banner



Home  ›  How Come On Nexus I Cant Register Cuase It Says My Email Is Alreasy Takenm

How Come On Nexus I Cant Register Cuase It Says My Email Is Alreasy Takenm

Written By Tuesday, May 31, 2022 Add Comment Edit

    This document describes how to work with Cisco Smart Licensing (cloud-based system) to manage software licenses on Catalyst switches.

    What is Cisco Smart Licensing?

    Cisco Smart Licensing is a cloud-based unified license management system that manages all of the software licenses across Cisco products. It enables customers to purchase, deploy, manage, rails and renew Cisco Software licenses. It besides provides information virtually license ownership and consumption through a single user interface

    The solution is comprised of online Smart Accounts (at Cisco Smart Licensing Portal) used for tracking Cisco software assets and the Cisco Smart Software Manager (CSSM) which is used to manage the Smart Accounts. CSSM is where all licensing management related tasks, such every bit registering, de-registering, moving, and transferring licenses tin can be performed. Users can exist added and given access and permissions to the smart account and specific virtual accounts.

    To learn more about Cisco Smart Licensing, visit:

    a) Cisco Smart Licensing home page

    b) Cisco Community - On-Need Trainings

    For more data on the new Smart Licensing using Policy method in Cisco IOS® XE 17.3.two and later, visit Smart Licensing using Policy on Catalyst Switches

    New to Smart Licensing and/or Smart Account administration? Visit and sign up for the new ambassador grooming form and recording:
    Cisco Community - Become Smart with Cisco Smart Accounts/Smart Licensing and My Cisco Entitlements

    Smart accounts can be created here: Smart Accounts

    Smart accounts can exist managed here: Smart Software Licensing

    Smart Licensing Implementation Methods

    There are multiple methods in deploying Cisco Smart Licensing that tin be leveraged depending on a company's security profile such as:

    Direct Cloud Admission

    Cisco Smart Licensing deployed through direct cloud access

    Cisco products send usage information direct over the Internet securely using HTTPS. No additional components are needed.

    Admission through an HTTPS Proxy

    Cisco Smart Licensing deployed through an HTTPS proxy

    Cisco products ship usage information through an HTTP proxy server deeply using HTTPS. An existing proxy server tin be used or this tin can exist deployed through Cisco's Send Gateway. (click here for some additional data).

    On-premise License Server (Also known as Cisco Smart Software Director satellite)

    Cisco Smart Licensing deployed through an on-premise license server

    Cisco products send usage data to an on-premise server instead of straight over the internet. One time a month the server reaches out over the internet for all devices via HTTPS or can exist manually transferred to synchronize its database. CSSM On-prem (Satellite) is available as a Virtual Motorcar (VM) and tin can exist downloaded here. For boosted data, visit Smart Software Director Satellite page.

    Supported Cisco IOS XE Platforms

    • From Cisco IOS XE version 16.9.1 release onwards, the Catalyst 3650/3850 and Catalyst 9000 series switch platforms back up the Cisco Smart Licensing method as the only licensing method.
    • From Cisco IOS XE version 16.10.1 release onwards, router platforms such as the ASR1K, ISR1K, ISR4K, and virtual routers (CSRv / ISRv) support the Cisco Smart Licensing method every bit the only licensing method.

    Migration from Legacy Licenses to Smart Licenses

    There are two methods for converting a legacy license, like Right-To-Utilise (RTU) or Product Activation Key (PAK) to a Smart License. For details on which method needs to exist followed please refer to the relevant release notes and/or configuration guide for the specific Cisco device.

    Converting through Device Led Conversion (DLC)

    • Device Led Conversion (DLC) is a i-time method where the Cisco Product can report what licenses information technology is using and the licenses are automatically deposited into their corresponding Smart Business relationship on the Cisco Smart Software Manager (CSSM). The DLC procedure is performed directly from the Command Line Interface (CLI) of the specific Cisco device.
    • The DLC process is only supported on the Catalyst 3650/3850 and selected router platforms. For specific router models delight refer to the individual platform configuration guide and release notes. Case: DLC process for Goad 3850 running Fuji 16.9.ten releases.

