Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20271
Views
50
Helpful
22
Replies

Smart Agent communication error with Smart Licensing Cloud

RocioCascomuga70087
Level 1
Level 1

‎02-23-2021 11:56 PM

How to solve the following error that gives in Firepower Threat Defense "Smart Agent communication error with Smart Licensing Cloud". Could you help me?

16 people had this problem
Preview file
8 KB
0 Helpful
22 Replies 22

bbouchaiba
Level 1
Level 1
In response to jwornstaff

‎02-11-2022 07:25 AM

I had the same issue, called tac and this how we fix it:

 

 Its possible you are experiencing the following defect: https://cdetsng.cisco.com/summary/#/defect/CSCwa89534

 

Please perform the following workaround on the FMC cli and let me know if this resolves your issue:

  1. expert   //Puts you into expert mode
  2. sudo su -   //after typing in password, this puts you in root privilege
  3. rm /etc/sf/gch/call_home_ca   //removes the certificate used for the call home process
  4. pmtool restartbyid sla   //restarts the sla process and creates a new certificate for the call home process

 

After the workaround is performed, try registering your FMC again.

MaErre21325
Level 1
Level 1
In response to bbouchaiba

‎02-15-2022 01:23 AM

hi,

thanks for the tip, in the next month i'll have to upgrade from 6.4.0 to 7.0.0, i'll check if it will fix it, otherwise i'll try your procedur.

 

thanks a lot

0 Helpful

plwalsh
Level 1
Level 1

‎03-03-2022 07:08 AM

Hi Rocio,

 

I had the same issue since Feb 8th. I updated my standalone FMC 6.6.4 to 6..6.6.5 and applied the DE hotfix (to fix a different cert issue that is documented here https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html ) but I still had the same issue with 'Smart Agent communication error with Smart Licensing Cloud' health monitor alerts.

I found this info https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html

Because I was running a fixed version of FMC software (6.6.5) I followed the steps for Firepower Software in the Workaround/Solution. After deleting the call_home_ca file and restarting the Smart License Agent process (process ID sla), the health monitor alerts stopped.

sd-wan_engineer
Level 1
Level 1

‎11-08-2022 06:36 AM

hi,

Same issue here (FMC v7.0.1), I got the same error messages:

  • Error message: Smart license communication error with Smart License Cloud
  • Error message: VPN status inactive due to idle timeout
  • filtering suddenly  categorise all HTTPS traffic as SPAM
  • Site-2-Site tunnels down 

I am trying to upgrade the FMC but I cannot due that there is one device that is associated to the FMC but is not up to date "Device configurations are out-of-date. Deploy configurations." I cannot deploy this device because I cannot reach the device, the site-2-site tunnel went down when this issue started. 

0 Helpful

Michael Weller
Level 1
Level 1

‎05-13-2024 06:51 AM

We have the same issue with 7.2.5 and it was installed as 7.2.4 then updated. So, referring to the old certificate issues and updating alone does not help. However, if you are below 7.2.5 you should probably update anyway.

0 Helpful

jsolano.fusionet
Level 1
Level 1

‎05-21-2024 03:05 PM

I am currently running FMC 7.2.5.1 patch 29 and getting same error:
Smart License Monitor
Smart Agent is not registered with Smart Licensing Cloud

My FTDs are running 7.0.1 

do you think is the same behavior for FN - 72103

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jsolano.fusionet

‎05-22-2024 06:38 AM

@jsolano.fusionet that Field Notice should not affect your version.

If you recently upgraded, I have seen several deployments where simply deregister and then reregister clears it up.

Also, you can try the troubleshooting tests in this document and see what you find: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215838-fmc-and-ftd-smart-license-registration-a.html#toc-hId-46508244

0 Helpful

Michael Weller
Level 1
Level 1

‎06-10-2024 03:51 AM

Well, deregistration and reregistration seems to be natural and of course we tried it.

Problem is: We can't deregister. It says it cannot deregister because of an internal error and communications issues with the SSM-onsite (no details here, I assume it is related to certificates, but I don't know. Machines are in the same VLAN so, there should be no network issue). And if we want to reregister, it says we already are, even though it complains this does not work with the communications error.

We had a TAC ticket open with no solution found, alas it was closed during my PTO as customer or colleages did not continue to work on it.

I think the work around regarding the cert above was *NOT* yet performed by TAC. Not sure if I should try it (after making a backup of the cert file, of course). This is a customer with a critical infrastructure, I'd prefer to do this together with TAC.

I'll keep you updated if a solution is found and how.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card