Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11548
Views
5
Helpful
2
Replies

Call Home device registration problem: Fail to send out Call Home HTTP message.

Go to solution
schulcz
Level 1
Level 1

‎02-25-2021 05:05 AM - edited ‎02-25-2021 05:06 AM

Hi Guys!

I recently installed and activated a CSSM Satellite server, it is assigned to SA, works fine, I see the licenses on server.

I would like to registrer my first 9200L switch, and ran into problem. I made configurations by Cisco Smart Licensing guide, I made recommended steps also, but got error message during registration.

 

In log files I saw the device tried to fetch the IP address of cisco.com, but don't understand why, I configured satellite url under call-home profile.

I can't use resolution by name server because "no ip domain-lookup" was configured by policy, so I added a static entry that points to CSSM's IP address:

ip host cxxxxxx1.xxx.hu 172.xxx.xxx.xx4

As you can see, it works:

xxxxxx#ping cxxxxxx1.xxx.xx
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.xxx.xxx.xx4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
xxxxxx#

Outputs:

xxxxxx#sh license status
Smart Licensing is ENABLED

Utility:
  Status: DISABLED

Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED

Transport:
  Type: Callhome

Registration:
  Status: REGISTERING - REGISTRATION IN PROGRESS
  Export-Controlled Functionality: NOT ALLOWED
  Initial Registration: FAILED on Feb 25 13:44:19 2021 CET
    Failure reason: Fail to send out Call Home HTTP message.
  Next Registration Attempt: Feb 25 14:00:55 2021 CET

License Authorization:
  Status: EVAL MODE
  Evaluation Period Remaining: 76 days, 0 hours, 23 minutes, 1 seconds

Export Authorization Key:
  Features Authorized:
    <none>


xxxxxx#
000319: Feb 25 13:26:07.888 CET: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair2 has been generated or imported by crypto-engine
000320: Feb 25 13:26:08.069 CET: %PKI-6-CONFIGAUTOSAVE: Running configuration saved to NVRAM
000321: Feb 25 13:26:08.830 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000322: Feb 25 13:26:08.830 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000323: Feb 25 13:26:18.857 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000324: Feb 25 13:26:18.857 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000325: Feb 25 13:26:28.886 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000326: Feb 25 13:26:28.886 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000327: Feb 25 13:26:38.912 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000328: Feb 25 13:26:38.912 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000329: Feb 25 13:26:48.941 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000330: Feb 25 13:26:48.941 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000331: Feb 25 13:26:48.944 CET: %CALL_HOME-5-SL_MESSAGE_FAILED: Fail to send out Smart Licensing message to: https://cxxxxxx1.xxx.xx/Transportgateway/services/DeviceRequestHandler (ERR 205 : Request Aborted)
000332: Feb 25 13:26:48.945 CET: %SMART_LIC-3-AGENT_REG_FAILED: Smart Agent for Licensing Registration with the Cisco Smart Software Manager (CSSM) failed: Fail to send out Call Home HTTP message.
000333: Feb 25 13:26:48.946 CET: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : Fail to send out Call Home HTTP message.
xxxxxx#sh run | sec call-home
service call-home
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 no http secure server-identity-check
 profile "CiscoTAC-1"
  destination transport-method http
  no destination transport-method email
 profile "xxx-cssm"
  reporting smart-licensing-data
  destination transport-method http
  destination address http https://cxxxxxx1.xxx.xx/Transportgateway/services/DeviceRequestHandler
xxxxxx#

 

Do you have idea what can be the problem?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Justin Sprake
Cisco Employee
Cisco Employee

‎02-25-2021 07:46 AM

I see the PKI logs are reflecting a failure to validate the SLA-Trustpoint (aka the Smart License Agent trustpoint) and I think a number of issues arise when a device is unable to complete a CRL revocation check. As a workaround you can apply the below commands to see if the revocation check is the root cause:

 

#crypto pki trustpoint SLA-TrustPoint

#revocation-check none

 

Note: All traffic to Cisco requires HTTPs (HTTP is no longer a valid protocol for Cisco connectivity). Your local connection to SSM-On Prem can be either HTTP or HTTPS based on your requirements as the On-Prem Transport Gateway server should be listening on both (I believe it is 8443/8080, specifically).

 

Lastly, the error thrown usually includes some Call-Home reference; Call-Home, Smart Call Home, Smart Licensing, and SSM-On Prem all kind of occupy the same space when it comes to troubleshooting. You may find other conversations about On-Prem specifically at the community below:

 

https://community.cisco.com/t5/cisco-software-discussions/bd-p/5938j-disc-cisco-software

View solution in original post

2 Replies 2

Go to solution
Justin Sprake
Cisco Employee
Cisco Employee

‎02-25-2021 07:46 AM

I see the PKI logs are reflecting a failure to validate the SLA-Trustpoint (aka the Smart License Agent trustpoint) and I think a number of issues arise when a device is unable to complete a CRL revocation check. As a workaround you can apply the below commands to see if the revocation check is the root cause:

 

#crypto pki trustpoint SLA-TrustPoint

#revocation-check none

 

Note: All traffic to Cisco requires HTTPs (HTTP is no longer a valid protocol for Cisco connectivity). Your local connection to SSM-On Prem can be either HTTP or HTTPS based on your requirements as the On-Prem Transport Gateway server should be listening on both (I believe it is 8443/8080, specifically).

 

Lastly, the error thrown usually includes some Call-Home reference; Call-Home, Smart Call Home, Smart Licensing, and SSM-On Prem all kind of occupy the same space when it comes to troubleshooting. You may find other conversations about On-Prem specifically at the community below:

 

https://community.cisco.com/t5/cisco-software-discussions/bd-p/5938j-disc-cisco-software

Go to solution
schulcz
Level 1
Level 1
In response to Justin Sprake

‎02-25-2021 10:18 AM - edited ‎02-25-2021 10:18 AM

Thank You very much, it solves my problem.

xxxxxx#sh ver | i Status
Smart Licensing Status: REGISTERED/AUTHORIZED
xxxxxx# 

 

0 Helpful
Customers Also Viewed These Support Documents