07-06-2020 07:14 AM
Hi,
Tried to register the FMC1000 device for smart licensing and got this error msg
"Failed to send the message to the server. Please verify the DNS Server/HTTP Proxy settings."
The DNS server IPs is configured and Proxy is not enabled.
Tried the curl command "sudo curl -vvk https://tools.cisco.com" based on another thread here and it fails too but the "nslookup tools.cisco.com" and "dig tools.cisco.com"works.
Please advise
Solved! Go to Solution.
07-06-2020 11:45 AM
If DNS works and curl fails then there is most likely some middleware box (proxy or content filter etc.) in the path. Does your enterprise have anything like that at all that could be causing this?
07-06-2020 12:55 PM
In addition to what Marvin said, make sure that traffic to smart licensing is allowed to cisco.com. Or at the very least allow tcp/443 to tools.cisco.com and tcp/80 to www.cisco.com
07-06-2020 11:45 AM
If DNS works and curl fails then there is most likely some middleware box (proxy or content filter etc.) in the path. Does your enterprise have anything like that at all that could be causing this?
07-06-2020 12:55 PM
In addition to what Marvin said, make sure that traffic to smart licensing is allowed to cisco.com. Or at the very least allow tcp/443 to tools.cisco.com and tcp/80 to www.cisco.com
07-07-2020 11:26 AM
04-07-2022 08:09 AM
Hi Sir, what was the solutions? i have the same exact problem with my FMC. it stops syncing with the cloud license manager since Jan 2022.
04-07-2022 08:28 AM
@Herald Sison check your FMC release against this Field Notice (FN):
https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html
It affects Smart licensing and requires either an upgrade or manual certificate replacement. The FN has all the details.
04-07-2022 09:48 AM
Hi Sir,
My FTD 6.6.1 version belongs to the affected list. does this Firepower - Manual Certificate Update fits for my device?
04-07-2022 09:58 AM
@Herald Sison yes you can do the manual certificate update.
If possible, I would strongly recommend upgrading to 6.6.5.1 with hotfix DE or else 7.0.1.1. There is another field notice that also affects your 6.6.1 preventing it from updating the Cisco Security Intelligence (SI) feeds.
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html
04-07-2022 11:38 AM
04-07-2022 09:10 PM
Hi Sir,
i have rebooted my device and it is now accessible. However, even after upgrading to 6.6.5 - 81 the error in synchronizing with the smart license manager still persist.
i have attached a screen capture for reference.
04-07-2022 10:47 PM
I was also running version 6.6.5.1 with patch DE which I though was a fixed release. But that was not the case. I had a TAC case open for another issue where we found out that although 6.6.5.1 is mentioned as a fixed release there are some instances where upgrading and patching does not correct the issue and the certificate needs to be installed manually. TAC said that the only "truely fixed" release is 7.x.
To manually correct the issue follow the following steps DO NOT DELETE ANY OTHER CERTIFICATES ONLY ADD THIS TO THE END:
sudo su -
in order to elevate to root.mv /etc/sf/gch/call_home_ca /etc/sf/gch/call_home_ca.bak
in order to back up the current certificate.vim /etc/sf/gch/call_home_ca
.i
key in order to enter editing mode.-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT 3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU +ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH 6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 +wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG 4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A 7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H -----END CERTIFICATE-----
ESC
key in order to exit editing mode.:wq
and then press the ENTER
key in order to save the file and exit.pmtool restartbyid sla
in order to restart the Smart Licensing Agreement process and use the updated IdenTrust certificate.reference: https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html
04-09-2022 02:16 AM
Hi sir,
i have tried this already but i encountered serveral road blocks and errors.
at first i attempted to back up the cert but no such file or directory so i proceed to creating a new one.
then upon creating a new cert file i encountered another error, saying they cannot open the file for writing. i have tried saving it using :wq! but sill got the same error.
04-10-2022 09:38 AM
Where did you try to install the license in these screenshots? If this is the FTD then you are in the wrong place, this should be done on the FMC it self.
The software you are looking at is for FTD...you must upgrade the FMC first and then the FTD if that is the path you are choosing. 7.0.1 is the "star" release so that is currently the most stable and recommended release.
04-10-2022 09:49 PM - edited 04-10-2022 09:54 PM
Hi Sir @Marius Gunnerud
Where did you try to install the license in these screenshots? If this is the FTD then you are in the wrong place, this should be done on the FMC it self.
- My Bad, i got it wrong but i have already updated and installed the cert in the FMC and it works now. Thanks
The software you are looking at is for FTD...you must upgrade the FMC first and then the FTD if that is the path you are choosing. 7.0.1 is the "star" release so that is currently the most stable and recommended release.
- yup you are right i also downloaded the FMC update. I will try this certificate update first and see if this works then i will upgrade the FTD and FMC to version 7 if problem still persist.
Thanks
04-09-2022 10:58 AM
Hi Sir,
@Marius Gunnerud @Marvin Rhoads
My last resort would be upgrading my FTD to 7.01 version. Would you recommend to install the Hotfix or just the upgrade itself would suffice?
Thank You so much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide