

                            04:03:08.610109 IP 192.168.41.81.39637 > 192.168.41.102.123: NTPv4, Client, length 48

                            04:03:08.610595 IP 192.168.41.102.123 > 192.168.41.81.39637: NTPv3, Server, length 48

                            04:03:10.610090 IP 192.168.41.81.39637 > 192.168.41.102.123: NTPv4, Client, length 48

                            04:03:10.610599 IP 192.168.41.102.123 > 192.168.41.81.39637: NTPv3, Server, length 48

                            04:03:14.933915 IP 192.168.41.232.1230 > 255.255.255.255.123: NTPv3, Client, length 48

                            ^C

                            12 packets captured

                            12 packets received by filter

                            0 packets dropped by kernel

                            • 11. Re: Failed to collect current salt contact status
                              alejo-VIRL Support

                              Jay please accept my apology.  I have been looking at too many logs and had a brain **** apparently as well as not completely reading your initial post.

                               

                              The problem is something we are very well aware of and will change in future updates. From your original post, it appears that you may only have created a firewall rule for a single salt master (vsm-us-51.virl.info). Since your VIRL server is currently configured to use all 4 salt masters, UWM reports a failure since it is not able to access the other three salt masters. To keep this short, just know this behavior is annoying (to me at least) and will change in the near future.

                              To correct the problem, just remove the other three salt masters and try again.

                              • 12. Re: Failed to collect current salt contact status
                                Jay

                                Hi Alejo,

                                 

                                No need to apologize thanks for helping me out. How do I remove the other 3 salt servers from UWM? Not sure where to go to do that hoping you can provide instructions on how to do that as I don't see option to do that from gui.

                                • 13. Re: Failed to collect current salt contact status
                                  alejo-VIRL Support

                                  Thanks for understanding. To remove the other salt masters just have to highlight the ones you don't need in the Cisco Salt Master text box. It does not seem like it is a text box because it can be populated via the region buttons, but it is.

                                   

                                  So from UWM navigate to VIRL Server > Salt Configuration and Status; then click on Reset Keys and ID button. On the license page locate the List of Cisco Salt Masters and highlight all but the first salt master, delete them and click Reset. That is all.

                                  Let me know if you continue to have issues.

                                  • 14. Re: Failed to collect current salt contact status
                                    Jay

                                    Hi Alejo,

                                     

                                    Tried that but unfortunately still same issue. This is the error I get when selecting only the one salt master vsm-us-51.virl.info:

                                     

                                    Failed to collect current salt contact status: Cisco contact was not established. This may be temporary. Please make sure the VIRL server is connected to the Internet and capable of reaching the configured Cisco master. Also make sure that the minion key provided to you matches your minion ID and domain, and remains valid. Current status is: License renewal never completed successfully. Last license renewal final result was (2018-11-01 20:25:29): NTPd is not connected to a server.

                                    1 2 Previous Next