    Device-led conversion

    Converting through Cisco Smart Software Manager (CSSM) or License Registration Portal (LRP)

    Cisco Smart Software Managing director (CSSM) Method:

    i. Login to Cisco Smart Software Manager (CSSM) at https://software.cisco.com/

    2. Navigate to Smart Software Licensing > Catechumen to Smart Licensing

    three. Select Catechumen PAK or Catechumen Licenses

    Select Convert PAKs

    four. Locate the license in the tabular array below if converting PAK license. If converting a non-PAK license use the "License Conversion Wizard" for stride by step directions.

    Location of known PAK files associated with Account:

    Find the license in the table

    Location of "License Conversion Sorcerer" link:

    Select the License Conversion Wizard link

    5. Locate the Desired License and Product combination

    6. Click (under Deportment): Catechumen to Smart Licensing

    Select Convert to Smart Licensing

    7. Select desired virtual account, license, and click Adjacent

    Select the Destination Virtual Account

    8. Review Selections, then click Catechumen Licenses

    Click Convert Licenses

    License Registration Portal (LRP) Method:

    one. Login to the License Registration Portal (LRP) http://tools.cisco.com/SWIFT/LicensingUI/Home

    ii. Navigate to Devices > Add together Devices

    iii. Enter the proper Product Family and Unique Device Identifier (UDI) product ID and series number then click Ok. UDI data can be obtained from "show version" or "show inventory" taken from the command line interface (CLI) of the Cisco device

    Enter the Product Family and Unique Device Identifier

    4. Choose the added device and Catechumen Licenses to Smart Licensing

    Select Convert licenses to Smart Licensing

    5. Assign to proper Virtual Account, select licenses to convert and Submit

    Choose the Virtual Account, select the licenses to convert, and click Submit

    Tip: LRP tool can too be used by looking upwardly the license/product family on the "PAKs or Tokens" tab, clicking the circumvolve drop down next to the PAK/Token and selecting "Convert to Smart Licensing":
    Select Convert to Smart Licensing

    Converting through contacting Cisco Global Licensing Operations (GLO) department

    The Global Licensing Operations department can be reached here at our worldwide contact centers.

    Goad 9500 High Performance Behavior Alter from sixteen.9 to 16.12.3

    Like other Catalyst 9000 models, the Catalyst 9500 High Operation models were enabled with Smart Licensing in the Cisco IOS XE version 16.9 train and onwards. For the Catalyst 9500 High Operation models, however, each model had its own specific license entitlement tag. It was after on decided by the product and marketing teams to unify the C9500 platforms entitlement tags. This decision inverse the behavior on the C9500 High Performance models from using specific entitlement tags to generic C9500 licenses.

    This change in behavior is documented in the following defects:

    a) Cisco bug ID CSCvp30661

    b) Cisco bug ID CSCvt01955

    Below is the before and after of the above-mentioned changes license changes for C9500 High Performance models:

    Cisco IOS XE version xvi.11.x and before

    Each C9600 High Functioning model has its own entitlement tags:

    Model License
    C9500-32C

    C9500 32C NW Essentials

    C9500 32C NW Advantage

    C9500 32C Deoxyribonucleic acid Essentials

    C9500 32C DNA Advantage
    C9500-32QC

    C9500 32QC NW Essentials

    C9500 32QC NW Reward

    C9500 32QC DNA Essentials

    C9500 32QC DNA Reward
    C9500-24Y4C

    C9500 24Y4C NW Essentials

    C9500 24Y4C NW Advantage

    C9500 24Y4C DNA Essentials

    C9500 24Y4C Deoxyribonucleic acid Advantage
    C9500-48Y4C

    C9500 48Y4C NW Essentials

    C9500 48Y4C NW Advantage

    C9500 48Y4C Dna Essentials

    C9500 48Y4C DNA Reward

    Notation: Cisco IOS XE versionsxvi.12.1 and 16.12.2 have the following defects Cisco bug ID CSCvp30661, Cisco problems ID CSCvt01955 and are addressed in sixteen.12.3a and subsequently.

