Solved: Re: Communications failure with the Cisco Smart License Utility (CSLU) - Page 2

richyvrlimited · ‎06-15-2021

loosing my tether with this,

can't get a 4451 to talk to the CSLU.

there's nothing special in the config, no vrfs etc, default route pointing out to the internet. There is no firewall blocking anything either. I can ping a hostname fine.

SIPS#ping tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 123/123/125 ms
SIP#

but when I force a license sync I get this

SIP#license smart sync all
SIP#
Jun 15 15:58:12.228: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart License Utility (CSLU) : Unable to resolve server hostname/domain name
SIP#

running a debug on call-home I get no output at all.

if I debug on DNS I see queries for the ping but absolutely nothing for the license sync.

running on the latest gold release Amsterdam 17.03

mikburns · ‎02-15-2023

"https://<DNS name>/cslu/v1/pi/<virtual account name> => can i use the ip addres of my on-prem server, instead of it's DNS name?" I was NEVER able to get this to work. Used the URL exactly as published by on-prem. The only change that did work was switching between HTTPS/HTTP. If desired to actually use an IP address, then it will be necessary to reconfigure the host name of the on-prem server.

"I was messing with that "CSLU transport URL" already but couldn't get it working." Can you post more information about your configuration and logs? There are some troubleshooting tips on the previous post in this tread.

"So using the on-prem, what is the transport method to choose then?" Your question is looking at the problem from the wrong direction. on-prem will inter-operate with all 3 transport methods. That's why there are different URL's posted on the inventory page. It's your job to choose the transport method that works best for the PRODUCT-INSTANCE in question. Since the configuration inside the PI needs to work with the IOS version. For the 17.6.4 IOS-XE on a 9300 in "push mode" the only transport method I could get to work was CSLU.

Darkmatter · ‎02-17-2023

Got it working, finally!

The config is minimal, but the complexity created from having so many different possibilities to configure this (also different for IOS version and different verions of IOS-XE) made it hard.

So if you have CSS on-prem running, and you want to activate smart licensing on a device running IOS-XE 17.6.4, you need to do exactly this:

license smart transport cslu
license smart url cslu https://<ip address or DNS>/cslu/v1/pi/<tenant-id>
ip http client source-interface <vlan or interface>

crypto pki trustpoint SLA-TrustPoint
revocation-check none

license smart sync local

TIP: "ip http client source-interface" command is crucial in making sure your licensing traffic is getting sent via the correct interface and making this eventually work.

SAMEHELSAMMAK · ‎02-25-2023

ip host tools.cisco.com 173.37.145.8

ip http client source-interface ( YOUR INTERFACE )

call-home
contact-email-addr ( YOUR EMAIL )
source-interface ( YOUR INTERFACE)
http resolve-hostname ipv4-first
profile "CiscoTAC"
reporting smart-licensing-data
destination transport-method http
no destination transport-method email
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService