cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Smart Call Home Community!

Our online forum for Smart Call Home customers to share, learn, and collaborate on Smart Call Home related topics. We encourage you to ask questions of Cisco experts, start a discussion, or share ideas and insight.

Smart Call Home enabled devices perform proactive diagnostics on their own components to provide real-time alerts and remediation advice when an issue is detected. An embedded support feature available on a broad range of Cisco products, it is provided at no additional cost with an active Smart Net Total Care Service, SP Base, Unified Computing Support Service, or Mission Critical Support Service contract for the designated products.

This Community will provide you with an overview about Cisco Smart Call Home features and how these features are embedded in a wide range of Cisco products to help your network. Smart Call Home provides higher network availability and support service quality.

Smart Call Home Portal Performance

On We are currently experiencing performance issues with accessing and operations of the Small Call Home portal. Users are being dropped from the portal. Our team is working to resolve this issue as quickly as possible. We apologize for any inconvenience this is creating.

1368
Views
5
Helpful
2
Replies
schulcz
Beginner

Call Home device registration problem: Fail to send out Call Home HTTP message.

Hi Guys!

I recently installed and activated a CSSM Satellite server, it is assigned to SA, works fine, I see the licenses on server.

I would like to registrer my first 9200L switch, and ran into problem. I made configurations by Cisco Smart Licensing guide, I made recommended steps also, but got error message during registration.

 

In log files I saw the device tried to fetch the IP address of cisco.com, but don't understand why, I configured satellite url under call-home profile.

I can't use resolution by name server because "no ip domain-lookup" was configured by policy, so I added a static entry that points to CSSM's IP address:

ip host cxxxxxx1.xxx.hu 172.xxx.xxx.xx4

As you can see, it works:

xxxxxx#ping cxxxxxx1.xxx.xx
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.xxx.xxx.xx4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
xxxxxx#

Outputs:

xxxxxx#sh license status
Smart Licensing is ENABLED

Utility:
  Status: DISABLED

Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED

Transport:
  Type: Callhome

Registration:
  Status: REGISTERING - REGISTRATION IN PROGRESS
  Export-Controlled Functionality: NOT ALLOWED
  Initial Registration: FAILED on Feb 25 13:44:19 2021 CET
    Failure reason: Fail to send out Call Home HTTP message.
  Next Registration Attempt: Feb 25 14:00:55 2021 CET

License Authorization:
  Status: EVAL MODE
  Evaluation Period Remaining: 76 days, 0 hours, 23 minutes, 1 seconds

Export Authorization Key:
  Features Authorized:
    <none>


xxxxxx#
000319: Feb 25 13:26:07.888 CET: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair2 has been generated or imported by crypto-engine
000320: Feb 25 13:26:08.069 CET: %PKI-6-CONFIGAUTOSAVE: Running configuration saved to NVRAM
000321: Feb 25 13:26:08.830 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000322: Feb 25 13:26:08.830 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000323: Feb 25 13:26:18.857 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000324: Feb 25 13:26:18.857 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000325: Feb 25 13:26:28.886 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000326: Feb 25 13:26:28.886 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000327: Feb 25 13:26:38.912 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000328: Feb 25 13:26:38.912 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000329: Feb 25 13:26:48.941 CET: %PKI-3-HOSTNAME_RESOLVE_ERR: Failed to resolve HOSTNAME/IPADDRESS : www.cisco.com
000330: Feb 25 13:26:48.941 CET: %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed
                      Reason : Failed to fetch IP address from :www.cisco.com
000331: Feb 25 13:26:48.944 CET: %CALL_HOME-5-SL_MESSAGE_FAILED: Fail to send out Smart Licensing message to: https://cxxxxxx1.xxx.xx/Transportgateway/services/DeviceRequestHandler (ERR 205 : Request Aborted)
000332: Feb 25 13:26:48.945 CET: %SMART_LIC-3-AGENT_REG_FAILED: Smart Agent for Licensing Registration with the Cisco Smart Software Manager (CSSM) failed: Fail to send out Call Home HTTP message.
000333: Feb 25 13:26:48.946 CET: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : Fail to send out Call Home HTTP message.
xxxxxx#sh run | sec call-home
service call-home
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 no http secure server-identity-check
 profile "CiscoTAC-1"
  destination transport-method http
  no destination transport-method email
 profile "xxx-cssm"
  reporting smart-licensing-data
  destination transport-method http
  destination address http https://cxxxxxx1.xxx.xx/Transportgateway/services/DeviceRequestHandler
xxxxxx#

 

Do you have idea what can be the problem?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Justin Sprake
Cisco Employee

I see the PKI logs are reflecting a failure to validate the SLA-Trustpoint (aka the Smart License Agent trustpoint) and I think a number of issues arise when a device is unable to complete a CRL revocation check. As a workaround you can apply the below commands to see if the revocation check is the root cause:

 

#crypto pki trustpoint SLA-TrustPoint

#revocation-check none

 

Note: All traffic to Cisco requires HTTPs (HTTP is no longer a valid protocol for Cisco connectivity). Your local connection to SSM-On Prem can be either HTTP or HTTPS based on your requirements as the On-Prem Transport Gateway server should be listening on both (I believe it is 8443/8080, specifically).

 

Lastly, the error thrown usually includes some Call-Home reference; Call-Home, Smart Call Home, Smart Licensing, and SSM-On Prem all kind of occupy the same space when it comes to troubleshooting. You may find other conversations about On-Prem specifically at the community below:

 

https://community.cisco.com/t5/cisco-software-discussions/bd-p/5938j-disc-cisco-software

View solution in original post

2 REPLIES 2
Justin Sprake
Cisco Employee

I see the PKI logs are reflecting a failure to validate the SLA-Trustpoint (aka the Smart License Agent trustpoint) and I think a number of issues arise when a device is unable to complete a CRL revocation check. As a workaround you can apply the below commands to see if the revocation check is the root cause:

 

#crypto pki trustpoint SLA-TrustPoint

#revocation-check none

 

Note: All traffic to Cisco requires HTTPs (HTTP is no longer a valid protocol for Cisco connectivity). Your local connection to SSM-On Prem can be either HTTP or HTTPS based on your requirements as the On-Prem Transport Gateway server should be listening on both (I believe it is 8443/8080, specifically).

 

Lastly, the error thrown usually includes some Call-Home reference; Call-Home, Smart Call Home, Smart Licensing, and SSM-On Prem all kind of occupy the same space when it comes to troubleshooting. You may find other conversations about On-Prem specifically at the community below:

 

https://community.cisco.com/t5/cisco-software-discussions/bd-p/5938j-disc-cisco-software

View solution in original post

Thank You very much, it solves my problem.

xxxxxx#sh ver | i Status
Smart Licensing Status: REGISTERED/AUTHORIZED
xxxxxx#