Troubleshooting SEC Onboarding Failures
These troubleshooting topics describes many different symptoms related to Secure Event Connector (SEC) onboarding failure.
SEC on-boarding failed
Symptom: SEC on-boarding failed.
Repair: Remove the SEC and onboard it again
If you receive this error:
- Remove the Secure Event Connector and its files from the virtual machine container.
- Update your On-Premises Secure Device Connector. Ordinarily, the SDC is updated automatically and you should not have to use this procedure but this procedure is useful in cases of troubleshooting.
- Install the Secure Event Connector on an On-Premise SDC Virtual Machine
Tip! Always use the copy link to copy the bootstrap data when on-boarding an SEC.
Note: If this procedure does not correct the problem, gather the troubleshooting logs and contact your Managed Service Provider or the Cisco Technical Assistance Center.
SEC Bootstrap data not provided
Message: ERROR cannot bootstrap Secure Event Connector, bootstrap data not provided, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup Please input the bootstrap data from Setup Secure Event Connector page of CDO: [2020-06-10 04:37:26] ERROR cannot bootstrap Secure Event Connector, bootstrap data not provided, exiting.
Diagnosis: Boostrap data was not entered into the setup script when prompted.
Repair: Provide the SEC bootstrap data generated in CDO UI when prompted for the bootstrap data input when onboarding.
Bootstrap config file does not exist
Message: ERROR Cannot bootstrap Secure Event Connector for tenant: <tenant_name>, bootstrap config file ("/usr/local/cdo/es_bootstrapdata") does not exist, exiting.
Diagnosis: SEC Bootstrap data file("/usr/local/cdo/es_bootstrapdata") is not present
Repair: Place the SEC bootstrap data generated in CDO UI onto the file /usr/local/cdo/es_bootstrapdata and try onboarding again.
- Repeat onboarding procedure
- Copy the bootstrap date
- Log into the SEC VM as the 'sdc' user.
- Place the SEC bootstrap data generated in CDO UI onto the file /usr/local/cdo/es_bootstrapdata and try onboarding again.
Decoding bootstrap data failed
Message: ERROR cannot bootstrap Secure Event Connector for tenant: <tenant_name>, faile to decode SEC boostrap data, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup base64: invalid input [2020-06-10 04:37:26] ERROR cannot bootstrap Secure Event Connector for tenant: tenant_XYZ, failed to decode SEC bootstrap data, exiting.
Diagnosis: Decoding bootstrap data failed
Repair: Regenerate SEC bootstrap data and try onboarding again.
Bootstrap data does not have required information to onboard SEC
Messages:
- ERROR cannot bootstrap Secure Event Connector container for tenant: <tenant_name>, SSE_FQDN not set, exiting.
- ERROR cannot bootstrap Secure Event Connector container for tenant: <tenant_name>, SSE_OTP not set, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup [2020-06-10 04:37:26] ERROR cannot bootstrap Secure Event Connector for tenant: tenant_XYZ, SSE_FQDN not set, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup [2020-06-10 04:37:26] ERROR cannot bootstrap Secure Event Connector for tenant: tenant_XYZ, SSE_FQDN not set, exiting.
Diagnosis: Bootstrap data does not have required information to onboard SEC
Repair: Regenerate bootstrapdata and try onboarding again.
Toolkit cron currently running
Message: ERROR SEC toolkit already running, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup [2020-06-10 04:37:26] ERROR SEC toolkit already running.
Diagnosis: Toolkit cron currently running.
Repair: Retry onboarding command again.
Adequate CPU and memory not available
Message: ERROR unable to setup Secure Event Connector, minimum 4 cpus and 8 GB ram required, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup [2020-06-10 04:37:26] ERROR unable to setup Secure Event Connector, minimum 4 cpus and 8 GB ram required, exiting.
Diagnosis: Adequate CPU and memory not available.
Repair: Ensure minimum of 4 CPUs and 8 GB RAM are provisioned exclusively for SEC on your VM and try onboarding again.
SEC already running
Message: ERROR Secure Event Connector already running, execute 'cleanup' before onboarding a new Secure Event Connector, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup [2020-06-10 04:37:26] ERROR Secure Event Connector already running, execute 'cleanup' before onboarding a new Secure Event Connector, exiting.
Diagnosis: SEC already running
Repair: Run SEC cleanup command before onboarding a new SEC
SEC domain unreachable
Messages:
- Failed connect to api-sse.cisco.com:443; Connection refused
- ERROR unable to setup Secure Event Connector, domain api-sse.cisco.com unreachable, exiting.
[sdc@localhost ~]$ /usr/local/cdo/toolkit/sec.sh setup curl: (7) Failed connect to api-sse.cisco.com:443; Connection refused [2020-06-10 04:37:26] ERROR unable to setup Secure Event Connector, domain api-sse.cisco.com unreachable, exiting.
Diagnosis: SEC domain unreachable
Repair: Ensure the on-premise SDC has Internet connectivity and try onboarding again.
Onboarding SEC command succeeded without errors, but SEC docker container is not up
Symptom: Onboarding SEC command succeeded without errors, but SEC docker container is not up
Diagnosis: Onboarding SEC command succeeded without errors, but SEC docker container is not up
Repair:
- Log in to the SEC as the 'sdc' user.
- Check for any errors in SEC docker container startup logs(/usr/local/cdo/data/<tenantDir>/event_streamer/logs/startup.log).
- If so, run SEC cleanup command and try onboarding again.
Contact CDO Support
If none of these scenarios match yours, open a case with Cisco Technical Assistance Center.