cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3438
Views
10
Helpful
5
Replies

Smart Licensing failing

Aaron D
Level 1
Level 1

Have Smart Licensing configured with 4431's in 16.x. All of the sudden none of our routers (we have MANY) are receiving authorization even though it's been working fine for >1yr. 

Have a host entry pointed to 173.37.145.8 (tools.cisco.com) to get around the IPv6 bug, 

 

Opened a TAC case, but still going in circles. Anyone else having issues?

 

Also noticed this odd behavior:

 

Pinging tools.cisco.com [173.37.145.8] with 32 bytes of data:

Reply from 173.37.145.8: bytes=32 time=46ms TTL=237




Ping statistics for 173.37.145.8:

    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 46ms, Maximum = 46ms, Average = 46ms

Control-C

>> ping tools.cisco.com -4




Pinging tools.cisco.com [72.163.4.38] with 32 bytes of data:

Reply from 72.163.4.38: bytes=32 time=42ms TTL=239

Reply from 72.163.4.38: bytes=32 time=39ms TTL=239







Dump of registration status: 




Registration:
Status: REGISTERED
Smart Account: XXXX
Virtual Account: XXXX
Export-Controlled Functionality: ALLOWED
Initial Registration: SUCCEEDED on Aug 08 13:33:56 2019 UTC
Last Renewal Attempt: SUCCEEDED on Jan 24 13:31:21 2022 UTC
Next Renewal Attempt: Jul 23 13:31:17 2022 UTC
Registration Expires: Jan 24 13:26:15 2023 UTC

License Authorization:
Status: AUTHORIZED on Feb 10 18:13:17 2022 UTC
Last Communication Attempt: FAILED on Feb 10 18:13:17 2022 UTC
Failure reason: Fail to send out Call Home HTTP message.
Next Communication Attempt: Feb 10 18:13:47 2022 UTC
Communication Deadline: May 05 18:59:42 2022 UTC
1 Accepted Solution

Accepted Solutions

Aaron D
Level 1
Level 1

So it looks like this is a brand new bug per TAC. We had to install a new certificate using the

crypto pki trustpool import terminal

command (TAC gave us the cert). After that we ran the

license smart renew auth

and it succeeded. Problem now is we have hundreds of these routers. UGLY

Bug ID: Bug Search Tool (cisco.com) CSCwa91870

Tools healthcheck site: https://tools.cisco.com/healthcheck

Adding more information:

Field Notice: FN - 72323 - Catalyst Switching Products - QuoVadis Root Certificate Decommission Might Affect Smart Licensing and Smart Call Home Functionality, or Display Other Symptoms - Software Upgrade Recommended - Cisco

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

if they working and they broken, check you have any changes in the Firewall and network ? are these device able to reach internet  port 80 and 443 ?

 

wait for 1 more day and check is everything ok.

 

Time for Troublesheet :

 

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9500-series-switches/214484-cisco-smart-licensing-troubleshooting.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Aaron D
Level 1
Level 1

So it looks like this is a brand new bug per TAC. We had to install a new certificate using the

crypto pki trustpool import terminal

command (TAC gave us the cert). After that we ran the

license smart renew auth

and it succeeded. Problem now is we have hundreds of these routers. UGLY

Bug ID: Bug Search Tool (cisco.com) CSCwa91870

Tools healthcheck site: https://tools.cisco.com/healthcheck

Adding more information:

Field Notice: FN - 72323 - Catalyst Switching Products - QuoVadis Root Certificate Decommission Might Affect Smart Licensing and Smart Call Home Functionality, or Display Other Symptoms - Software Upgrade Recommended - Cisco

Martin, thanks for the post. 

 

Martin, thanks for the post. 

 

For the powers that be at Cisco: It's pretty bizarre (more like ugly) that TAC was surprised and unaware until today according to them. As customers this doesn't leave us feeling warm and fuzzy, especially given that it affects our operations. If Cisco TAC missed it, how many customers did?  And this concurs with the fact this bug -  Bug ID: Bug Search Tool (cisco.com) CSCwa91870 <---Opened today. 

 

Smart licensing has been quite the debacle. Now we have 100's of alerts coming in from routers due to the fact they no longer can authorize. This is one of the reasons customers are very unhappy with how Cisco has handled this 'feature'. And while we're aware of SLUP in 17.x, we are on 16.x which doesn't support it. There seems to be a real lack of awareness on Cisco's end in communicating and implementing these features. Now instead of a planned proactive migration we are being put in reactive mode. 

I‘m exactly in the same position as you. We just stumbled over this issue when we did a migration and Smart License did not work. I‘m also very surprised how this is communicated and executed. A disaster in my opinon.

Review Cisco Networking for a $25 gift card