Hi all, i have deployed an FMCv onto ESXi today and i'm having an issue with registering the smart licensing
When i enter the product registration token into the FMC and press register it does not complete and just sits there. I know there is a route out to the internet ok (no proxies), and i've configured dns correctly etc. I tried a rebuild in case it was something weird going on but i get the same issue. I've also tried generating a new token and revoking the old one on smart update.
some info on the build if that helps? any idea's what i could do to t-shoot, the options in the GUI and CLI seem quite limited, thanks
Cisco Firepower Management Center for VMWare
6.6.0 (build 90)
Cisco Fire Linux OS 6.6.0 (build37)
2.9.16 (Build 140)
build 336 ( 2020-06-15 16:38:24 )
From the FMC cli (expert mode) check the following:
sudo nslookup software.cisco.com telnet software.cisco.com 443
You should get output similar to the following:
Cisco Fire Linux OS v6.6.0 (build 37) Cisco Firepower Management Center for VMWare v6.6.0 (build 90) > expert admin@fmc:~$ sudo nslookup software.cisco.com Password: Server: 172.31.1.8 Address: 172.31.1.8#53 Non-authoritative answer: software.cisco.com canonical name = software.cisco.com.akadns.net. software.cisco.com.akadns.net canonical name = softwareds.cisco.com.edgekey.net. softwareds.cisco.com.edgekey.net canonical name = softwareds.cisco.com.edgekey.net.globalredir.akadns.net. softwareds.cisco.com.edgekey.net.globalredir.akadns.net canonical name = e2757.dscb.akamaiedge.net. Name: e2757.dscb.akamaiedge.net Address: 188.8.131.52 admin@fmc:~$ telnet software.cisco.com 443 Trying 184.108.40.206... Connected to software.cisco.com. Escape character is '^]'.
Hi Marvin, many thanks for taking the time to reply :)
I tried the below just now, all seems ok (output below) - still not registering though :(
admin@ssslpfpmnl01:~$ sudo nslookup software.cisco.com
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
software.cisco.com canonical name = software.cisco.com.akadns.net.
software.cisco.com.akadns.net canonical name = softwareds.cisco.com.edgekey.net.
softwareds.cisco.com.edgekey.net canonical name = softwareds.cisco.com.edgekey.net.globalredir.akadns.net.
softwareds.cisco.com.edgekey.net.globalredir.akadns.net canonical name = e2757.dscb.akamaiedge.net.
admin@ssslpfpmnl01:~$ telnet software.cisco.com 443
Connected to software.cisco.com.
Escape character is '^]'.
^C^ZConnection closed by foreign host.
Your connectivity all seems to be in order. I've registered numerous FMCs using this method and never encountered an issue. Perhaps opening a TAC case would be a good idea at this point.
Thanks Marvin, i think it could be a bug - i've logged a case
Out of interest have you successfully registered 6.6.0 (build 90)?
i'll post back here if/when i get a resolution
Yes I've deployed two new FMC 6.6.0 Build 90 VMs for customers in the past couple of weeks. Both registered fine for Smart Licensing and Cisco Cloud Service integration.
ok thanks, can't be a bug then, it's very odd indeed
if i hadn't already tried it i'd just do a fresh install at this point
have to see if TAC come up with anything
So i'm back with the promised update.. after doing yet another fresh install and leaving the dns servers to the default entries i managed to get it registered to cisco smart licensing ok
I completed the update of the FTD running on an ASA5525-X to version 6 and added it to the manager ok.
However when i look at the licensing on the cisco smart centre web portal something is not right still as none of the licenses are being recognised or allocated it seems.
Other products, Cisco ISE for example this was all automatic once the ISE was able to reach and register with cisco smart licensing so i assumed this would be the same. What am i missing?
screen shot attached of the portal and FMC if that helps?
Your FMC shows as registered and authorized.
For the ASAs running FTD image to be allocated a smart license from the Cisco portal via FMC, you need to go into device management and assign licenses to them. Only then will FMC check with Cisco for available licenses and assign them. At that point they will show up in the FMC Smart License screen.