    Cisco IOS XE version 16.12.three and later

    Goad 9500 High Functioning platforms will now apply generic network license tags and separate DNA license tags. This table shows the entitlements changes highlighted in Cisco IOS XE version 16.12.3 and later:

    Model License
    C9500-32C

    C9500 Network Essentials

    C9500 Network Reward

    C9500 32C DNA Essentials

    C9500 32C DNA Advantage
    C9500-32QC

    C9500 Network Essentials

    C9500 Network Advantage

    C9500 32QC Deoxyribonucleic acid Essentials

    C9500 32QC Deoxyribonucleic acid Advantage
    C9500-24Y4C

    C9500 Network Essentials

    C9500 Network Advantage

    C9500 24Y4C Dna Essentials

    C9500 24Y4C DNA Advantage
    C9500-48Y4C

    C9500 Network Essentials

    C9500 Network Reward

    C9500 48Y4C Dna Essentials

    C9500 48Y4C Deoxyribonucleic acid Advantage

    Note: Upgrades from Cisco IOS XE versions 16.12.1 and 16.12.2 will display this license behavior. Upgrades from Cisco IOS XE versions 16.9.x ,sixteen.x.10, sixteen.xi.x to 16.12.iii volition recognise old license configurations.

    C9500 High Functioning Change FAQ

    1.  Why does Cisco support classify a generic network license, when my device is consuming a device-specific network license?

    Generic tags are provided as they are the right entitlement tags for the network device. This allows usage of the entitlement tags across the entire Cat9500 platform, non only the specific C9500 loftier performance models. Pre-xvi.12.3 images that ask for device-specific license tags are in compliance with the generic license tags as the more specific licenses fall under the generic licenses in the licensing hierarchy.

    2.  Why do two network tags sometimes show up in the Smart Account?

    This behavior is due to the licensing hierarchy and happens when the device is running on an older paradigm that utilizes device-specific licensing tags. Older images that ask for device-specific license tags are in compliance with the generic license tags every bit the more specific tags fall under the generic licenses in the licensing bureaucracy.

    Bones configuration

    Exact process how to configure Smart Licensing can exist found in System Management Configuration Guide available for each release / platform.

    For example: System Management Configuration Guide, Cisco IOS XE Fuji 16.ix.x (Catalyst 9300 Switches)

    Registration Token / Device ID Token

    Earlier registering device, Token needs to be generated. The registration token, also known every bit the device id token, is a unique token generated from the smart licensing portal orCisco Smart Software Manager on-prem when initially registering a Cisco device to the corresponding smart account. An individual token tin exist used to register multiple Cisco devices depending on the parameters used during creation.

    The registration token is also but required during initial registration of a Cisco device as information technology provides the data to the device to telephone call-home to the Cisco back terminate and be tied to the correct Smart Account. Afterward the Cisco device is registered the token is no longer required.

    For more data in regard to registration tokens and how they are generated, delight click here for a general guide. For more details, please refer to the configuration guide for the specific Cisco device.

    Registration and License States

    While deploying and configuring Smart Licensing at that place are multiple possible states that a Cisco device can be in. These states can exist displayed by looking at bear witness license all or prove license status from the Control Line Interface (CLI) of the Cisco device.

    Below is a listing of all states and their pregnant:

