Re: Prime Infrastructure 3.10.4 Update 2 Proxy server ?

stayd · ‎01-07-2024

Hello, before Christmas Cisco has released Update 2 for Cisco Prime Infrastructure 3.10.4.

There is note which I am interested in how one can understand.

Here are release notes: https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-10-4/release_notes/Cisco_Prime_infrastructure_3_10_4_Release_Notes/bk_cisco_prime_infrastructure_3_10_4_release_notes-update02.html

Here is note:

Note

Ensure that proxy is enabled before registering the Smart Software Licensing.

Does it mean if customer did not have any proxy server at all, and Prime Infrastructure was working without any configured proxy server, that after this update 2, no matter what, customer has to install also some proxy server newly if he/she wants PI works with Smart Licensing CSSM again like before ?

When I am logged in after applying patch 2, the PI tells me configure proxy:

Previous direct option is missing now, so there is no choice to select something between proxy and nothing ...

I hope this is explainable and not yet another stupid bug.

I hope that the previous option has not now become an unreasonable condition.

Ruben Cocheno · ‎01-07-2024

@stayd

I haven't tested this, but i find it not reasonable to force you to use a Proxy at all. I would expect that you should hit the internet directly if you don't enable proxy... Perhaps some clarification from TAC is needed.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

pieterh · ‎01-15-2024

~~I agree it is not reasonable and probably IS another bug~~
~~you can try just to "save" the empty proxy settings and hope that works.~~

~~what browser do you use ?~~
~~it may be some options do not appear on the display if you do not use a supported browser~~
~~clearing the browsers cache after an upgrade may also help~~

release notes clearly state:
Important Notes
• Prime was migrated to Smart Receiver and as per their guidelines Direct and Transport Gateway mode
is notsupported. You must use Proxy to enable smart license using new url https://smartreceiver.cisco.com/
licservice/license

Cisco Prime Infrastructure 3.10.4 Update 02 Release Notes

so, it will be disappointing,
but if you do not have a proxy server in your environment, then update-2 is not suitable to be installed in your environment

stayd · ‎01-19-2024

Hi pieterth,

first of all, this important note has appeared this week. By the time when I have installed the update at the end of previous year, such important notes were not yet there in release notes.

Second: there was good reason to install update-2 anyway, which was: CSCwh84581 HTTP/2 Rapid Reset Attack Affecting Cisco Products, we did not have any different choice.

So it is not nice from Cisco making such Updates pushes customers to the corner of no return.

Ruben Cocheno · ‎01-16-2024

@stayd

Spin up a VM, roll the patch, and see if needs a Proxy or not. In any case you can give a call to TAC and clarify that

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

stayd · ‎01-19-2024

TAC case is opened already.

stayd · ‎01-31-2024

It should be fixed in expected Update 03, still waiting....

stayd · ‎09-13-2024

Let me inform community, that it was never fixed in update 03 and I have just installed fresh vm with 3.10.5 where the Direct Transport option is missing. Due to this note:

Prime was migrated to Smart Receiver and as per their guidelines Direct and Transport Gateway mode is not supported. You must use Proxy to enable smart license using new url https://smartreceiver.cisco.com/licservice/license.

TAC case finished by patching some files with helping from TAC man, but as he said in next update, it will be rewritten these files by next patch again and you would return to the same situation.

So this requirement is still there and the solution which I have got from TAC was: switch back to traditional licensing if customer does not have any proxy server.

tperrier · ‎09-10-2025

Still no change in the current latest version (3.10.6 security update 2).

I don't get this part of release notes: "as per their guidelines Direct and Transport Gateway mode is not supported". Because recent versions of ISE and FMC also use smartreceiver.cisco.com, and have no trouble with direct Internet access!

AMR88 · ‎10-16-2025

I have this problem too

I find the response from Cisco very poor.

Almost seems like they have purposely made it a challenge to keep a patched and secured instance of Prime Infrastructure running.

Just because some "end-of" dates have been reached, doesn't mean everyone is ready to switch it off entirely.

tperrier · ‎10-16-2025

A customer had to switch to Smart Licensing, so as a precaution we made a snapshot of the VM (make sure to do it after having shut it down), then I opened a TAC case and the engineer made the required changes. Unlike what was told to "stayd" above in this thread, he told me the change is permanent and will survive updates and patches. We'll see who is right at the next update.

So if you have a support contract on your server, by all means open a TAC SR and your problem will be solved. If you don't have access to TAC, I later found this message with the files and procedure; that is what the TAC engineer also did in my case.

https://community.cisco.com/t5/network-management/cisco-prime-licensing-problem-after-upgrade-to-v3-10-4-update-02/m-p/5037369/highlight/true#M156641

AMR88 · ‎10-22-2025

Thank you, the resolution you posted above does seem to have resolved the issue.
I'd have much rather the workaround be published as a patch though!