Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1445
Views
0
Helpful
1
Replies

FTD integration with CTR Issues

francesco.benucci
Level 1
Level 1

‎10-14-2020 01:44 AM

Hi, 

 

I have just upgraded a FTD to 6.5 and was keen to integrate with CTR. However post upgrade the Registration keeps failing. The FTDs are configured to use Proxys for internet connectivity and we don't have the option to use DNS to resolve public domains. from the connector log file I can see that we are getting DNS lookup failures. The FTD appears on Security Services Exchange console but is stuck in "created" state and not fully registered. 

 

Can anyone help ???

 

 

/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.24072135Z" level=info msg="[Firepower-module1][manager.go:386 manager.(*Manager).CreateContext:func1] Successfully created context: {CInfo:{Version:6.5.0.4 Description:10.48.xx.xx Firepower-module1 (FMC managed) Name:Firepower-module1 GUID:ec888d00-fcb1-11e8-aa9a-8a092f2dcf3d Type:Cisco Firepower 4140 Threat Defense IP:10.48.xx.xx} CtxtSettings:{Client:{Policy:{RefreshInterval:0 URI:} Health:{RefreshInterval:0 URI:} Administration:{Headers:map[] A:{CSRFToken:******} URI:} SCb:{URI:} C:{URI:} FUploadEps:[] AppConfigs:[] Events:{Ep:ipc:///ngfw/var/sf/run/EventHandler_SSEConnector.sock Type:ZMQ_PUSH} ProxyReg:{Ep: Type:}} Exchange:{Reg:{RefreshInterval:180} Fqdn:api.eu.sse.itd.cisco.com} DI:{HTTPEps:[]}} Id:default M:{Created:2020-10-11T09:53:03Z LastModified:2020-10-11T09:53:03Z DeviceId: ConnVer:1.5.88} Endpoints:[{Type:serviceActivation URI:http://localhost:8989/v1/contexts/default/activations} {Type:status URI:http://localhost:8989/v1/contexts/default/status} {Type:statistics URI:http://localhost:8989/v1/contexts/default/statistics} {Type:workflows URI:http://localhost:8989/v1/contexts/default/workflows} {Type:urn:services:messaging URI:http://localhost:8989/v1/contexts/default/services/messaging} {Type:urn:services:token URI:http://localhost:8989/v1/contexts/default/services/token} {Type:services URI:http://localhost:8989/v1/contexts/default/services/registry} {Type:eventsws URI:ws://localhost:8989/v1/contexts/default/services/eventsws} {Type:wsproxy URI:ws://localhost:8989/v1/contexts/default/services/wsproxy}] S:{ClientStatus:[{Type:upgrade Status:Init Name: Description:Upgrade service activation is pending} {Type:Events Status:Init Name: Description:Events service activation is pending} {Type:wsproxy Status:Init Name: Description:Websocket Proxy service activation is pending}] ExchangeStatus:[{Type:registration Status:Init Name: Description:Device registration is pending}] DataInputStatus:[]} St:{ClientStat:[] ExchangeStat:[{Type:registration Stats:{Activation:{Registration:{Timestamp: TimeTaken:0} Enrollment:{Timestamp: TimeTaken:0} Unregistration:{Timestamp: TimeTaken:0}} Refresh:{Registration:{Timestamp: TimeTaken:0 SuccessCount:0 FailureCount:0} Enrollment:{Timestamp: TimeTaken:0 SuccessCount:0 FailureCount:0}}}}]}} !!!"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.318756901Z" level=warning msg="[Firepower-module1][sm.go:203 registration:(*DeviceConfig).validateConfig] Configured refresh-interval: 180 < estimated max-time-taken for all Retries: 244. Changing retryCount = 1"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.318853707Z" level=info msg="[Firepower-module1][state.go:30 registration:(*device).recoverState] Could not recover from state. Error:open /ngfw/var/lib/connector/v1.0/default/Reg_Client_State: no such file or directory"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.318888636Z" level=info msg="[Firepower-module1][sm.go:296 registration:NewDevice] New device created."
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.319205165Z" level=info msg="[Firepower-module1][methods.go:70 registration:(*device).register] Registration request received for Device"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.319253493Z" level=info msg="[Firepower-module1][sm.go:484 registration:(*device).updateStatus] Changing device status: INIT to REGISTERING"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904145569Z" level=error msg="[Firepower-module1][reg.go:120 registration:(*device).sendRegRequest] Registration request failed FlowID: "
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904217692Z" level=error msg="[Firepower-module1][methods.go:78 registration:(*device).register] Registration request failed. Error: http code:0;Post https://api.eu.sse.itd.cisco.com/providers/sse/services/registration/api/v2/clients: dial tcp: lookup api.eu.sse.itd.cisco.com: Temporary failure in name resolution"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904248072Z" level=info msg="[Firepower-module1][sm.go:484 registration:(*device).updateStatus] Changing device status: REGISTERING to REGISTRATION_ERR"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904284132Z" level=error msg="[Firepower-module1][sm.go:492 registration:(*device).updateStatus] Registration failed; err=http code:0;Post https://api.eu.sse.itd.cisco.com/providers/sse/services/registration/api/v2/clients: dial tcp: lookup api.eu.sse.itd.cisco.com: Temporary failure in name resolution; httpRespCode=0"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904330907Z" level=error msg="[Firepower-module1][sm.go:543 registration:(*device).updateStatus] CE2000: Registration failed - Connector internal error. Check network connectivity and retry. If problem persists, contact Cisco TAC. Internal phase: Registration.[http code:0;Post https://api.eu.sse.itd.cisco.com/providers/sse/services/registration/api/v2/clients: dial tcp: lookup api.eu.sse.itd.cisco.com: Temporary failure in name resolution]"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904501106Z" level=info msg="[Firepower-module1][sm.go:430 registration:(*device).cleanup] Cleaning up device .."
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904615229Z" level=info msg="[Firepower-module1][sm.go:457 registration:(*device).cleanup] Cleaned up device"

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎11-01-2020 11:06 PM

To me it appears to be as a result of the DNS lookup failure like you mentioned.

You may want to post this query on the FTD specific forum for better visibility on available options for that product.

 

Regards,

Libin

0 Helpful
Customers Also Viewed These Support Documents