    • Evaluation (Unidentified) Country
      • This is a default land of the device when start booted.
      • Usually, this state is seen when a Cisco device has not yet been configured for Smart Licensing or registered to a Smart Account.
      • In this country all features are available and the device can freely change license levels.
      • The evaluation period is used when the device is in the unidentified state. The device will not attempt to communicate with Cisco in this state.
      • This will be 90 days of usage and not 90 calendar days.Once it is expired it is never reset.
      • There is one evaluation period for the entire device it is non per entitlement
      • When the evaluation menstruation expires at the end of xc days, the device goes in to EVAL EXPIRY mode, nonetheless in that location is no functional impact or disruption in functionality, even later reload. Currently there is no enforcement in place.
      • The countdown time is maintained across reboots.
      • The evaluation period is used if the device has not yet registered with Cisco and has not received the following two messages from the Cisco backend:
        1. Successful response to a registration request
        2. Successful response to an entitlement dominance request.
    • Registered Country
      • This is the expected state afterward successfully completing registration.
      • The Cisco device has been able to successfully communicate with a Cisco Smart Account and register.
      • The device receives an ID certificate valid for i year which will be used for time to come communications
      • The device will ship a request to CSSM to authorize the entitlements for the licenses in employ on the device
      • Depending on the CSSM response the device will and then enter Authorized or Out of Compliance
      • The Id certificate expires at the end of one year. After 6 months the software Agent process will try to renew the document. If the Agent cannot communicate with the Cisco Smart Software Manager information technology will go on to effort and renew the Id certificate until the expiration engagement (1 yr). At the end of 1 year, the agent volition go dorsum to the Un-Identified land and will effort to enable the Evaluation menses. The CSSM will remove the product instance from its database.
    • Authorized State
      • This is the expected land when device is using an entitlement and is in Compliance (no negative balance),
      • The Virtual Business relationship on CSSM had the correct blazon and number of licenses to qualify the consumption of the device'south licenses
      • At the end of 30 days, the device will send a new asking to CSSM to renew the authorization.
      • Has a time bridge of 90 days afterwards which (if not successfully renewed) is moved to Authorization Expired country.
    • Out of Compliance State
      • This is the land when device is using an entitlement and is not in Compliance (negative balance),
      • This state is seen when the device does non accept an available license in the corresponding Virtual Account that the Cisco device is registered to in the Cisco Smart Account.
      • To enter into Compliance / Authorized country, a customer must add the right number and blazon of licenses to the Smart Business relationship
      • When in this state the device will automatically send an authorization renewal asking every mean solar day
      • Licenses and features will continue to operate and in that location is no functional impact
    • Authorization Expired State
      • This is the land when device is using an entitlement has not been able to communicate with the Cisco Smart Account associated for over 90 days.
      • This is typically seen if the Cisco device loses internet access or cannot connect to tools.cisco.com after initial registration.
      • Online methods of smart licensing require Cisco devices to communicate a minimum of every 90 days to forestall this status.
      • CSSM volition render all in employ licenses for this device back to the puddle since it has not had any communications for 90 days
      • While in this state the device will continue to try to contact Cisco, every hour, to renew the entitlement authorization, until the registration period (id document) expires
      • If the software Amanuensis re-establishes communications with Cisco and receives to its request for authorization it will process that reply normally and enter into one of the established states
    • Starting in 16.9.1 for switches and 16.10.one for routers, a default Call-dwelling profile named "CiscoTAC-i" is generated to assist with migrating to Smart Licensing.  By default, this contour is set up for the Straight Cloud Access method.
              #show call-home profile CiscoTAC-one          Profile Proper name: CiscoTAC-one Profile status: ACTIVE Profile style: Full Reporting Reporting Data: Smart Call Dwelling house, Smart Licensing Preferred Message Format: xml Bulletin Size Limit: 3145728 Bytes Transport Method: http HTTP  address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService Other address(es): default <snip>
    • When utilizing aCisco Smart Software Manager on-premise server, the destination address under the active call-dwelling configuration must point to it (instance-sensitive!):
    (config)#call-dwelling house
    (cfg-call-domicile)#profile "CiscoTAC-1"
    (cfg-call-abode-profile)#destination accost http https://<IP/FQDN>/Transportgateway/services/DeviceRequestHandler
    • DNS is required to resolve tools.cisco.com. If DNS server connectivity is in a VRF, ensure the proper source-interface and VRF are defined in the post-obit:
              Global Routing Table Used:          
    (config)#ip domain-lookup [source-interface <INTERFACE>]
    (config)#ip proper name-server <IP>VRF Routing Tabular array Used:          
    (config)#ip domain-lookup [source-interface <INTERFACE>]     <<-- "ip vrf forwarding <VRF-Name>" defined on the interface
    (config)#ip proper name-server vrf <VRF-Name> <SERVER-IP>

    Alternatively, if DNS is non available, statically configure local DNS to IP mapping (based on local DNS resolution on your stop-device) or replace DNS proper name in call-abode configuration with IP address. Refer to example for direct cloud admission (forCisco Smart Software Manager on-prem use its own DNS name instead of tools.cisco.com):

    (config)#ip host tools.cisco.com <10.10.x.x>
    • If communication to tools.cisco.comneeds to be originated from the interface in specific VRF (e.1000. Mgmt-vrf), and then the post-obit CLI needs to be configured:
    (config)#ip http client source-interface <VRF_INTERFACE>
    • A unlike number of licenses might be consumed depending on the configuration of the Cisco device such equally with Goad switches running in StackWise or StackWise Virtual:

    Traditional Stack-wise Supported Switches (e.g. Catalyst 9300 series):

    Network License: one license is consumed per switch in the stack

    DNA License: 1 license is consumed per switch in the stack

    Modular Chassis (due east.g. Catalyst 9400 series):

    Network License: ane license is consumed per supervisor in the chassis

    Deoxyribonucleic acid License: 1 license is consumed per chassis

    Fixed Stack-wise Virtual Supported Switches (e.one thousand. Catalyst 9500 series):

