I'm setting this up from new and am having 3 related Issues.
The main issue is that I get an error "SSO service: Unable to reach Cisco".
This happens when I try and "Approve/submit" a new account that i created within the Workspace of the Smart Software Manager On-Prem. This is a server located in my customers Datacenter.
The on-prem server makes this connection over a firewall and then a proxy server before going out to Cisco.com
I have configured the Firewall and Proxy server as per the Cisco user guide. Firewall rules/routing tested with packet-tracer.
The thing is, I can not even see 443/80 traffic getting as far as the ASA firewall. I can see other traffic from the server like dns etc.
It looks like the On-Prem server is not even sending the request out.
2. To look deeper into the connectivity issues, i need to access the CLI via ssh, but i can't due to a certificate issue. And the console port (or Linux prompt) will not accept any passwords i have.
3. Under the Smart Licencing page, within the On-Prem GUI, the "Manage Account" is grayed out. And when I try to request access to an existing account a message says the is no such account- maybe because it can’t get to Cisco to site due to point 1 above?
Must be a very new technology that little is known about.
Anyway, I've answered a few of my own questions below:
1. The "SSO service: Unable to reach Cisco" error was caused by the On-Prem server proxy setting - I had to change it from a hostname to an IP address. Now we don't get the error. However, a popup asks to confirm, But the "NEXT" button is grayed out so I can't go any further.
2a. Using putty to SSH to the On-Prem server is still an issue - Error message is to do with "not able to negotiate key exchange".
2b. Lost password for direct access to the Console/Linux prompt. There is no recovery procedure so we rebuilt the On-Prem VM. But, that does not get you to the root account. And not a lot of options in the on-prem utility. e.g there is ping but no traceroute.
3. "Manage Account" is still grayed out, But I'm not sure it's an issue. I can still login via my own username etc.
4. Trying to log a Cisco TAC case is a problem. They won't act without a contract number or a Serial Number. However, with the access I have i can not find the S/N on this VM. And there is not contract associated because this is a free download/service for people with a Smart account.
So, point 1 is the major issue. Without this, my client can not manage the new licencing service that Cisco has come up with recently.