01-16-2024 12:09 PM
Hello,
I upgraded an FRP2130 ASA from version 9.15(1)15 to version 9.18(3)56.
The device was successfully registered (license smart register idtoken xxxxxxxxxxx force + wr). But after each reboot, it becomes UNREGISTERED!
An idea, please?
Smart Licensing is ENABLED
Registration:
Status: UNREGISTERED
Export-Controlled Functionality: NOT ALLOWED
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 89 days, 23 hours, 20 minutes, 45 seconds
License Usage:
License Entitlement tag Count Status
-----------------------------------------------------------------------------
(FIREPOWER_2100_ASA_STA...) 1 EVAL MODE
(FPR2K-ASA-ENC) 1 EVAL MODE
Thank you.
Solved! Go to Solution.
02-13-2024 02:33 PM
01-16-2024 12:51 PM
check this below thread :
check the registration method https and source interface - see if that fix the issue.
01-17-2024 12:37 AM
Hello @balaji.bandi ,
Thank you, in fact, I manage to register the license, but after reload, it becomes UNREGISTERED
Here are the details
# call-home test profile CiscoTAC-1
INFO: Destination callhome@cisco.com skipped. Transport method email is not enabled.
INFO: Sending test message to https://tools.cisco.com/its/service/oddce/services/DDCEService...
INFO: Succeeded
# ping tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/120 ms
# ping outside tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/120 ms
# show call-home profile all
Profiles:
Profile Name: License
Profile status: ACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: http
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Alert-group Severity
------------------------ ------------
N/A N/A
Profile Name: CiscoTAC-1
Profile status: ACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: http
Email address(es): callhome@cisco.com
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Periodic inventory message is scheduled monthly on day 19, 00:04 (782:49:20.010)
Periodic configuration message is scheduled monthly on day 19, 00:04 (782:49:20.010)
Periodic telemetry message is scheduled daily at 00:04 (14:49:20.010)
Alert-group Severity
------------------------ ------------
diagnostic informational
environment informational
inventory informational
configuration critical
telemetry informational
My conf :
service call-home
no call-home reporting anonymous
call-home
contact-email-addr email@email.com
source-interface outside
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
debug call-home all
debug license 255
# Lic IPC: Sending synchronous show request
Lic IPC: Sending synchronous request message of length 22
Lic IPC: Sent message of 22 bytes total on sock 299392538
Lic IPC: Nothing to read on sync socket
Lic IPC: Return from receive is 10, errno=Success
Lic IPC: Received message of length 1079 on sock 299392538
Lic IPC: Reading 1079 bytes from socket 299392538
Lic IPC: Sync socket received message of length 1079
Lic IPC: Received Synchronous response of length 1079
Lic IPC: Received 1067-byte synchronous show response message
Thank you
02-12-2024 03:00 AM
Hello,
So it's a bug, no problem with v 9.17.1, 9.18.3 (and other versions)
Thank you
02-13-2024 07:03 AM
Do you know bug id?
02-13-2024 10:14 AM
I was guessing same - but Good to know and thank you for sharing the information.
02-13-2024 02:33 PM
02-14-2024 06:44 AM
Thanks. It appears the issue was caused by some changes related to clock management in one of recent versions, so all most recent ASA 9.16.4.x and 9.18.3.x/9.18.4.x versions are affected. FTD versions which have these ASA versions under the hood are affected too. It appears the issue applies to Firepower 2100 only and maybe 1000 (unconfirmed).
05-22-2024 06:04 AM
Hi, I can confirm this issue also happens on Firepower 1000 Series. In our case the affected devices are FPR-1010 and running different releases from the 9.18.3.x train.
Currently waiting for a list of fixed releases from TAC since the bug description is bad.
05-22-2024 07:26 AM
So TAC is saying Release 9.18.4.24 is fixed.
Everything after 9.18.4.18 is fixed.
There are no 9.18.3.X Releases that contain a fix.
05-22-2024 07:37 AM
Hello, yes 9.18.4.24 is fixed. in addition it corrects the latest cve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide