cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2063
Views
15
Helpful
6
Replies

Cisco FMC failed communication with Smart Licensing Cloud

Amen
Level 1
Level 1
 

Since Friday our FMC has been displaying this error regarding a communication error with the Smart Licensing Cloud.:

We also received this field notice: https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html recommending an upgrade to version 7 and a restart of the Smart Licensing process, or a manual certificate update. The problem is that our current version 6.6.5 (build 81) is not in the affected version list, but listed as a version where this issue is fixed. Should we try to remove the call_home_ca and restart the process with the pmtool command or do you recommend another course of action ?

1 Accepted Solution

Accepted Solutions

@Amen the order isn't critical since Hotfix DE can be installed on either 6.6.5 or 6.6.5.1.

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/hotfix/Firepower_Hotfix_Release_Notes/available-hotfixes.html#Cisco_Reference.dita_4fdba94b-2836-440c-8ed9-59d890966a1b

Since it is only a hotfix, "Cisco_Firepower_Mgmt_Center_Hotfix_DE-6.6.5.2-8.sh.REL.tar" will not include the fixes in the 6.6.5.1 patch.

View solution in original post

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

Cisco has been having some issues with the Smart licensing cloud-based service on several fronts: availability, certificates, etc.

I'd recommend patching to 6.6.5.1 and then applying hotfix DE (also referred to as 6.6.5.2).

Those address both the QuoVadis server CA issue (related to Smart licensing - https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html) as well as the Security Intelligence feed certificate (bug CSCwa70008 - may or may not be publicly visible at https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa70008 ).

Thank you, I will try that and come back to u.

We were already planning an upgrade to version 6.6.5.1 in the middle of March, but until then, would you recommend doing the manual procedure for updating the certificate described in this article : https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html  ?

 

Also is there a way to upgrade directly to 6.6.5.2 or do we have to do it in 2 stages ?

It wouldn't hurt to try the manual procedure. Note that the issue with the Security Intelligence feed certificate will start affecting you by 5 March.

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html

You can apply the hotfix apart from the 6.6.5.1 upgrade. But it is not cumulative so you will still need to do the 6.6.5.1 patch (and upgrade to 6.6.5 if you aren't already there).

We are currently at version 6.6.5, but just to make sure we are on the same page on the upgrade procedure (on both FMC and FTD), should we start by upgrading 6.6.5.1 and then apply the hotfix 6.6.5.1 DE (named 6.6.5.2 on cisco.com), or the order isn’t that important as they are not cumulative ?

@Amen the order isn't critical since Hotfix DE can be installed on either 6.6.5 or 6.6.5.1.

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/hotfix/Firepower_Hotfix_Release_Notes/available-hotfixes.html#Cisco_Reference.dita_4fdba94b-2836-440c-8ed9-59d890966a1b

Since it is only a hotfix, "Cisco_Firepower_Mgmt_Center_Hotfix_DE-6.6.5.2-8.sh.REL.tar" will not include the fixes in the 6.6.5.1 patch.

Review Cisco Networking for a $25 gift card