Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2976
Views
10
Helpful
4
Replies

Firepower FP9300 Registering with Satellite Manager

danishahammed015
Level 1
Level 1

‎03-13-2017 02:37 AM

I am getting below error in FP9300 chassis while trying to connect to smart software satellite server.We have locally installed satellite server.Generated a new token and import in FP9300.Also changed call home link to 

https://ip address:8443/Transportgateway/services/DeviceRequestHandler

Keep coming below error.Any help is appreciated.

Smart Licensing is ENABLED

Registration:
Status: REGISTERING - REGISTRATION IN PROGRESS
Export-Controlled Functionality: Not Allowed
Initial Registration: FAILED on Mar 13 10:32:58 2017 AST
Failure reason: Failed to authenticate server
Next Registration Attempt: Mar 13 10:50:53 2017 AST

License Authorization:
Status: No Licenses in Use

Licensing HA configuration error:
No Reservation Ha config error

Regards

-Dani

7 people had this problem
Labels:
0 Helpful
4 Replies 4

ruben.omez
Level 1
Level 1

‎12-21-2017 11:07 PM

Hello,

A bit late, but maybe it's useful for another engineer.

I had the same problem (FP4110 FXOS 2.2-66 running Smart Agent 1.6 and Satellite 4.2) and solved it as described below:

1) Make sure DNS and NTP are OK.

2) If you renamed your FXOS chassis or changed the IP, regenerate the certificate with following commands: scope security > scope keyring default > set regenerate yes > commit-buffer

3) By default, the FXOS 2.2-66 is shipped with a trusted Verisign CA (sertchain). however, the Satellite (in offline modus) is using a Cisco CA certificate. So the Cisco CA is not trusted in the FXOS. Add the Cisco CA certificate to the trustpoint: scope security > create trustpoint CiscoCA > set certchain > Copy/Paste the certificate and end with 'ENDOFBUF' > commit-buffer

 

Where do you find the Cisco CA certificate?
Navigate with your browser to your satellite: https://<satellite-ip/ and open the certificate details. Go to the root CA (Cisco CA) and export the certificate. Open the certificate with notepad (or similar) and copy/paste the content.

 

My Smart Agent is connecting to the satellite on port 443, not 8443 (which is used for mgmt-purposes).

I also installed my satellite with the FQDN (hostname.domain.local), not with a single hostname. This to avoid issues with DNS resolving. The certificate of the satellite has as a CN this FQDN. I don't know if additional checks are happing on this fqdn or not... (just to be safe)

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ruben.omez

‎12-22-2017 04:23 AM

@ruben.omez ,

 

Great information - thanks for sharing!

0 Helpful

rcahill81
Level 1
Level 1
In response to ruben.omez

‎10-23-2018 05:35 AM

I know this an older post but I wanted to say thank you.  This helped me with the same problem but using FPR-4120 devices trying to register licensing against the public Cisco Software Central.

 

I had to export the root CA for Quo Vadis Root CA 2 from the Smart Console call home URL:

https://tools.cisco.com/its/service/oddce/services/DDCEService

Make sure to export the certificate as the "Base64Encoded X.509 (*.cer) file format and copy the entire contents into the device, including the lines "Begin Certificate" and End Certificate".  After you paste it in, hit enter, then type ENDOFBUF and then commit buffer.

 

Thanks again!

Abheesh Kumar
VIP Alumni
VIP Alumni

‎11-02-2018 01:59 PM - edited ‎11-02-2018 01:59 PM

Hi,

This doc will be helpful to register FMC to Satellite server.

https://drive.google.com/open?id=1kTmIp6i9x94Gi4X2JwlniFzNT7_yeIBN

 

 

-Abheesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card