Solved: Re: Smart License usage is out of compliance.

MedTiti92 · ‎11-08-2022

Hi Guys, i have this issues "Smart License usage is out of compliance." ... what is the solution of this error

Thanks !

Aref Alsouqi · ‎11-09-2022

Try this please:

1) Go into the FMC CLI into expert mode

2) Type "sudo su -" and type in the password

3) Issue the command "rm /etc/sf/gch/call_home_ca"

4) Issue the command "pmtool restartbyid sla"

5) Issue the command "pmtool restartbyid CloudAgent"

6) Wait a couple of minutes and check the registration again.

View solution in original post

balaji.bandi · ‎11-09-2022

Looks like it was registered a long time in 2020 ( what happens when you click re-authorise )

First, i would log in to the portal and check the License and any alerts related to the License.

Second, if all that is good, I will troubleshoot - is the FMC able to reach the smart license Server ? (follow below guide)

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215838-fmc-and-ftd-smart-license-registration-a.html#anc6

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

CiscoPurpleBelt · ‎03-09-2023

Are you saying log into Smart license portal?

Marvin Rhoads · ‎03-09-2023

@CiscoPurpleBelt give us some context to your question or start a new thread.

MedTiti92 · ‎11-09-2022

Yes i logged to the portail and i see this in the portal :

balaji.bandi · ‎11-09-2022

check the details it will give you more information - check your oder or purchase ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Aref Alsouqi · ‎11-09-2022

Try this please:

1) Go into the FMC CLI into expert mode

2) Type "sudo su -" and type in the password

3) Issue the command "rm /etc/sf/gch/call_home_ca"

4) Issue the command "pmtool restartbyid sla"

5) Issue the command "pmtool restartbyid CloudAgent"

6) Wait a couple of minutes and check the registration again.

MSJ1 · ‎12-11-2023

@Aref Alsouqi @marvin

I have exact same issue for an FMC but my version is 7.0.2. Have you seen similar issue for 7.0.2 FMC ?

Aref Alsouqi · ‎12-12-2023

Did you try the above suggested steps and they didn't work?

MSJ1 · ‎12-13-2023

@Aref Alsouqi

I did not try this as version is more than 6.5 since was thinking version wise it not affect. Do you think is a worth try , I still have the Expired Root CA in the Trusted CA store of FMC.

Marvin Rhoads · ‎11-09-2022

If you are running an older release, you need to update it to allow FMC to accept the newer certificates that Cisco has been using for some time now.

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html

MedTiti92 · ‎11-10-2022

@Marvin RhoadsI'm using 6.5.0 in FMC, manage two FTD(6.3.0) ...

@Aref Alsouqi are will be some impact in the production with thoses command

Thanks !

Aref Alsouqi · ‎11-10-2022

No impact AFAIK. The issue would be related to a change from Cisco side of a trusted certificate. The steps I provided should fix the issue, however, if that doesn't help please follow the instructions of the "Firepower - Manual Certificate Update" in the link @Marvin Rhoads provided. Please remember to issue the command "pmtool restartbyid CloudAgent" which is not documented on that link I think. If you don't issue this additional command you would need to wait for the FMC to trigger the synch again which I don't know how long it would take.

MedTiti92 · ‎11-10-2022

is it a problem of licence expired or just an update of FMC & FTD

Marvin Rhoads · ‎11-10-2022

It's (usually) not a problem of license being expired but rather the FMC not trusting the updated certificates being used by Cisco.

If you are running 6.5.0 managing 6.3.0 devices I strongly recommend you evaluate your operations as the version are quite out of date and subject to a lot of bugs and lacking features included in the more current releases.