cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

967
Views
0
Helpful
1
Replies

FTD integration with CTR Issues

Hi, 

 

I have just upgraded a FTD to 6.5 and was keen to integrate with CTR. However post upgrade the Registration keeps failing. The FTDs are configured to use Proxys for internet connectivity and we don't have the option to use DNS to resolve public domains. from the connector log file I can see that we are getting DNS lookup failures. The FTD appears on Security Services Exchange console but is stuck in "created" state and not fully registered. 

 

Can anyone help ???

 

 

/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.24072135Z" level=info msg="[Firepower-module1][manager.go:386 manager.(*Manager).CreateContext:func1] Successfully created context: {CInfo:{Version:6.5.0.4 Description:10.48.xx.xx Firepower-module1 (FMC managed) Name:Firepower-module1 GUID:ec888d00-fcb1-11e8-aa9a-8a092f2dcf3d Type:Cisco Firepower 4140 Threat Defense IP:10.48.xx.xx} CtxtSettings:{Client:{Policy:{RefreshInterval:0 URI:} Health:{RefreshInterval:0 URI:} Administration:{Headers:map[] A:{CSRFToken:******} URI:} SCb:{URI:} C:{URI:} FUploadEps:[] AppConfigs:[] Events:{Ep:ipc:///ngfw/var/sf/run/EventHandler_SSEConnector.sock Type:ZMQ_PUSH} ProxyReg:{Ep: Type:}} Exchange:{Reg:{RefreshInterval:180} Fqdn:api.eu.sse.itd.cisco.com} DI:{HTTPEps:[]}} Id:default M:{Created:2020-10-11T09:53:03Z LastModified:2020-10-11T09:53:03Z DeviceId: ConnVer:1.5.88} Endpoints:[{Type:serviceActivation URI:http://localhost:8989/v1/contexts/default/activations} {Type:status URI:http://localhost:8989/v1/contexts/default/status} {Type:statistics URI:http://localhost:8989/v1/contexts/default/statistics} {Type:workflows URI:http://localhost:8989/v1/contexts/default/workflows} {Type:urn:services:messaging URI:http://localhost:8989/v1/contexts/default/services/messaging} {Type:urn:services:token URI:http://localhost:8989/v1/contexts/default/services/token} {Type:services URI:http://localhost:8989/v1/contexts/default/services/registry} {Type:eventsws URI:ws://localhost:8989/v1/contexts/default/services/eventsws} {Type:wsproxy URI:ws://localhost:8989/v1/contexts/default/services/wsproxy}] S:{ClientStatus:[{Type:upgrade Status:Init Name: Description:Upgrade service activation is pending} {Type:Events Status:Init Name: Description:Events service activation is pending} {Type:wsproxy Status:Init Name: Description:Websocket Proxy service activation is pending}] ExchangeStatus:[{Type:registration Status:Init Name: Description:Device registration is pending}] DataInputStatus:[]} St:{ClientStat:[] ExchangeStat:[{Type:registration Stats:{Activation:{Registration:{Timestamp: TimeTaken:0} Enrollment:{Timestamp: TimeTaken:0} Unregistration:{Timestamp: TimeTaken:0}} Refresh:{Registration:{Timestamp: TimeTaken:0 SuccessCount:0 FailureCount:0} Enrollment:{Timestamp: TimeTaken:0 SuccessCount:0 FailureCount:0}}}}]}} !!!"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.318756901Z" level=warning msg="[Firepower-module1][sm.go:203 registration:(*DeviceConfig).validateConfig] Configured refresh-interval: 180 < estimated max-time-taken for all Retries: 244. Changing retryCount = 1"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.318853707Z" level=info msg="[Firepower-module1][state.go:30 registration:(*device).recoverState] Could not recover from state. Error:open /ngfw/var/lib/connector/v1.0/default/Reg_Client_State: no such file or directory"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.318888636Z" level=info msg="[Firepower-module1][sm.go:296 registration:NewDevice] New device created."
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.319205165Z" level=info msg="[Firepower-module1][methods.go:70 registration:(*device).register] Registration request received for Device"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:53:03.319253493Z" level=info msg="[Firepower-module1][sm.go:484 registration:(*device).updateStatus] Changing device status: INIT to REGISTERING"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904145569Z" level=error msg="[Firepower-module1][reg.go:120 registration:(*device).sendRegRequest] Registration request failed FlowID: "
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904217692Z" level=error msg="[Firepower-module1][methods.go:78 registration:(*device).register] Registration request failed. Error: http code:0;Post https://api.eu.sse.itd.cisco.com/providers/sse/services/registration/api/v2/clients: dial tcp: lookup api.eu.sse.itd.cisco.com: Temporary failure in name resolution"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904248072Z" level=info msg="[Firepower-module1][sm.go:484 registration:(*device).updateStatus] Changing device status: REGISTERING to REGISTRATION_ERR"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904284132Z" level=error msg="[Firepower-module1][sm.go:492 registration:(*device).updateStatus] Registration failed; err=http code:0;Post https://api.eu.sse.itd.cisco.com/providers/sse/services/registration/api/v2/clients: dial tcp: lookup api.eu.sse.itd.cisco.com: Temporary failure in name resolution; httpRespCode=0"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904330907Z" level=error msg="[Firepower-module1][sm.go:543 registration:(*device).updateStatus] CE2000: Registration failed - Connector internal error. Check network connectivity and retry. If problem persists, contact Cisco TAC. Internal phase: Registration.[http code:0;Post https://api.eu.sse.itd.cisco.com/providers/sse/services/registration/api/v2/clients: dial tcp: lookup api.eu.sse.itd.cisco.com: Temporary failure in name resolution]"
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904501106Z" level=info msg="[Firepower-module1][sm.go:430 registration:(*device).cleanup] Cleaning up device .."
/ngfw/var/log/connector/connector.log:time="2020-10-11T09:54:03.904615229Z" level=info msg="[Firepower-module1][sm.go:457 registration:(*device).cleanup] Cleaned up device"

1 REPLY 1
Libin Varghese
Cisco Employee

To me it appears to be as a result of the DNS lookup failure like you mentioned.

You may want to post this query on the FTD specific forum for better visibility on available options for that product.

 

Regards,

Libin

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (50%)

Content for Community-Ad