Solved: Re: FRP/ASA license REGISTERED/UNREGISTERED after reload

cisco.13 · ‎01-16-2024

Hello,
I upgraded an FRP2130 ASA from version 9.15(1)15 to version 9.18(3)56.
The device was successfully registered (license smart register idtoken xxxxxxxxxxx force + wr). But after each reboot, it becomes UNREGISTERED!

An idea, please?

Smart Licensing is ENABLED
Registration:
Status: UNREGISTERED
Export-Controlled Functionality: NOT ALLOWED
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 23 hours, 20 minutes, 45 seconds
License Usage:
License Entitlement tag Count Status
-----------------------------------------------------------------------------
(FIREPOWER_2100_ASA_STA...) 1 EVAL MODE
(FPR2K-ASA-ENC) 1 EVAL MODE

Thank you.

cisco.13 · ‎02-13-2024

Hello,

https://bst.cisco.com/bugsearch/bug/CSCwi76630?rfs=qvred

View solution in original post

balaji.bandi · ‎01-16-2024

check this below thread :

check the registration method https and source interface - see if that fix the issue.

https://community.cisco.com/t5/network-security/cisco-asa-smart-license-registration-failed-fp2130/td-p/4278033

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cisco.13 · ‎01-17-2024

Hello @balaji.bandi ,

Thank you, in fact, I manage to register the license, but after reload, it becomes UNREGISTERED
Here are the details

# call-home test profile CiscoTAC-1
INFO: Destination callhome@cisco.com skipped. Transport method email is not enabled.
INFO: Sending test message to https://tools.cisco.com/its/service/oddce/services/DDCEService...
INFO: Succeeded

# ping tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/120 ms
# ping outside tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/120 ms

# show call-home profile all
Profiles:
Profile Name: License
Profile status: ACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: http
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Alert-group Severity
------------------------ ------------
N/A N/A
Profile Name: CiscoTAC-1
Profile status: ACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: http
Email address(es): callhome@cisco.com
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Periodic inventory message is scheduled monthly on day 19, 00:04 (782:49:20.010)
Periodic configuration message is scheduled monthly on day 19, 00:04 (782:49:20.010)
Periodic telemetry message is scheduled daily at 00:04 (14:49:20.010)
Alert-group Severity
------------------------ ------------
diagnostic informational
environment informational
inventory informational
configuration critical
telemetry informational

My conf :
service call-home
no call-home reporting anonymous
call-home
contact-email-addr email@email.com
source-interface outside
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily

debug call-home all
debug license 255

# Lic IPC: Sending synchronous show request
Lic IPC: Sending synchronous request message of length 22
Lic IPC: Sent message of 22 bytes total on sock 299392538
Lic IPC: Nothing to read on sync socket
Lic IPC: Return from receive is 10, errno=Success
Lic IPC: Received message of length 1079 on sock 299392538
Lic IPC: Reading 1079 bytes from socket 299392538
Lic IPC: Sync socket received message of length 1079
Lic IPC: Received Synchronous response of length 1079
Lic IPC: Received 1067-byte synchronous show response message

Thank you

cisco.13 · ‎02-12-2024

Hello,

So it's a bug, no problem with v 9.17.1, 9.18.3 (and other versions)

Thank you

tvotna · ‎02-13-2024

Do you know bug id?

balaji.bandi · ‎02-13-2024

I was guessing same - but Good to know and thank you for sharing the information.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cisco.13 · ‎02-13-2024

Hello,

https://bst.cisco.com/bugsearch/bug/CSCwi76630?rfs=qvred

tvotna · ‎02-14-2024

Thanks. It appears the issue was caused by some changes related to clock management in one of recent versions, so all most recent ASA 9.16.4.x and 9.18.3.x/9.18.4.x versions are affected. FTD versions which have these ASA versions under the hood are affected too. It appears the issue applies to Firepower 2100 only and maybe 1000 (unconfirmed).

miani · ‎05-22-2024

Hi, I can confirm this issue also happens on Firepower 1000 Series. In our case the affected devices are FPR-1010 and running different releases from the 9.18.3.x train.

Currently waiting for a list of fixed releases from TAC since the bug description is bad.

miani · ‎05-22-2024

So TAC is saying Release 9.18.4.24 is fixed.

Everything after 9.18.4.18 is fixed.

There are no 9.18.3.X Releases that contain a fix.

cisco.13 · ‎05-22-2024

Hello, yes 9.18.4.24 is fixed. in addition it corrects the latest cve