    Network License: 1 license is consumed per switch in the stack

    DNA License: 1 license is consumed per switch in the stack

    • Only one telephone call-home profile can be agile for Smart Licensing.
    • Licenses are only consumed if a respective feature is configured.
    • Cisco devices configured for Smart Licensing need to be configured with the right arrangement time and engagement to ensure they are properly synchronized with the corresponding Cisco Smart Account. If the time starting time of the Cisco device is likewise far off it, the device can fail to annals. The clock will need to be manually ready or configured via a timing protocol such every bit Network Fourth dimension Protocol (NTP) or Precision Time Protocol (PTP). For the exact steps required to implement these changes please refer to the configuration guide for the specific Cisco device.
    • The Public Central Infrastructure (PKI) primal generated during the Cisco device registration needs to be saved if it is not automatically saved after registration. If the device fails to save the PKI key then a syslog is generated stating to save the configuration via "re-create running-config startup-config" or "write retention".
    • If the PKI key of the Cisco device is not properly saved, and so the license country can be lost on failovers or reloads.
    • Smart Licensing does not support HTTPS Proxy SSL certificate interception by default when using 3rd political party proxies for the HTTPS Proxy method. To support this characteristic, yous can either disable SSL interception on the Proxy, or manually import the certification sent from the Proxy.
                          How to Manually Import Certification as a TrustPoint:                    
    The certificate volition demand be in a BASE64 format to be copied and pasted onto the device as a TrustPoint.          
    The following instance shown below uses "LicRoot" equally the TrustPoint name, however, this name can be changed every bit desired.
              
    Device#conf t            
    Device(config)#crypto pki trustpoint LicRoot            
    Device(ca-trustpoint)#enrollment terminal            
    Device(ca-trustpoint)#revocation-check none            
    Device(ca-trustpoint)#exit            
    Device(config)#crypto pki cosign LicRoot            
    Enter the base 64 encoded CA certificate.            
    End with a bare line or the give-and-take "quit" on a line by itself            
    -----Brainstorm Document-----            
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    -----Finish Document-----            
    Certificate has the following attributes:            
         Fingerprint MD5: XXXXXXXX
                Fingerprint SHA1: XXXXXXX
    % Do you have this certificate? [yes/no]: yes            
    Trustpoint CA document accepted.            
    % Certificate successfully imported
    • When using the Transport Gateway HTTP Proxy the IP accost needs to be changed from tools.cisco.com to the Proxy similar the following:
             destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
                    TO
             destination address http https://<TransportGW-IP_Address>:<port_number>/Transportgateway/services/DeviceRequestHandler
    • The Transport Gateway IP accost can found by navigating to the HTTP Settings and looking under the HTTP Service URLs on the Cisco Transport Gateway GUI.
      • For more information please run into the following configuration guide for the Cisco Send Gateway here.

    When migrating a Cisco device to a Smart Licensing enabled software version the following flowchart tin can be used as a full general guide for all three methods (Direct Cloud Access, HTTPS Proxy, andCisco Smart Software Manager On-prem).

    Device Upgraded or Shipped with software release that supports Smart Licensing (refer to section i.3 for list of supported Cisco IOS XE releases).

    Flowchart of Smart Licensing method

    Beneath troubleshooting steps mainly concentrate on a scenario in which 'device fails to register'.

    Device Fails to annals

    After initial configuration, in guild to enable Smart Licensing, Token, which is generated on CSSM /Cisco Smart Software Manager on-prem, needs to be registered on the device via CLI:

    license smart register idtoken <TOKEN>

    This should generate the following events:

