Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2117
Views
0
Helpful
5
Replies

FMC Smart Account Registration Error

Learnercisco
Level 1
Level 1

‎08-03-2022 08:38 AM

Hi Tech People,

I have upgraded my FMC to 7.0.1 and try to register my FMC with Smart Account .I am facing the following Error during Registration. 

1- First error on software 6.3/6.6 

"Failed to send the message to the server. Please verify the DNS Server/HTTP Proxy Settings.

FMC was upgraded from-6.3-->to-->6.6 & to 7.0.1 (as per cisco recommendation).

2- Second Error after upgraded to software 7.0/1

"Error failed to Parse the response from Server. Retry after some time, if still persist, contact TAC

 

Could any one suggest if the solve this issue before. 

Thanks in advance

 

 

 

 

1 person had this problem
0 Helpful
5 Replies 5

IP_Cartel
Level 1
Level 1

‎08-03-2022 08:56 AM

under the mgmt interface do you have DNS? may be try google dns 8.8.8.8

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fmc.html

ctrl + f and search for DNS

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-03-2022 08:57 AM

First verify connectivity from your FMC cli. Login via ssh and switch to expert mode and then to root user (sudo su -).

As root run the following command:

curl -vvk https://tools.cisco.com/

Please share the output.

0 Helpful

Learnercisco
Level 1
Level 1
In response to Marvin Rhoads

‎08-03-2022 10:25 PM

HI Marvin,

thanks for the reply, please see the output.

admin# curl -vvk https://tools.cisco.com/
* Trying 173.37.145.8...
* TCP_NODELAY set
* Trying 2001:420:1201:5::a...
* TCP_NODELAY set
* Immediate connect fail for 2001:420:1201:5::a: Network is unreachable
* Connected to tools.cisco.com (173.37.145.8) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=tools.cisco.com; O=Cisco Systems Inc.; L=San Jose; ST=California; C=US
* start date: Jan 19 22:03:08 2022 GMT
* expire date: Jan 19 22:03:07 2023 GMT
* issuer: C=US; O=IdenTrust; OU=HydrantID Trusted Certificate Service; CN=HydrantID Server CA O1
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: tools.cisco.com
> User-Agent: curl/7.61.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-length: 0
< Location: https://tools.cisco.com/healthcheck
< Connection: close
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Learnercisco

‎08-04-2022 01:39 AM

Thanks @Learnercisco that command confirmed multiple things are working - your management gateway, your DNS settings, your reachability to the Internet and that your FMC accepts the certificate for tools.cisco.com.

Given that all of that is working, the problem must be on the Cisco side - recommend you take it up with TAC for further investigation.

0 Helpful

RachelGomez161999
Spotlight
Spotlight

‎08-05-2022 11:28 PM

Troubleshoot
Time Synchronization Verification

Access the FMC CLI (for example, SSH) and ensure the time is correct and it is synchronized with a trusted NTP server. Because the certificate is used for Smart License authentication, it is important that the FMC has the correct time information:

admin@FMC:~$ date
Thu Jun 14 09:18:47 UTC 2020
admin@FMC:~$
admin@FMC:~$ ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
*10.0.0.2 171.68.xx.xx 2 u 387 1024 377 0.977 0.469 0.916
127.127.1.1 .SFCL. 13 l - 64 0 0.000 0.000 0.000
From the FMC UI, verify the NTP server values from System > Configuration > Time Synchronization.

Enable Name Resolution and Check Reachability to tools.cisco.com

Ensure the FMC can resolve an FQDN and has reachability to tools.cisco.com:

> expert
admin@FMC2000-2:~$ sudo su
Password:
root@FMC2000-2:/Volume/home/admin# ping tools.cisco.com
PING tools.cisco.com (173.37.145.8) 56(84) bytes of data.
64 bytes from tools2.cisco.com (173.37.145.8): icmp_req=1 ttl=237 time=163 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_req=2 ttl=237 time=163 ms
From the FMC UI, verify the management IP and DNS server IP from System > Configuration > Management Interfaces.

Verify HTTPS (TCP 443) access from FMC to tools.cisco.com

Use Telnet or curl command to ensure the FMC has HTTPS access to tools.cisco.com. If the TCP 443 communication is broken, verify it is not blocked by a firewall and there is no SSL decryption device in the path.

root@FMC2000-2:/Volume/home/admin# telnet tools.cisco.com 443
Trying 72.163.4.38...
Connected to tools.cisco.
Escape character is '^]'.
^CConnection closed by foreign host.

 

Regards,

Rachel Gomez

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card