Solved: vFMC Registration issue

benolyndav · ‎07-27-2022

Hi

Just deployed a new vFMC 7.x and am unable to register with snart license any idea wher I might start looking to resolve.??

Thanks

Marvin Rhoads · ‎07-27-2022

First make sure you have patched to 7.0.1 or higher. That fixes a certificate issue.

Then check your connectivity as follows from the FMC cli:

> expert
admin@fmc7-2:~$ sudo su -
Password: 
root@fmc7-2:~# curl -vvk https://tools.cisco.com
* Rebuilt URL to: https://tools.cisco.com/
*   Trying 173.37.145.8...
* TCP_NODELAY set
*   Trying 2001:420:1201:5::a...
* TCP_NODELAY set
* Immediate connect fail for 2001:420:1201:5::a: Network is unreachable
* Connected to tools.cisco.com (173.37.145.8) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=tools.cisco.com; O=Cisco Systems Inc.; L=San Jose; ST=California; C=US
*  start date: Jan 19 22:03:08 2022 GMT
*  expire date: Jan 19 22:03:07 2023 GMT
*  issuer: C=US; O=IdenTrust; OU=HydrantID Trusted Certificate Service; CN=HydrantID Server CA O1
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: tools.cisco.com
> User-Agent: curl/7.61.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-length: 0
< Location: https://tools.cisco.com/healthcheck
< Connection: close
< 
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
root@fmc7-2:~#

View solution in original post

Marvin Rhoads · ‎07-27-2022

First make sure you have patched to 7.0.1 or higher. That fixes a certificate issue.

Then check your connectivity as follows from the FMC cli:

> expert
admin@fmc7-2:~$ sudo su -
Password: 
root@fmc7-2:~# curl -vvk https://tools.cisco.com
* Rebuilt URL to: https://tools.cisco.com/
*   Trying 173.37.145.8...
* TCP_NODELAY set
*   Trying 2001:420:1201:5::a...
* TCP_NODELAY set
* Immediate connect fail for 2001:420:1201:5::a: Network is unreachable
* Connected to tools.cisco.com (173.37.145.8) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=tools.cisco.com; O=Cisco Systems Inc.; L=San Jose; ST=California; C=US
*  start date: Jan 19 22:03:08 2022 GMT
*  expire date: Jan 19 22:03:07 2023 GMT
*  issuer: C=US; O=IdenTrust; OU=HydrantID Trusted Certificate Service; CN=HydrantID Server CA O1
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: tools.cisco.com
> User-Agent: curl/7.61.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-length: 0
< Location: https://tools.cisco.com/healthcheck
< Connection: close
< 
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
root@fmc7-2:~#