cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
195
Views
0
Helpful
4
Replies
Highlighted
Beginner

C5921 Smart licensing - Fail to send out Call Home HTTP message

Hi

 

I have c5921 running 15.5(3)M code and I have issues with smart licensing. I created the token in the CSSM and issued the command: 

license smart register idtoken {tokenSTRING}

 

I get the following logs:

 

%PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
%SMART_LIC-3-COMM_FAILED: Communications failure with Cisco licensing cloud: Fail to send out Call Home HTTP message.

 

 

The thing is I have vrfs configured on the interfaces and c5921 only has Internet access through vrf PUBLIC.

 

 

c5921_312_127128#ping vrf PUBLIC software.cisco.com
Translating "software.cisco.com"...domain server (193.2.1.66) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 104.108.74.32, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/42/45 ms
c5921_312_127128#

So the connectivity and dns resolution works. In addition I tried if firewall is in the way and the connection seems to be open.

 

c5921_312_127128#telnet software.cisco.com 80 /vrf PUBLIC
Translating "software.cisco.com"...domain server (255.255.255.255)

Translating "software.cisco.com"...domain server (193.2.1.66) [OK]
Trying e2757.dscb.akamaiedge.net (104.108.74.32, 80)... Open

and https ... 

c5921_312_127128#telnet software.cisco.com 443 /vrf PUBLIC
Translating "software.cisco.com"...domain server (255.255.255.255)

Translating "software.cisco.com"...domain server (193.2.1.66) [OK]
Trying e2757.dscb.akamaiedge.net (104.108.74.32, 443)... Open

I follow a guide from a bug report and configured call-home agent to use HTTP. Still no luck. Here is the call-home config:

call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 vrf PUBLIC
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
  destination address http http://tools.cisco.com/its/service/oddce/services/DDCEService 

 

It seems that c5921 cannot send messages using vrf. Any ideas?

 

 

 

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: C5921 Smart licensing - Fail to send out Call Home HTTP message

Huh I finally cracked it. This worked even on default call-home config without vrf configured (using https).

 

 

The command I was missing is: 

enable
conf t
ip http client source-interface Ethernet 0/0.10

 

call-home config:

call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email

 

4 REPLIES 4
VIP Mentor

Re: C5921 Smart licensing - Fail to send out Call Home HTTP message

Hi
before enabling registration did you enable smart license enable , sure you did just in case

looks like there may be known bugs too regarding CSSM and VRFs


Bug Search
CSCvm59508
Help | Feedback Feedback
VRF hostname resolution error is causing smart license register failure via HTTPS
CSCvm59508
Description
Symptom:
Smart license registration was not successful after "license smart register idtoken" was issued.
------------------------------------------------------------
smartlicserver[219]: %LICENSE-SMART_LIC-3-AGENT_REG_FAILED : Smart Agent for Licensing Registration with Cisco licensing cloud failed: Fail to send out Call Home HTTP message
smartlicserver[219]: %LICENSE-SMART_LIC-3-COMM_FAILED : Communications failure with Cisco licensing cloud: Fail to send out Call Home HTTP message
------------------------------------------------------------

Conditions:
This issue can be seen when using a smart license via HTTPS in a configured VRF.
This issue is not seen when HTTPS is used in a default VRF or HTTP is used.

------------------------------------------------------------
http client vrf

call-home
vrf
service active
contact smart-licensing
profile CiscoTAC-1
active
destination transport-method http
!
!

crypto ca trustpoint Trustpool
vrf
!
------------------------------------------------------------

Workaround:
Consider to apply one of the below workarounds:

1) Disable Certificate Revocation List checking
------------------------------------------------------------
crypto ca trustpoint Trustpool
crl optional
!
------------------------------------------------------------

2) Using HTTP
Configure call-home so that HTTP is used instead of HTTPS.
------------------------------------------------------------
call-home
profile CiscoTAC-1
destination address http http://tools.cisco.com/its/service/oddce/services/DDCEService
!
!
------------------------------------------------------------
(*) HTTP is used by default when no k9sec package is installed.
Beginner

Re: C5921 Smart licensing - Fail to send out Call Home HTTP message

Thanks for your quick reply but I already found the solution posted below.

 

Yeah I looked into those bugs as well. Surprisingly the only thing I had to do was configure http source interface and it worked even on default call-home config. Note that I can only reach software.cisco.com via Ethernet0/0.10 that has vrf forwarding PUBLIC configured. 

VIP Mentor

Re: C5921 Smart licensing - Fail to send out Call Home HTTP message

Thanks for posting the fix
Beginner

Re: C5921 Smart licensing - Fail to send out Call Home HTTP message

Huh I finally cracked it. This worked even on default call-home config without vrf configured (using https).

 

 

The command I was missing is: 

enable
conf t
ip http client source-interface Ethernet 0/0.10

 

call-home config:

call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email

 

CreatePlease to create content
Content for Community-Ad