05-10-2022 11:59 PM
Hi,
Our APIC have recently raised this message : "Fail to send out Call Home HTTP message" during the renew of the smart license.
It worked as expected during 2 years, but now I have this message and smart licensing release the license because apic didn't contact the site during 90 days. It seems that APIC cannot contact the smart licensing url anymore.
When I test in a shell on the apic :
curl https://tools.cisco.com/its/service/oddce/services/DDCEService it seems ok
response :
<h1>DDCEService</h1>
<p>Hi there, this is an AXIS service!</p>
<i>Perhaps there will be a form for invoking the service here...</i>
but smart licensing never see the connection in the log.
Is there a way to have a more detailed log for this request and the SCCM config in the apic ?
Tahnks a lot
Solved! Go to Solution.
05-11-2022 05:29 AM
Leo is correct. This is the revocation of the QuoVadis CA cert. Updating the root CA will resolve this. This is a known caveat in the 4.2(7) release notes as CSCwa97230. There's a field notice with a fix to address this: https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72115.html
Robert
05-11-2022 03:13 AM
Raise a TAC Case. This issue could be due to expiration of the QuoVadis Root CA 2 certificate which has affected a lot of Cisco products.
05-11-2022 05:07 AM
05-11-2022 03:54 PM
If you have any Catalyst switches and routers that run on IOS-XE, you need to check them. If their logs are spamming errors about Smart Licensing, do the workaround or upgrade the firmware.
If the workaround (or IOS-XE upgrade which fixes the problem) is not actioned, there will be a memory leak in the "keyman" process of the control-plane.
05-11-2022 03:58 PM
05-11-2022 04:08 PM
05-11-2022 05:29 AM
Leo is correct. This is the revocation of the QuoVadis CA cert. Updating the root CA will resolve this. This is a known caveat in the 4.2(7) release notes as CSCwa97230. There's a field notice with a fix to address this: https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72115.html
Robert
06-04-2022 07:26 PM - edited 06-04-2022 07:28 PM
Exactly!!
I did the certificate exchange procedure in the APIC ACI Graphical Interface and it was successful, when consulting the CLI, (show license status) the license was successfully consumed.
I use the certificate below.
https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72115.html
-----BEGIN CERTIFICATE-----
MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu
VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw
MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw
JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT
3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU
+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1
bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL
vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK
Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK
dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT
c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv
l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N
iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD
ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt
LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93
nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3
+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK
W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT
AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq
l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ
mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H
-----END CERTIFICATE-----
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide