0 Replies Latest reply: Jun 14, 2019 12:34 PM by Jerry RSS

    VIRL PE - salt server license / activation failing


      I'm writing this in hopes of helping others - I just spent a few hours struggling with this.  You should be able to run thorough these in 15 - 20 minutes, including one server reboot.


      Symptom:  You follow the instructions, yet the salt status still returns an error such as:


      [CRITICAL] The Salt Master has rejected this minion's public key!

      To repair this issue, delete the public key for this minion on the Salt Master and restart this minion.

      Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.


      Here's what I did to resolve:


      1. Make sure your timezone is set correctlyhttps://learningnetwork.cisco.com/docs/DOC-32305#jive_content_id_Set_your_timezone  describes the steps to do so.
      2. Make sure the ntp server you're using is working correctly. My server was using pool.ntp.org and appeared to be working correctly, but when I ran System Tools | Check Health Status it returned as failed.  The solution is to change your time server: https://learningnetwork.cisco.com/docs/DOC-32305#jive_content_id_Testing_Connectivity_to_NTP_Servers  - there is a list of time servers about 3/4 way down the page.
      3. After doing #1 and #2 - reboot your VIRL server.
      4. Downloading my license came with a .cer extension.  I finally figured out that it would import properly as such.  The fix is simple:  remove the .cer extension, replacing with .pem  I know this sounds crazy...  But trust me.  Don't change anything else - the filename will be your unique alphanumeric code + .virl.info.pem (ie, CIsC0vRl.virl.info.pem)
      5. Once you've checked these, within UWM jump to VIRL Server | Salt Configuration and Status status - your on the home stretch!
        1. Cick the Reset keys and ID option.
        2. Now, click Load Config FIle, browse to your .pem license.  If the import works correctly:
          *  the Salt ID and domain field will populate automatically
          *  You'll see the Minion private RSA key in PEM format populate with the contents of your .PEM file. 
        3. Type in the Customer e-mail Address you used to register your product
        4. Click the List of Cisco salt masters button corresponding to your region:  US, EU, or AP.
        5. Click the Reset button and wait - this can take a minute or two.

      That's it - you should be good to go.  I'm posting this as a "question" because I would appreciate feedback. Thank you!