Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  NS-208 : imagekey.cer problem (netscreen 208)

    Posted 11-17-2016 19:16

    124.png 

     

    hello all 🙂

     

    i explain my situation

     

    i have a NS-208 and upgrade OS

    i have a mistake!!!

    that is it.

    i inject imagekey.cer file

    CLI : save imagekey tftp imagekey.cer

     

    and next time rebooting situation.

    NS -208 has a boot failure symtomes like upper image

     

    i try under method

     

    1) retryed boot file tftp

    -> still Invalid DSA signature, Bogus image....

     

    what can...i...do....sad....

     

     

     

     

    how can i solve this problem ?

     

     



  • 2.  RE: NS-208 : imagekey.cer problem (netscreen 208)
    Best Answer

    Posted 11-18-2016 06:04

    Hi,

     

    Seems you tried upgrading the image signing key to a new one and the deviec had the old image, and reboot.

     

    See if you could manage to get any image signed by new key and tftp it during the boot. I am now sure if you can get new image for NS208.

     

    Thanks,

    Vikas



  • 3.  RE: NS-208 : imagekey.cer problem (netscreen 208)

    Posted 11-22-2016 16:26

    thanks for reply...

    my repley is so late. very sorry to you...

    if you are engineer, you understand my condition in this situation.

     

    your advice is good and propriety

    but, i can't find this product ScreenOS version new and signed new image key

    juniper homepage not support this product

    i'm very sad 

     

    so please advice to me, where is it can i find NS-208 ScreenOS more hige version or another version...



  • 4.  RE: NS-208 : imagekey.cer problem (netscreen 208)

     
    Posted 11-22-2016 18:52

    In short, you need a NS-208 image signed with new key.

    Sorry, but this is a very tough situation.

     

    JTAC is the only team that might be able to help you. But, NS-208 is EOL and I don' think you will be able to open a case in the first place. Even then, the chances of getting a 5.4 image signed with new key are very minimal.



  • 5.  RE: NS-208 : imagekey.cer problem (netscreen 208)

    Posted 11-19-2016 05:21

    To recover from this error and allow the device to boot you need to delete the signing key.

     

    delete crypto auth-key

    You can download the new signing key from the support site and install this from the web interface after you boot again.



  • 6.  RE: NS-208 : imagekey.cer problem (netscreen 208)

    Posted 11-22-2016 16:18

    thanks reply 🙂 i'm late. because, my heart frozen and broke down.

    so please understand me

     

    your recommand command i know

    i have a lot of experience ScreenOS update

     

    in my situation, i have a NS-208

    this product ScreenOS is Maximum updated 5.4

     

    if i have a ssg-5 or maybe other product, any ScreenOS version much bigger than 6.0

    and then i try some act console-CLI

     

    so, i can't login CLI and handling any command.

    because,  infinite loop come to me.