Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
5
Helpful
5
Replies

Smart License usage is out of compliance | FMC 6.4.0.10

Go to solution
mbarada
Level 1
Level 1

‎05-03-2023 12:11 AM

Hello,

I came across some similar threads and none seem to solve this problem.

We are facing the below error on FMC 6.4.0.10 since almost 2 months ago:

mbarada_0-1683095961976.png

Here are the expired Cisco AnyConnect Apex licenses shown in the Smart Account, although we are neither using any Apex feature/license on FMC and FTD, nor RA VPN. Instead, AnyConnect and ISE are used for RA VPN on another ASA device, which is not managed by/related to this FMC:

mbarada_1-1683096155479.png

This does not seem to be an SSL certificate problem because I compared the current certificate in "/etc/sf/gch/call_home_ca" with the one mentioned in the below Field Notice and they are identical:

https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html

System -> Licenses -> Smart Licenses is showing the below and pressing the "Re-Authorize" button is not solving the issue:

mbarada_2-1683096720573.png

Based on the above, is it just a bug or something that could be ignored? Since we are planning to upgrade this FMC (and 2 FTDs) to version 7.0.5 soon.

Any hint on how to solve/eliminate this critical health error would be appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to mbarada

‎05-03-2023 03:31 AM

Hi,

Its because your FTD has an AnyConnect Apex license enabled. If you don't
have anyconnect configured, just disable the lic. Then try to deploy to
your FTD, if there is any related config to the license, the deployment
will fail and you will get an error. If no dependent config, the deployment
will go successfully.

On a side note, 6.4 is eol for a while.

**** please remember to rate useful posts

View solution in original post

5 Replies 5

Go to solution
mbarada
Level 1
Level 1

‎05-03-2023 01:21 AM

Additional information:

Devices -> Device Management -> Summary is showing the below, but I am not sure why it is set like that since no RA VPN or Site to Site VPN are used on this device:

mbarada_0-1683101914271.png

mbarada_2-1683101964200.png

mbarada_4-1683102005191.png

So not sure why/when the AnyConnect Apex license has been used on this device.

Please advise.

 

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to mbarada

‎05-03-2023 03:31 AM

Hi,

Its because your FTD has an AnyConnect Apex license enabled. If you don't
have anyconnect configured, just disable the lic. Then try to deploy to
your FTD, if there is any related config to the license, the deployment
will fail and you will get an error. If no dependent config, the deployment
will go successfully.

On a side note, 6.4 is eol for a while.

**** please remember to rate useful posts

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mohammed al Baqari

‎05-03-2023 05:41 AM

Like @Mohammed al Baqari said - edit the device license screen and disable AnyConnect Apex.

That will stop FMC from trying to check out an unavailable license (valid SSL certificate to tools.cisco.com notwithstanding) and should clear up the health alert.

Go to solution
mbarada
Level 1
Level 1
In response to Mohammed al Baqari

‎05-03-2023 10:46 PM

@Mohammed al Baqari and @Marvin Rhoads disabling the license (after making sure it is not being used) solved the issue.

@MHM Cisco World the FMC licenses were already registered.

Thank you all.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card