Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17349
Views
31
Helpful
16
Replies

Cisco FMC 1000 smart licensing error

Go to solution
NInja Black
Level 1
Level 1

‎07-06-2020 07:14 AM

Hi,

 

 Tried to register the FMC1000 device for smart licensing and got this error msg

"Failed to send the message to the server. Please verify the DNS Server/HTTP Proxy settings."

The DNS server IPs is configured and Proxy is not enabled. 

 

Tried the curl command "sudo curl -vvk https://tools.cisco.com" based on another thread here and it fails too but the "nslookup tools.cisco.com" and "dig tools.cisco.com"works.

 

Please advise

 

7 people had this problem
16 Replies 16

Go to solution
Hyperion0000
Level 1
Level 1
In response to Marius Gunnerud

‎05-17-2022 06:50 AM

Marius,

 

Thank you, this solve my issue. I'm currently running 7.0.1.1

 

 

0 Helpful

Go to solution
mashudu-mashau
Level 1
Level 1

‎01-13-2025 03:41 PM

Mine was related to a Bug, followed steps below

Firepower - Software Upgrade

For Firepower-based devices, upgrade to one of the Firepower software versions shown in the table and run the additional commands in order to resolve the root CA certificate issue for affected devices.

Release Version Fixed Version
Firepower 6.1.xMigrate to a fixed release
Firepower 6.2.xFirepower 6.2.3.18 or later
Firepower 6.3.xMigrate to a fixed release
Firepower 6.4.xFirepower 6.4.0.13 or later
Firepower 6.5.xMigrate to a fixed release
Firepower 6.6.xFirepower 6.6.5 or later
Firepower 6.7.xFirepower 6.7.0.3 or later

Note: An update to Firepower 7.0 or later will resolve the field notice issue and requires no additional manual steps.

For Firepower 6.7 or earlier, after you upgrade the FMC to a fixed version, remove the certificate file at /etc/sf/gch/call_home_ca and restart the Smart Licensing Agent (sla) process to resume communications with Cisco Smart Software Manager (CSSM) with these steps:

  1. Access the CLI. For FMC deployments, log in to the FMC CLI as admin or another user with shell access.
  2. Enter the expert command in order to access the Linux shell.
  3. Elevate the user to root with the sudo su – command and enter the password when prompted.
  4. Remove the /etc/sf/gch/call_home_ca file with the rm /etc/sf/gch/call_home_ca command.
  5. Restart the Smart Licensing Agreement process with the pmtool restartbyid sla command.

 

Firepower - Manual Certificate Update

For devices managed by FMC, the issue can be resolved for the Smart Licensing service only without an upgrade to the Firepower software. For services other than Smart Licensing, a software upgrade is required to fix the issue.

Complete these steps in order to manually import the IdenTrust Commercial Root CA 1 certificate. Do not use this workaround when you use Common Criteria (CC) Mode or for devices managed by Firepower Device Manager (FDM). Instead, upgrade to one of the Firepower software versions provided in the table.

  1. Enter sudo su - in order to elevate to root.
  2. Enter mv /etc/sf/gch/call_home_ca /etc/sf/gch/call_home_ca.bak in order to back up the current certificate.
  3. Create a new certificate file.
    1. Enter vim /etc/sf/gch/call_home_ca.
    2. Press the i key in order to enter editing mode.
    3. Copy and paste this IdenTrust Commercial Root CA 1 certificate into the file.
      -----BEGIN CERTIFICATE-----
MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu
VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw
MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw
JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT
3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU
+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1
bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL
vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK
Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK
dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT
c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv
l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N
iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD
ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt
LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93
nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3
+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK
W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT
AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq
l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ
mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H
-----END CERTIFICATE-----
    4. Press the ESC key in order to exit editing mode.
    5. Enter :wq and then press the ENTER key in order to save the file and exit.
  4. Enter pmtool restartbyid sla in order to restart the Smart Licensing Agreement process and use the updated IdenTrust certificate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card