Hello Eric,

eric.lovelace · ‎07-21-2016

I am trying to add a firepower device in firesight and every time I receive the following error:

I check the logs and its giving me some sort of ssl handshake error that I googled and couldn't find any definitive resolution, Has anyone see this? Know how to fix it? This is a new firepower and firesight installation. There is IP connectivity between devices, they are on the same network, no nat, and no firewall between them.

Jetsy Mathew · ‎07-21-2016

Hello Eric,

The error that you are facing can be due to multiple reasons . First of all make sure that you followed the below link for the registration process.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596-configure-firesight-00.html

If you make sure that you followed the above link verify the following communication channel process are up via CLI of the firepower.

pmtool status |grep sftunnel

pmtool status |grep SFData

pmtool status |grep sfipproxy

If all the services are running , kindly reboot the Firepower device gracefully and restart the communication channel services and reset all routes using following single command .

manage_procs.pl

Once after running the above command accordingly , it will reset all routes and flush communication channels, and later try adding the Firepower once again and see if that works.

Rate if my post helps you

Regards

Jetsy

Jetsy Mathew · ‎07-21-2016

Hello Eric,

I do have one more suggestion. If this is a fresh installation , please deploy the latest and stable code such as version 6.0 which has very less registration issues reported due to the stable database side.

Regards

jetsy

eric.lovelace · ‎07-21-2016

Thanks for the reply Jetsy - I followed your recommendations and I am still experiencing the same issue. Any other ideas? FYI - I also just updated firesight to ver: 6.0.1

admin@firepower:~$ sudo pmtool status |grep sftunnel
Password:
Required by: SFDataCorrelator,ui_archiver,TSS_Daemon,HostInput_Daemon,sfestreamer,estreamer-sftunnel,fpcollect,Syncd,expire-session,Pruner,fireamp,ActionQueueScrape,snapshot_manager,SFTop10Cacher,query_scheduler
sftunnel (system) - Running 5830
Command: /usr/local/sf/bin/sftunnel -d -f /etc/sf/sftunnel.conf
PID File: /var/sf/run/sftunnel.pid
Enable File: /etc/sf/sftunnel.conf
Required by: sfmgr,sfmbservice,estreamer-sftunnel,sfipproxy
Command: /usr/local/sf/bin/sfmgr -d -f /etc/sf/sftunnel.conf
Enable File: /etc/sf/sftunnel.conf
Requires: sftunnel
Command: /usr/local/sf/bin/sfmbservice -d -f /etc/sf/sftunnel.conf
Enable File: /etc/sf/sftunnel.conf
Requires: sfmb,sftunnel
estreamer-sftunnel (normal) - Running 6137
Command: /usr/local/sf/bin/sfestreamer --nodaemon --sftunnel
PID File: /var/sf/run/estreamer-sftunnel.pid
Requires: mysqld,sftunnel
Requires: sftunnel

admin@firepower:~$ sudo pmtool status |grep SFData
SFDataCorrelator (normal) - Running 6169
Command: /usr/local/sf/bin/SFDataCorrelator --nodaemon
PID File: /var/sf/run/SFDataCorrelator.pid
Enable File: /etc/sf/SFDataCorrelator.run
Required by: SFDataCorrelator,ui_archiver,TSS_Daemon,HostInput_Daemon,sfestreamer,estreamer-sftunnel,fpcollect,Syncd,expire-session,Pruner,fireamp,ActionQueueScrape,snapshot_manager,SFTop10Cacher,query_scheduler

admin@firepower:~$ sudo pmtool status |grep sfipproxy
Required by: sfmgr,sfmbservice,estreamer-sftunnel,sfipproxy
sfipproxy (normal) - Running 5841
Command: /usr/local/sf/bin/sfipproxy --nodaemon -c /etc/sf/sfipproxy.conf
PID File: /var/sf/run/sfipproxy.pid
Enable File: /etc/sf/sfipproxy.conf

ankojha · ‎07-21-2016

Hi,

Could you try the below and let me know if it works :

Regenerate the SF tunnel certificate with "sudo /etc/rc.d/init.d/cert-tun-init" command on sensor cli

and then add it again.

Rate and mark correct if it helps.

Thanks,

Ankita

Error adding device in firesight.