cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3205
Views
10
Helpful
4
Replies

Firepower FP9300 Registering with Satellite Manager

I am getting below error in FP9300 chassis while trying to connect to smart software satellite server.We have locally installed satellite server.Generated a new token and import in FP9300.Also changed call home link to 

https://ip address:8443/Transportgateway/services/DeviceRequestHandler

Keep coming below error.Any help is appreciated.

Smart Licensing is ENABLED

Registration:
Status: REGISTERING - REGISTRATION IN PROGRESS
Export-Controlled Functionality: Not Allowed
Initial Registration: FAILED on Mar 13 10:32:58 2017 AST
Failure reason: Failed to authenticate server
Next Registration Attempt: Mar 13 10:50:53 2017 AST

License Authorization:
Status: No Licenses in Use

Licensing HA configuration error:
No Reservation Ha config error

Regards

-Dani

4 Replies 4

ruben.omez
Level 1
Level 1

Hello,

A bit late, but maybe it's useful for another engineer.

I had the same problem (FP4110 FXOS 2.2-66 running Smart Agent 1.6 and Satellite 4.2) and solved it as described below:

1) Make sure DNS and NTP are OK.

2) If you renamed your FXOS chassis or changed the IP, regenerate the certificate with following commands: scope security > scope keyring default > set regenerate yes > commit-buffer

3) By default, the FXOS 2.2-66 is shipped with a trusted Verisign CA (sertchain). however, the Satellite (in offline modus) is using a Cisco CA certificate. So the Cisco CA is not trusted in the FXOS. Add the Cisco CA certificate to the trustpoint: scope security > create trustpoint CiscoCA > set certchain > Copy/Paste the certificate and end with 'ENDOFBUF' > commit-buffer

 

Where do you find the Cisco CA certificate?
Navigate with your browser to your satellite: https://<satellite-ip/ and open the certificate details. Go to the root CA (Cisco CA) and export the certificate. Open the certificate with notepad (or similar) and copy/paste the content.

 

My Smart Agent is connecting to the satellite on port 443, not 8443 (which is used for mgmt-purposes).

I also installed my satellite with the FQDN (hostname.domain.local), not with a single hostname. This to avoid issues with DNS resolving. The certificate of the satellite has as a CN this FQDN. I don't know if additional checks are happing on this fqdn or not... (just to be safe)

@ruben.omez ,

 

Great information - thanks for sharing!

I know this an older post but I wanted to say thank you.  This helped me with the same problem but using FPR-4120 devices trying to register licensing against the public Cisco Software Central.

 

I had to export the root CA for Quo Vadis Root CA 2 from the Smart Console call home URL:

https://tools.cisco.com/its/service/oddce/services/DDCEService

Make sure to export the certificate as the "Base64Encoded X.509 (*.cer) file format and copy the entire contents into the device, including the lines "Begin Certificate" and End Certificate".  After you paste it in, hit enter, then type ENDOFBUF and then commit buffer.

 

Thanks again!

Abheesh Kumar
VIP Alumni
VIP Alumni

Hi,

This doc will be helpful to register FMC to Satellite server.

https://drive.google.com/open?id=1kTmIp6i9x94Gi4X2JwlniFzNT7_yeIBN

 

 

-Abheesh

Review Cisco Networking for a $25 gift card