Cloud Managed Networks

Hey there, i fail to add one of our Switches to central and i cant make reason out of the log entry:

Data of the Switch:  J9854A (2530 Series, 24Port PoE Switch), running Software version YA.16.11.0026 as that is the newest version i could find.

Switch is configured to reach the internet without issue, can ping google.com, can ping 8.8.8.8, etc.
No firewall is blocking communication to  central or ativate either, we already have other switches and multiple Acess points online and running in Central from this location and other company locations.

Logs of the switch:

W 07/14/25 14:18:52 05604 activate: EST enrollment with server failed because of
            SIMPLEENROLL failed with http auth digest.
I 07/14/25 14:18:49 05601 activate: EST provision with activate server
            successful. Establishing connection with EST server.
I 07/14/25 14:18:45 05226 activate: Successfully resolved the Activate server
            address device.arubanetworks.com to 35.164.114.233.
I 07/14/25 14:18:45 05627 activate: Time sync with NTP server is successful.
I 07/14/25 14:18:13 05225 activate: Loading security certificates and
            synchronizing time.

U20B1SW02(config)# show aruba-central

 Configuration and Status - HPE ANW Central

  Server URL              : None
  Connected               : No
  Mode                    : NA
  Last Disconnect Time    : NA
  Server DNS Lookup       : NA
  Proxy Server DNS Lookup : NA
  Error Reason            : NA
U20B1SW02(config)# show activate provision

 Configuration and Status - Activate Provision Service

  Activate Provision Service    : Enabled
  Activate Server Address       : devices-v2.arubanetworks.com
  Activation Key                : Not Available
  Time Sync Status              : Time sync from NTP pool
  Activate DNS Lookup           : Success
  Proxy Server DNS Lookup       : NA
  Activate Connection Status    : Success
  Error Reason                  : NA
  Override Default Config Check : Disabled
U20B1SW02(config)#

I already did a google search, but found zero results from Airheads and only one redit result where the comment says to contact TAC, but thats three years old now.

Anything I can do from my side or didnt do yet?

Do you have the switch added to Central and with an active subscription?

Further, disabled all security scanning (SSL inspection/interception) between your switch and Central/the internet?

If I remember correctly, older 2530 switches are not registered in Central and need to be added/authorized manually by TAC. So reaching out to them may be your best option.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Yes, switch is added to device inventory, has a license mand is already preprovisioned to the group it should later be in

yes, there is no SSL interception between the switch and central

is there a hardware version i should pay attention to then which may need to go through TAC? half of our current network is made of 2530 series switches.

Original Message:
Sent: Jul 14, 2025 12:09 PM
From: Herman Robers
Subject: Unable to add Switch to Central due to "SIMPLEENROLL" failure

Do you have the switch added to Central and with an active subscription?

Further, disabled all security scanning (SSL inspection/interception) between your switch and Central/the internet?

If I remember correctly, older 2530 switches are not registered in Central and need to be added/authorized manually by TAC. So reaching out to them may be your best option.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Ok, I think I found it. If the serial number is before CN77XXXXXXXX, or has a manufacturing date before July 2017 (which probably is the same), you probably need to get the switch manually added to Activate by TAC.

Further (for others reading this), AOS-S firmware version for the 2530 should be 16.05.0008 as a minimum for Central support but 16.10 or later is recommended.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jul 15, 2025 01:42 AM
From: Notknown
Subject: Unable to add Switch to Central due to "SIMPLEENROLL" failure

Yes, switch is added to device inventory, has a license mand is already preprovisioned to the group it should later be in

yes, there is no SSL interception between the switch and central

is there a hardware version i should pay attention to then which may need to go through TAC? half of our current network is made of 2530 series switches.

Original Message:
Sent: Jul 14, 2025 12:09 PM
From: Herman Robers
Subject: Unable to add Switch to Central due to "SIMPLEENROLL" failure

Do you have the switch added to Central and with an active subscription?

Further, disabled all security scanning (SSL inspection/interception) between your switch and Central/the internet?

If I remember correctly, older 2530 switches are not registered in Central and need to be added/authorized manually by TAC. So reaching out to them may be your best option.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.