Once imported, check System > Settings > Integrity Verification to ensure the image is verified against Known Good Values (KGV) . 2. Refresh Cisco.com Credentials
Sometimes the token between your appliance and Cisco's servers becomes "invalid": Go to .
Check if there is a pending update for the Cisco Trustpool and apply it to restore secure communications. 4. Verify Proxy and Connectivity Once imported, check System > Settings > Integrity
Several bugs have been tracked for this behavior, including CSCwd15921 , which affects releases 2.2.3.x through 2.3.4.x.
Check if your firewall is blocking traffic to these URLs or if the appliance is attempting to bypass the configured proxy for SWIM tasks. 5. Check for Known Field Notices Check if there is a pending update for
Cisco released Field Notice FN74033 , stating that older versions of DNA Center will fail to download metadata after , due to certificate changes. If you are on an older release, an upgrade to a fixed version (e.g., 2.3.5.x or later) is required. Comparison of Solution Paths Effectiveness When to Use Manual Import Urgent upgrades or persistent API errors. Credential Refresh Authentication or account permission issues. Trustpool Update Certificate or SSL handshake failures. Software Upgrade For long-term fixes of known bugs (e.g., CSCwd15921).
Use the CLI to test connectivity to cloudsso.cisco.com and software.cisco.com . Check if your firewall is blocking traffic to
Are you currently running a or three-node cluster, and what is your specific software version ? DNA CENTER IMAGE REPOSITORY ERROR NCSW10301
Expired certificates in the Catalyst Center Trustpool can break the secure communication required to fetch metadata from software.cisco.com.
If the appliance is behind a proxy and the SWIM engine is not correctly utilizing the proxy settings, metadata requests will fail. Step-by-Step Troubleshooting and Fixes 1. Manual Image Import (The Guaranteed Workaround)