I'm troubeshooting VPN issue. When run "show security ike security-associations" show me this
error: the kmd instance kmd is not running
Found KB said
This is a known issue in Junos OS release 12.1X44. This issue is fixed in Junos OS release 12.1X45 or higher.
But I'm using 12.1X47-D15.4
Found that "kmd" should be a essential process for VPN. Run "show system processes extensive|match kmd" show nothing.
It even not start after restart ipsec-key-management
Go to Solution.
Is it a standalone device or a cluster?
If cluster, which node you are executing the command on?
Hello rtilak. It is standalone.
Can you share the output of 'show version', 'show chassis hardware' & 'show system core-dumps' from the device?
I attached the screen dump picture files of the 3 "show" command.
Can you try operational mode command 'restart ipsec-key-management' & see if KMD comes up?
Just like before. Restart ipsec-key-management cannot start kmd.
It is strange. Are there any overlapping traffic selectors in your VPN configuration?
Can you do 'commit full' & check if KMD comes up?
Else is it possible to reboot vSRX firefly?
"commit" command has no possible completion of "full".
I had restart this vSRX for several times.
commit full is hidden command so you won't get completion.
If even reboot of the firefly does not work, I believe some corruption with vSRX firefly.
Try spinning a new instance if possible and instead of vSRX firefly which is end of support long back, try spinning vSRX2.0 (15.1X49) release.
Got and just setup 15.1X49-D40. Run "show security ike security-associations" has no error anymore.
© 1999 - 2019 Juniper Networks, Inc.
All rights reserved