Solved: Communications failure with the Cisco Smart License Utility (CSLU)

richyvrlimited · ‎06-15-2021

loosing my tether with this,

can't get a 4451 to talk to the CSLU.

there's nothing special in the config, no vrfs etc, default route pointing out to the internet. There is no firewall blocking anything either. I can ping a hostname fine.

SIPS#ping tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 123/123/125 ms
SIP#

but when I force a license sync I get this

SIP#license smart sync all
SIP#
Jun 15 15:58:12.228: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart License Utility (CSLU) : Unable to resolve server hostname/domain name
SIP#

running a debug on call-home I get no output at all.

if I debug on DNS I see queries for the ping but absolutely nothing for the license sync.

running on the latest gold release Amsterdam 17.03

DWAM · ‎07-27-2021

Hello , did you find a solution ? Thank you.

I 've got exactly the same problem with 9200L / same OS.

View solution in original post

marce1000 · ‎06-16-2021

- You may find this thread informational :

https://community.cisco.com/t5/routing/c5921-smart-licensing-fail-to-send-out-call-home-http-message/td-p/3860001

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

DWAM · ‎07-27-2021

Hello , did you find a solution ? Thank you.

I 've got exactly the same problem with 9200L / same OS.

DWAM · ‎08-25-2021

Problem solve with cisco case , solutions :

- conf t / license smart transport callhome

- token duration

- license smart trust idtoken <insert token here> local force

mathanmogan · ‎03-11-2022

ip name-server x.x.x.x
ip domain name xxxxx
ip http client source-interface GigabitEthernet0/0/0
ip domain lookup source-interface GigabitEthernet0/0/0

license smart transport cslu
netconf-yang
license smart url cslu https://X.x.x..x/cslu/v1/pi/xxxxx-1
sh netconf-yang status
license smart sync local

this method work for IOS 17.3 over CSSM On prem

Michael Voity · ‎07-19-2022

I am trying this method with a C9300 against a on prem server and not getting anywhere, the iOS on the C9300 is 17.3.3 any other ideas?

8-bits · ‎01-11-2024

This also work with 17.6.3

DMel · ‎09-13-2022

I am also having this issue, Cat9200 and Cat9300, oddly enough, these same switches we fine talking to the on-prem server before we updated to 17.8.1. Previously we were on 16.12.5b.

EDIT: Should add, I have my on-prem destination as an IP, not a FQDN, so there should be nothing for the switch to try to 'resolve'.

EDIT2: Just found the EoL announcement for 17.8.1...that was just released in April?!?

mikburns · ‎11-24-2022

Just wondering. Are you aware that the on-prem URL is different for Smart transport than for CSLU transport? I made this same mistake when upgrading from version 16 to 17. Go to the on-prem "inventory" page. Copy the URL there on the page for the various transport methods. There is a minor configuration changed needed when going from version 16 to 17.

license smart transport smart
license smart url https://ON-PREM-DNS/SmartTransport

license smart transport cslu
license smart url cslu https://ON-PREM-DNS/cslu/v1/pi/VIRTUAL-ACCOUNT

In my experience the trustpool failure message occurs when attempting to apply a trust ID-token in an on-prem environment. On-prem doesn't use the trust ID-token.

If still having problems, try changing the URL from HTTPS to HTTP. Note, for the Cisco Cloud CSSM only HTTPS is supported.

desmond.cassidy · ‎11-23-2022

Getting nowhere fast too.

PKI-4-TRUSTPOOL_DOWNLOAD_FAILURE: Trustpool Download failed

MART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart License Utility (CSLU) : No detailed information given

DWAM · ‎12-16-2022

Hello, perhaps check the case : https://bst.cisco.com/bugsearch/bug/CSCvz50651

I follow the multiple workarounds and finaly it was due to the type of transport : license smart transport smart

It depends what do you want to do.

Best regards.

mikburns · ‎12-16-2022

I too had to work through various "issues" getting SL policy to work correctly. I agree it can be confusing. It's important to understand the overall flow of your environment. A large number of pieces need to work together.

It's not clear to me from your post what your environment is. For example:

the IOS-XE level? Some IOS levels interop better than others with SL Policy. See for example: CSCwa85199. This bug has really caused problems in my shop.
Where to send RUM report? Cisco Cloud (CSSM), on-prem sever, Windows CSLU, DNAC?
Which transport method are you using? Call-home, Smart, CSLU? Note, I have found for IOS-XE 17.3.+ that only CSLU transport works.
Are you using the correct URL for the chosen license controller connection method? Sometimes changing from HTTPS to HTTP works.
Do you have a working network path the chosen license server? Firewall?
For certain applications the source IP address of the RUM report matters. This is set via the "ip http client source-interface xx". For on-prem it may be necessary to pre add each host IP, PI, and SN before on-prem will "accept" a connection from a new host.

In my experience if switching to a different license server it may be necessary to reset the license to factory defaults ("license smart factory reset"). This might also apply if you have tried different things in an effort to figure out what works.

I have found useful trouble shooting information from CLI commands such as:

show license event 1
show ip http client history
show license history message
show license tech supp

Darkmatter · ‎02-14-2023

I'm completely lost ....

So i'm running CSSM on-prem and try to get the license registered for a Catalyst 9300 switch running IOS-XE Bengaluru 17.6.4

Can someone tell me how to get this going, because if i'm reading this right, you have to configure "Smart Licensing Using Policy" which in turn is using a tool called CSLU utility.

So i have to install this additional CSLU utility then, and make with work with CSSM on-prem?

A small step by step guide would be appreciate it, this is driving me crazy ....

mikburns · ‎02-14-2023

""So i have to install this additional CSLU utility then, and make with work with CSSM on-prem?"" on-prem will work with BOTH the version 16 and 17 licenses models. An additional CSLU utility is not required.

You may be confusing the transport method with the Windows utility. For the 17.6.4 IOS-XE, likely you will find that the CSLU transport will give you the best results (what worked for me). For the on-prem server, go to the on-prem "inventory" page. Look under the "Product Instance Registration Tokens" section. Copy the URL there on the page for the "CSLU transport URL". Use that URL in the configuration. As been mentioned previously in this tread.

Reminder. If on-prem has been configured to use host verification it will be necessary to ensure the http client source address has been set. As well as pre-adding the IP address in on-prem (under "SL using Policy"/"add single product").

Darkmatter · ‎02-15-2023

I was messing with that "CSLU transport URL" already but couldn't get it working.

https://<DNS name>/cslu/v1/pi/<virtual account name> => can i use the ip addres of my on-prem server, instead of it's DNS name?

So using the on-prem, what is the transport method to choose then?

I got all mixed up reading several different docs that all tell something else. Cisco should do a better job here.