loosing my tether with this,
can't get a 4451 to talk to the CSLU.
there's nothing special in the config, no vrfs etc, default route pointing out to the internet. There is no firewall blocking anything either. I can ping a hostname fine.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 18.104.22.168, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 123/123/125 ms
but when I force a license sync I get this
SIP#license smart sync all
Jun 15 15:58:12.228: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart License Utility (CSLU) : Unable to resolve server hostname/domain name
running a debug on call-home I get no output at all.
if I debug on DNS I see queries for the ping but absolutely nothing for the license sync.
running on the latest gold release Amsterdam 17.03
Solved! Go to Solution.
- You may find this thread informational :
ip name-server x.x.x.x
ip domain name xxxxx
ip http client source-interface GigabitEthernet0/0/0
ip domain lookup source-interface GigabitEthernet0/0/0
license smart transport cslu
license smart url cslu https://X.x.x..x/cslu/v1/pi/xxxxx-1
sh netconf-yang status
license smart sync local
this method work for IOS 17.3 over CSSM On prem
I am also having this issue, Cat9200 and Cat9300, oddly enough, these same switches we fine talking to the on-prem server before we updated to 17.8.1. Previously we were on 16.12.5b.
EDIT: Should add, I have my on-prem destination as an IP, not a FQDN, so there should be nothing for the switch to try to 'resolve'.
EDIT2: Just found the EoL announcement for 17.8.1...that was just released in April?!?
Just wondering. Are you aware that the on-prem URL is different for Smart transport than for CSLU transport? I made this same mistake when upgrading from version 16 to 17. Go to the on-prem "inventory" page. Copy the URL there on the page for the various transport methods. There is a minor configuration changed needed when going from version 16 to 17.
license smart transport smart license smart url https://ON-PREM-DNS/SmartTransport license smart transport cslu license smart url cslu https://ON-PREM-DNS/cslu/v1/pi/VIRTUAL-ACCOUNT
In my experience the trustpool failure message occurs when attempting to apply a trust ID-token in an on-prem environment. On-prem doesn't use the trust ID-token.
If still having problems, try changing the URL from HTTPS to HTTP. Note, for the Cisco Cloud CSSM only HTTPS is supported.
Getting nowhere fast too.
PKI-4-TRUSTPOOL_DOWNLOAD_FAILURE: Trustpool Download failed
MART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart License Utility (CSLU) : No detailed information given
I too had to work through various "issues" getting SL policy to work correctly. I agree it can be confusing. It's important to understand the overall flow of your environment. A large number of pieces need to work together.
It's not clear to me from your post what your environment is. For example:
In my experience if switching to a different license server it may be necessary to reset the license to factory defaults ("license smart factory reset"). This might also apply if you have tried different things in an effort to figure out what works.
I have found useful trouble shooting information from CLI commands such as:
I'm completely lost ....
So i'm running CSSM on-prem and try to get the license registered for a Catalyst 9300 switch running IOS-XE Bengaluru 17.6.4
Can someone tell me how to get this going, because if i'm reading this right, you have to configure "Smart Licensing Using Policy" which in turn is using a tool called CSLU utility.
So i have to install this additional CSLU utility then, and make with work with CSSM on-prem?
A small step by step guide would be appreciate it, this is driving me crazy ....
""So i have to install this additional CSLU utility then, and make with work with CSSM on-prem?"" on-prem will work with BOTH the version 16 and 17 licenses models. An additional CSLU utility is not required.
You may be confusing the transport method with the Windows utility. For the 17.6.4 IOS-XE, likely you will find that the CSLU transport will give you the best results (what worked for me). For the on-prem server, go to the on-prem "inventory" page. Look under the "Product Instance Registration Tokens" section. Copy the URL there on the page for the "CSLU transport URL". Use that URL in the configuration. As been mentioned previously in this tread.
Reminder. If on-prem has been configured to use host verification it will be necessary to ensure the http client source address has been set. As well as pre-adding the IP address in on-prem (under "SL using Policy"/"add single product").
I was messing with that "CSLU transport URL" already but couldn't get it working.
https://<DNS name>/cslu/v1/pi/<virtual account name> => can i use the ip addres of my on-prem server, instead of it's DNS name?
So using the on-prem, what is the transport method to choose then?
I got all mixed up reading several different docs that all tell something else. Cisco should do a better job here.
"https://<DNS name>/cslu/v1/pi/<virtual account name> => can i use the ip addres of my on-prem server, instead of it's DNS name?" I was NEVER able to get this to work. Used the URL exactly as published by on-prem. The only change that did work was switching between HTTPS/HTTP. If desired to actually use an IP address, then it will be necessary to reconfigure the host name of the on-prem server.
"I was messing with that "CSLU transport URL" already but couldn't get it working." Can you post more information about your configuration and logs? There are some troubleshooting tips on the previous post in this tread.
"So using the on-prem, what is the transport method to choose then?" Your question is looking at the problem from the wrong direction. on-prem will inter-operate with all 3 transport methods. That's why there are different URL's posted on the inventory page. It's your job to choose the transport method that works best for the PRODUCT-INSTANCE in question. Since the configuration inside the PI needs to work with the IOS version. For the 17.6.4 IOS-XE on a 9300 in "push mode" the only transport method I could get to work was CSLU.