Duct tape or super glue ... -----Original Message----- From: Tom Storey [mailto:t...@snnap.net] Sent: Thursday, April 03, 2014 12:01 PM To: Per Granath Cc: Mircho Mirchev; Juniper Maillist Subject: Re: [j-nsp] J2300/J4300 FPCs cannot go online
Juniper's solution is perhaps a little more "elegant". They suggest: 1. Deactivate existing NTP configuration 2. Set date back ~10 years root> set date 200403250000.00 3. Disable sw -> hw time sync (incl. at boot time via rc script) root% sysctl -w machdep.disable_rtc_set=1 root% touch /cf/etc/rc.custom root% chmod +x /cf/etc/rc.custom root% echo "sysctl -w machdep.disable_rtc_set=1" > /cf/etc/rc.custom root% cat /cf/etc/rc.custom 4. Re-activate NTP configuration 5. Reboot (doesnt seem strictly necessary, but maybe worthwhile as a test) So basically youre setting the hw clock back ~10 years which allows the FPC to come online. You disable sw -> hw time sync so even when running NTP, if the device reboots the hw clock is still in the past, the FPC will come online because the certificate is still valid, and then NTP will update the time on the box to the present. Genius even if still a little hacky. :-) On 31 March 2014 09:38, Per Granath <per.gran...@gcc.com.cy> wrote: > Change the date to 2004, and do not use NTP. > > set date 200403311010.10 > > > -----Original Message----- > From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On > Behalf Of Mircho Mirchev > Sent: Saturday, March 29, 2014 11:32 PM > To: Tom Storey > Cc: Juniper Maillist > Subject: Re: [j-nsp] J2300/J4300 FPCs cannot go online > > Hi, > Same here.... > Seems there are more expired certificates. > We'll have to try JTAC - however, I'm not sure if they can help - these boxes > are long out of support. > Any other ideas? > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp