Hi Sir, what was the solutions? i have the same exact problem with my FMC. it stops syncing with the cloud license manager since Jan 2022.

@Herald Sison check your FMC release against this Field Notice (FN):

https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html

It affects Smart licensing and requires either an upgrade or manual certificate replacement. The FN has all the details.

Hi Sir,

My FTD 6.6.1 version belongs to the affected list. does this Firepower - Manual Certificate Update fits for my device?

@Herald Sison yes you can do the manual certificate update.

If possible, I would strongly recommend upgrading to 6.6.5.1 with hotfix DE or else 7.0.1.1. There is another field notice that also affects your 6.6.1 preventing it from updating the Cisco Security Intelligence (SI) feeds.

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html

Hi Sir,

i am updating my FTD right now to 6.6.5-81 and the FMC status is (no communication). the last time i saw is it has 8 mins left on the installation. Is this still normal?

Hi Sir,

i have rebooted my device and it is now accessible. However, even after upgrading to 6.6.5 - 81 the error in synchronizing with the smart license manager still persist.

i have attached a screen capture for reference.

I was also running version 6.6.5.1 with patch DE which I though was a fixed release.  But that was not the case.  I had a TAC case open for another issue where we found out that although 6.6.5.1 is mentioned as a fixed release there are some instances where upgrading and patching does not correct the issue and the certificate needs to be installed manually.  TAC said that the only "truely fixed" release is 7.x.

To manually correct the issue follow the following steps DO NOT DELETE ANY OTHER CERTIFICATES ONLY ADD THIS TO THE END:

1. Enter sudo su - in order to elevate to root.
2. Enter mv /etc/sf/gch/call_home_ca /etc/sf/gch/call_home_ca.bak in order to back up the current certificate.
3. Create a new certificate file. 
   1. Login into CLI and enter expert mode
   2. Enter vim /etc/sf/gch/call_home_ca.
   3. Press the i key in order to enter editing mode.
   4. Copy and paste this IdenTrust Commercial Root CA 1 certificate into the file.

      -----BEGIN CERTIFICATE-----
      MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
      MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu
      VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw
      MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw
      JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG
      SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT
      3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU
      +ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
      S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1
      bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
      T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL
      vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK
      Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK
      dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT
      c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv
      l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N
      iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
      /zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD
      ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
      6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt
      LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93
      nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3
      +wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK
      W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT
      AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq
      l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
      4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ
      mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
      7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H
      -----END CERTIFICATE-----

   5. Press the ESC key in order to exit editing mode.
   6. Enter :wq and then press the ENTER key in order to save the file and exit.
4. Enter pmtool restartbyid sla in order to restart the Smart Licensing Agreement process and use the updated IdenTrust certificate.

reference: https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html

Hi sir,

i have tried this already but i encountered serveral road blocks and errors.

at first i attempted to back up the cert but no such file or directory so i proceed to creating a new one.

then upon creating a new cert file i encountered another error, saying they cannot open the file for writing. i have tried saving it using :wq! but sill got the same error.

Where did you try to install the license in these screenshots?  If this is the FTD then you are in the wrong place, this should be done on the FMC it self.

The software you are looking at is for FTD...you must upgrade the FMC first and then the FTD if that is the path you are choosing.  7.0.1 is the "star" release so that is currently the most stable and recommended release.

Hi Sir @Marius Gunnerud 

Where did you try to install the license in these screenshots?  If this is the FTD then you are in the wrong place, this should be done on the FMC it self.

- My Bad, i got it wrong but i have already updated and installed the cert in the FMC and it works now. Thanks

The software you are looking at is for FTD...you must upgrade the FMC first and then the FTD if that is the path you are choosing.  7.0.1 is the "star" release so that is currently the most stable and recommended release.

- yup you are right i also downloaded the FMC update. I will try this certificate update first and see if this works then i will upgrade the FTD and FMC to version 7 if problem still persist.

Thanks

Hi Sir,

@Marius Gunnerud @Marvin Rhoads 

My last resort would be upgrading my FTD to 7.01 version. Would you recommend to install the Hotfix or just the upgrade itself would suffice?

Thank You so much.