              ! Smart licensing process starts          
              !          
    Registration process is in progress. Use the 'prove license status' command to check the progress and result          !          
              ! Crypto central is automatically generated for HTTPS communication          
              !          
    Generating 2048 scrap RSA keys, keys will be exportable... [OK] (elapsed time was 1 seconds) %CRYPTO_ENGINE-5-KEY_ADDITION: A fundamental named SLA-KeyPair has been generated or imported by crypto-engine %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to salve new IOS PKI configuration          !          
              ! Call-home beginning registration process          
              !          %CALL_HOME-vi-SCH_REGISTRATION_IN_PROGRESS: SCH device registration is in progress. Call-home volition poll SCH server for registration result. Y'all can as well check SCH registration status with "phone call-dwelling request registration-info" under EXEC mode.          !          
              ! Smart Licensing procedure connects with CSSM and check entitlement.          
              !          %SMART_LIC-six-EXPORT_CONTROLLED: Usage of export controlled features is allowed %SMART_LIC-vi-AGENT_REG_SUCCESS: Smart Amanuensis for Licensing Registration with the Cisco Smart Software Manager or satellitefor udi PID:<PID>,SN:<SN> %SMART_LIC-4-CONFIG_NOT_SAVED: Smart Licensing configuration has not been saved          %SMART_LIC-5-IN_COMPLIANCE: All entitlements and licenses in use on this device are authorized          %SMART_LIC-vi-AUTH_RENEW_SUCCESS: Say-so renewal with the Cisco Smart Software Manager or satellite. State=authorized for udi PID:<PID>,SN:<SN>

    To  check call-dwelling house configuration, run the following CLI:

              #evidence call-home contour all          Profile Proper name: CiscoTAC-1                      Profile status: ACTIVE          Contour manner: Full Reporting          Reporting Data: Smart Call Dwelling house, Smart Licensing          Preferred Bulletin Format: xml     Message Size Limit: 3145728 Bytes          Transport Method: http     HTTP  accost(es): https://tools.cisco.com/its/service/oddce/services/DDCEService          Other address(es): default      Periodic configuration info bulletin is scheduled every one twenty-four hour period of the month at 09:15      Periodic inventory info bulletin is scheduled every ane day of the month at 09:00      Alert-group               Severity     ------------------------  ------------     crash                     debug     diagnostic                minor     environment               warning     inventory                 normal      Syslog-Pattern            Severity     ------------------------  ------------     APF-.-WLC_.*              warning     .*                        major

    To bank check Smart Licensing status, run the post-obit CLI:

              #show license summary          Smart Licensing is ENABLED  Registration:          Status: REGISTERED          Smart Account: TAC Cisco Systems, Inc.   Virtual Account: Krakow LAN-SW   Export-Controlled Functionality: Allowed   Terminal Renewal Attempt: None   Next Renewal Attempt: Nov 22 21:24:32 2019 UTC  License Authority:          Status: AUTHORIZED          Last Communication Attempt: SUCCEEDED                    Side by side Communication Endeavour: Jun 25 21:24:37 2019 UTC  License Usage:   License                 Entitlement tag               Count Status   -----------------------------------------------------------------------------   C9500 Network Reward (C9500 Network Advantage)         1 AUTHORIZED   C9500-Dna-40X-A         (C9500-40X DNA Reward)         1 AUTHORIZED

    If the device fails to register (and if Condition is different from REGISTERED), Out-of-Compliance points to an event on CSSM such every bit missing license in Smart Virtual Account, incorrect mapping (for example, a token from a different virtual account was used where licenses are not available), and so on.  Check these items:

    1. Verify configuration settings and common failure scenarios

    Refer to section 2.1 for bones configuration steps. Look also at section 5 for common failure scenarios observed in the field.

    ii. Check basic connectivity

    Verify that device can reach (and open TCP port) to tools.cisco.com (in case of direct admission) or toCisco Smart Software Manager on-premise server:

              #show run all | in destination address http          destination accost http          https://tools.cisco.com/its/service/oddce/services/DDCEService ! ! cheque connectivity !          #telnet tools.cisco.com 443 /source-interface gi0/0          Trying tools.cisco.com (ten.x.x.x, 443)... Open [Connection to tools.cisco.com airtight by foreign host]

    In case higher up does not piece of work, double-cheque your routing rules, source-interface and firewall settings.

    Note that HTTP (TCP/80) is being deprecated and the recommended protocol is HTTPS (TCP/443).

    Refer to department: "3. Considerations and Caveats" in this certificate for further guidelines how to configure DNS and HTTP details.

    3. Verify Smart License settings

    Collect the output of:

    #prove tech-back up license

    and validate collected configuration / logs (attach this output in case you decide to open Cisco TAC case for farther investigation).

