06-25-2020 09:14 AM
Hi all, i have deployed an FMCv onto ESXi today and i'm having an issue with registering the smart licensing
When i enter the product registration token into the FMC and press register it does not complete and just sits there. I know there is a route out to the internet ok (no proxies), and i've configured dns correctly etc. I tried a rebuild in case it was something weird going on but i get the same issue. I've also tried generating a new token and revoking the old one on smart update.
some info on the build if that helps? any idea's what i could do to t-shoot, the options in the GUI and CLI seem quite limited, thanks
Cisco Firepower Management Center for VMWare
None
6.6.0 (build 90)
Cisco Fire Linux OS 6.6.0 (build37)
2.9.16 (Build 140)
2020-06-22-001-vrt
2412
2728
None
build 336 ( 2020-06-15 16:38:24 )
06-25-2020 08:49 PM
From the FMC cli (expert mode) check the following:
sudo nslookup software.cisco.com telnet software.cisco.com 443
You should get output similar to the following:
Cisco Fire Linux OS v6.6.0 (build 37) Cisco Firepower Management Center for VMWare v6.6.0 (build 90) > expert admin@fmc:~$ sudo nslookup software.cisco.com Password: Server: 172.31.1.8 Address: 172.31.1.8#53 Non-authoritative answer: software.cisco.com canonical name = software.cisco.com.akadns.net. software.cisco.com.akadns.net canonical name = softwareds.cisco.com.edgekey.net. softwareds.cisco.com.edgekey.net canonical name = softwareds.cisco.com.edgekey.net.globalredir.akadns.net. softwareds.cisco.com.edgekey.net.globalredir.akadns.net canonical name = e2757.dscb.akamaiedge.net. Name: e2757.dscb.akamaiedge.net Address: 23.14.207.202 admin@fmc:~$ telnet software.cisco.com 443 Trying 23.14.207.202... Connected to software.cisco.com. Escape character is '^]'.
06-26-2020 01:07 AM
Hi Marvin, many thanks for taking the time to reply :)
I tried the below just now, all seems ok (output below) - still not registering though :(
> expert
admin@ssslpfpmnl01:~$ sudo nslookup software.cisco.com
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Server: 192.168.1.10
Address: 192.168.1.10#53
Non-authoritative answer:
software.cisco.com canonical name = software.cisco.com.akadns.net.
software.cisco.com.akadns.net canonical name = softwareds.cisco.com.edgekey.net.
softwareds.cisco.com.edgekey.net canonical name = softwareds.cisco.com.edgekey.net.globalredir.akadns.net.
softwareds.cisco.com.edgekey.net.globalredir.akadns.net canonical name = e2757.dscb.akamaiedge.net.
Name: e2757.dscb.akamaiedge.net
Address: 23.198.68.181
admin@ssslpfpmnl01:~$ telnet software.cisco.com 443
Trying 23.198.68.181...
Connected to software.cisco.com.
Escape character is '^]'.
^C^ZConnection closed by foreign host.
admin@ssslpfpmnl01:~$
06-26-2020 03:42 AM
Your connectivity all seems to be in order. I've registered numerous FMCs using this method and never encountered an issue. Perhaps opening a TAC case would be a good idea at this point.
06-26-2020 05:14 AM
Thanks Marvin, i think it could be a bug - i've logged a case
Out of interest have you successfully registered 6.6.0 (build 90)?
i'll post back here if/when i get a resolution
thanks
06-26-2020 05:39 AM
Yes I've deployed two new FMC 6.6.0 Build 90 VMs for customers in the past couple of weeks. Both registered fine for Smart Licensing and Cisco Cloud Service integration.
06-26-2020 07:03 AM
ok thanks, can't be a bug then, it's very odd indeed
if i hadn't already tried it i'd just do a fresh install at this point
have to see if TAC come up with anything
06-29-2020 08:54 AM
So i'm back with the promised update.. after doing yet another fresh install and leaving the dns servers to the default entries i managed to get it registered to cisco smart licensing ok
I completed the update of the FTD running on an ASA5525-X to version 6 and added it to the manager ok.
However when i look at the licensing on the cisco smart centre web portal something is not right still as none of the licenses are being recognised or allocated it seems.
Other products, Cisco ISE for example this was all automatic once the ISE was able to reach and register with cisco smart licensing so i assumed this would be the same. What am i missing?
screen shot attached of the portal and FMC if that helps?
06-29-2020 09:00 AM
Your FMC shows as registered and authorized.
For the ASAs running FTD image to be allocated a smart license from the Cisco portal via FMC, you need to go into device management and assign licenses to them. Only then will FMC check with Cisco for available licenses and assign them. At that point they will show up in the FMC Smart License screen.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide