Here's a nice link in troubleshooting the Smart Call Home (SCH) feature in a Cisco device running IOS-XE. I was enabling the Smart License in a Cisco 4K ISR but had an issue with Call Home. I've checked the call-home config and the portal reachability from the router were fine.
R1#show call-home smart-licensing
Current smart-licensing transport settings:
Smart-license messages: enabled
Profile: CiscoTAC-1 (status: ACTIVE)
Destination URL(s): https://tools.cisco.com/its/service/oddce/services/DDCEService
R1#ping tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.37.145.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 198/202/204 ms
I re-applied the Smart License token on the router using the license smart register command (with force keyword) in privilege mode and enable terminal monitor to observe the SCH registration details/error.
R1#terminal monitor
R1#license smart register idtoken <TOKEN STRING> force
Registration process is in progress. Use the 'show license status' command to check the progress and result
Feb 16 01:30:26.300 UTC: %SYS-2-PRIVCFG_ENCRYPT: Successfully encrypted private config file
Feb 16 01:30:20.642 UTC: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair has been generated or imported by crypto-engines
Feb 16 01:30:20.719 UTC: %PKI-6-CONFIGAUTOSAVE: Running configuration saved to NVRAMh license status
Feb 16 01:31:17.004 UTC: %CALL_HOME-5-SL_MESSAGE_FAILED: Fail to send out Smart Licensing message to: https://tools.cisco.com/its/service/oddce/services/DDCEService (ERR 205 : Request Aborted)
Feb 16 01:31:17.005 UTC: %SMART_LIC-3-AGENT_REG_FAILED: Smart Agent for Licensing Registration with the Cisco Smart Software Manager (CSSM) failed: Fail to send out Call Home HTTP message.
Feb 16 01:31:17.005 UTC: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Manager (CSSM) : Fail to send out Call Home HTTP message.
The SCH registration is stuck in REGISTRATION IN PROGRESS and the Smart License Status is still in EVAL MODE. It also mentioned failure is due to a failed Call Home HTTP message
R1#show license status
Smart Licensing is ENABLED
Utility:
Status: DISABLED
Data Privacy:
Sending Hostname: yes
Callhome hostname privacy: DISABLED
Smart Licensing hostname privacy: DISABLED
Version privacy: DISABLED
Transport:
Type: Callhome
Registration:
Status: REGISTERING - REGISTRATION IN PROGRESS
Export-Controlled Functionality: NOT ALLOWED
Initial Registration: FAILED on Feb 16 01:13:35 2022 UTC
Failure reason: Fail to send out Call Home HTTP message.
Next Registration Attempt: Feb 16 01:30:18 2022 UTC
License Authorization:
Status: EVAL MODE
Evaluation Period Remaining: 81 days, 14 hours, 3 minutes, 5 seconds
License Conversion:
Automatic Conversion Enabled: False
Status: Not started
Export Authorization Key:
Features Authorized:
<none>
I tried various "work around" commands but none solved the SCH issue.
R1(config)#ip host tools.cisco.com 173.37.145.8
R1(config)#ip domain lookup source-interface GigabitEthernet0/0/0
R1(config)#ip http client source-interface GigabitEthernet0/0/0
R1(config)#no ip name-server 8.8.8.8
R1(config)#ip name-server 4.2.2.2
R1(config)#call-home
R1(cfg-call-home)#profile "CiscoTAC-1"
R1(cfg-call-home-profile)#destination address http http://tools.cisco.com/its/service/oddce/services/DDCEService
R1(cfg-call-home-profile)#
Feb 16 01:40:00.315 UTC: %CALL_HOME-4-HTTP_ADDRESS_NOT_SUPPORTED: Http will be or has been disabled on Smart Call Home Server, please change the address http://tools.cisco.com/its/service/oddce/services/DDCEService to https address for profile CiscoTAC-1. Otherwise, call-home will fail to send messages
R1#show run | section call-home
service call-home
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
destination address http http://tools.cisco.com/its/service/oddce/services/DDCEService
I tried to use the telnet <FQDN> 443 command and noticed the SCH portal/hostname tried to resolve using an IPv6 address. So I "hard code" the SCH DNS resolution to an IPv4 address instead using http resolve-hostname ipv4-first call-home subcommand.
R1#telnet tools.cisco.com 443 /source-interface GigabitEthernet0/0/0
Trying 2001:420:1101:5::A, 443 ...
% Destination unreachable; gateway or host down
R1(config)#call-home
R1(cfg-call-home)#http ?
resolve-hostname Specify the IP version to resolve server hostname
secure Specify secure settings for http transport method
R1(cfg-call-home)#http resolve-hostname ?
ipv4-first ipv4 first
R1(cfg-call-home)#http resolve-hostname ipv4-first
I removed the "work around" commands and I forced the SCH registration again. This time the SCH finally worked.
R1#license smart register idtoken <TOKEN STRING> force
Registration process is in progress. Use the 'show license status' command to check the progress and result
Feb 16 02:25:42.726 UTC: %CRYPTO_ENGINE-5-KEY_DELETED: A key named SLA-KeyPair2 has been removed from key storage
Feb 16 02:25:43.973 UTC: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named SLA-KeyPair2 has been generated or imported by crypto-engine
Feb 16 02:25:44.049 UTC: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
Feb 16 02:25:51.895 UTC: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb 16 02:26:20.747 UTC: %CALL_HOME-6-SCH_REGISTRATION_IN_PROGRESS: SCH device registration is in progress. Call-home will poll SCH server for registration result. You can also check SCH registration status with "call-home request registration-info" under EXEC mode.
Feb 16 02:26:20.748 UTC: %SMART_LIC-5-COMM_RESTORED: Communications with the Cisco Smart Software Manager (CSSM) restored
Feb 16 02:26:20.930 UTC: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is allowed
Feb 16 02:26:20.931 UTC: %SMART_LIC-6-AGENT_REG_SUCCESS: Smart Agent for Licensing Registration successful. udi PID:ISR4321/K9,SN:FLM2451ABCD
Feb 16 02:26:33.004 UTC: %SMART_LIC-5-IN_COMPLIANCE: All entitlements and licenses in use on this device are authorized
Feb 16 02:26:33.006 UTC: %SMART_LIC-5-END_POINT_RESET: End Point list reset
Feb 16 02:26:33.006 UTC: %SMART_LIC-6-AUTH_RENEW_SUCCESS: Authorization renewal successful. State=authorized for udi PID:ISR4321/K9,SN:FLM2451ABCD
R1#show license summary
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: <MY COMPANY>
Virtual Account: <MY VIRTUAL ACCOUNT>
Export-Controlled Functionality: ALLOWED
Last Renewal Attempt: None
Next Renewal Attempt: Aug 15 02:31:59 2022 UTC
License Authorization:
Status: AUTHORIZED
Last Communication Attempt: SUCCEEDED
Next Communication Attempt: Mar 18 02:32:13 2022 UTC
License Usage:
License Entitlement tag Count Status
-----------------------------------------------------------------------------
Boost Performance fo... (ISR_4321_BOOST) 1 AUTHORIZED
No comments:
Post a Comment