    4. Enable debugs

    Enable the following debugs to collect additional information nearly Smart Licensing procedure (annotation that later on enabing debugs, you lot need to endeavour to register license one time again via CLi mentioned in point 4.one):

    #debug call-home smart-licensing [all | trace | error] #debug ip http client [all | api | cache | fault | chief | msg | socket]

    For internal debugs, enable and read binary traces:

    ! enable debug #fix platform software trace ios [switch] active R0 infra-sl debug ! ! read binary traces infra-sl process logs #show platform software trace bulletin ios [switch] agile R0

    The following are some mutual failure scenarios that could be experienced during or later on a Cisco device registration:

    Scenario #1: Switch Registration "Failure Reason: Product Already Registered"

    Snip of "bear witness license all":

    Registration:

      Status:UNREGISTERED - REGISTRATION FAILED

      Export-Controlled Functionality: NotAllowed

      Initial Registration: FAILED on Oct 22 14:25:31 2018 EST

       Failure reason: Product Already Registered

      Next Registration Try: Oct 22 fourteen:45:34 2018 EST

    Next Steps:

    - The Cisco device volition need to be registered again.

    - If the Cisco device is seen in the Cisco Smart Software Manager (CSSM), the "force" parameter will need to exist used (i.due east. "license smart annals idtoken <TOKEN> force")

    Note: The failure reason can as well show as the post-obit:
       - Failure reason: The product <Ten> and sudi containing udiSerialNumber:<SerialNumber>,udiPid:<Product> has already been registered.
       - Failure reason: Existing Product Instance has Consumption and Strength Flag is False

    Scenario #two: Switch Registration "Failure Reason: Your asking could non be processed correct now. Please try again"

    Snip of "show license all":

    Registration:

      Status: REGISTERING - REGISTRATION IN PROGRESS

      Export-Controlled Functionality: NotAllowed

      Initial Registration: FAILED on October 24 15:55:26 2018 EST

      Failure reason: Your request could non be processed right now. Please try over again

      Side by side Registration Attempt: October 24 sixteen:12:15 2018 EST

    Next Steps:

    - Enable debugs as mentioned in section 4 to get more insights on the issue,

    - Generate new Token in CSSM in your Smart Licensing and take an another attempt.

    Scenario #iii: Failure Reason "The device date 1526135268653 is offset across the allowed tolerance limit

    Snip of "show license all":

    Registration:

      Status: REGISTERING - REGISTRATION IN PROGRESS

      Export-Controlled Functionality: NotAllowed

      Initial Registration: FAILED on Nov 1117:55:46 2018 EST

        Failure reason: {"timestamp":["The device engagement '1526135268653' is offset beyond the allowed tolerance limit."]}

      Next Registration Attempt: November 11 18:12:17 2018 EST

    Possible Logs Seen:

    %PKI-three-CERTIFICATE_INVALID_NOT_YET_VALID: Certificate chain validation has failed.  The certificate (SN: XXXXXX) is non yet valid. Validity catamenia starts on 2018-12-12:43Z

    Next Steps:

    - Verify that the Cisco device clock is showing the correct time (show clock)

    - Configure the Network Fourth dimension Protocol (NTP) if possible to ensure the clock is gear up correctly

    - If NTP is non possible, verify that the manually set clock (clock gear up) is right (bear witness clock) and configured as a trusted time source by verifying that "clock calendar-valid" is configured

    Note: By default, the arrangement clock is not trusted. "clock calendar-valid" is required.

    Scenario #4: Switch Registration "Failure Reason: Communication ship not available."

    Snip of "show license all":

    Registration: Condition: UNREGISTERED - REGISTRATION FAILED

    Export-Controlled Functionality: Not Allowed

    Initial Registration: FAILED on Mar 09 21:42:02 2019 CST

       Failure reason: Communication transport not bachelor.

    Possible Logs Seen:

    %CALL_HOME-3-CALL_HOME_FAILED_TO_ENABLE: Failed to enable call-dwelling from Smart Agent for Licensing: The command failed to enable smart call habitation due to an existing active user profile. If you are using a user contour other than "CiscoTAC-1" profile to send data to SCH server in Cisco, please enter "reporting smart-licensing-data" under contour fashion to configure that profile for smart licensing. For more than details about SCH, please check http://world wide web.cisco.com/go/smartcallhome
    %SMART_LIC-3-AGENT_REG_FAILED: Smart Amanuensis for Licensing Registration with the Cisco Smart Software Manager or satellite failed: Communication transport not bachelor.
    %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart Software Director or satellite: Communication send not bachelor.

    Next Steps:

    - Verify that call-home is enabled with "service telephone call-home" in the "prove running-config" output of the Cisco device

    - Ensure that the correct call-home profile is active

    - Verify that "reporting smart-licensing-data" is configured nether the active call-home profile

    Scenario #5: Switch License Authority "Failure reason: Fail to send out Call Domicile HTTP message."

    Snip of "testify license all":

    License Dominance:

      Condition: OUT OF COMPLIANCE on Jul 26 09:24:09 2018 UTC

      Final Communication Try: FAILED on Aug 02 14:26:23 2018 UTC

        Failure reason: Neglect to ship out Phone call Home HTTP message.

      Side by side Advice Attempt: Aug 02 14:26:53 2018 UTC

      Communication Borderline: Oct 25 09:21:38 2018 UTC

    Possible logs are seen:

    %CALL_HOME-5-SL_MESSAGE_FAILED: Neglect to ship out Smart Licensing message to: https://<ip>/its/service/oddce/services/DDCEService (ERR 205 : Request Aborted)

    %SMART_LIC-3-COMM_FAILED:Communications failure with the Cisco Smart Software Manager or satellite: Neglect to send out Call Home HTTP bulletin.

    %SMART_LIC-3-AUTH_RENEW_FAILED:Authorization renewal with the Cisco Smart Software Manager or satellite: Communication message send error for udi PID:XXX, SN: XXX

    Next Steps:

    - Verify that the Cisco device tin can ping tools.cisco.com

    - if DNS is not configured, configure a DNS server or a "ip host" statement for the local nslookup IP for tools.cisco.com

    - Endeavour to telnet from the Cisco device to tools.cisco.com on TCP port 443 (port used by HTTPS)

    - Verify that the HTTPs client source interface is divers and correct

    - Verify that the URL/IP in the phone call home profile is gear up correctly on the Cisco device via "show call-home contour all"

    - Verify the ip road is pointing to the correct next hop

    - EnsureTCP port 443is not existence blocked on the Cisco device, the path to Smart Call Home Server, or theCisco Smart Software Director on-prem (satellite)

    - Ensure that the correct Virtual Routing and Forwarding (VRF) example is configured under call-habitation if applicable

    Scenario #6: Failure Reason "Missing Id cert serial number field; Missing signing cert series number field; Signed information and certificate does not match" Log

    This beliefs is seen when working with a CSSM on-premise server that has had its crypto document elapse as documented in Cisco bug ID CSCvr41393. This is expected behavior equally the CSSM on-prem should be immune to sync and renew its certificate to prevent a certification sync upshot with any registering devices.

    Snip of "show license all":

    Registration:
      Status: UNREGISTERED
      Smart Account: Instance Business relationship
      Consign-Controlled Functionality: ALLOWED

    License Say-so:
     Status: EVAL Fashion
     Evaluation Period Remaining: 65 days, 18 hours, 43 minutes, 0 seconds

    Possible Logs Seen:

    Nether "show logging" or "bear witness license eventlog" the following fault is seen:
    SAEVT_DEREGISTER_STATUS msgStatus="LS_INVALID_DATA" error="Missing Id cert serial number field; Missing signing cert serial number field; Signed data and certificate does non match"

    Adjacent Steps:

    - Verify that the Cisco device has IP connectivity to CSSM on-premise server
    - If using HTTPS, confirm the certification C-Name is being used in the devices telephone call-dwelling configuration
    - If a DNS server is not available to resolve the certification C-Name, configure a static "ip host" argument to map the domain name and IP address

    - Verify status of certificate on CSSM on-premise is still valid
    - If CSSM on-premise certificate is expired, follow one of the workarounds documented in Cisco bug ID CSCvr41393

    Note: By default, HTTPS volition perform a server identity bank check during the SSL handshake to verify the URL or IP is the aforementioned equally the provided certificate from the server. This can cause issues when using IP addresses instead of a DNS entry if the hostname and IP do not friction match. If DNS is not possible or a static ip host statement, "no http secure server-identity-check" tin be configured to disable this certification check.

    Scenario #7: Switch License Authorization "Failure reason: Waiting for reply"

    Snip of "show license all":

    License Authorization:
     Status: OUT OF COMPLIANCE on Jul 26 09:24:09 2018 UTC
     Concluding Advice Endeavor: Awaiting on Aug 02 14:34:51 2018 UTC
      Failure reason: Waiting for reply
     Next Communication Attempt: Aug 02 fourteen:53:58 2018 UTC
     Communication Borderline: Oct 25 09:21:39 2018 UTC

    Possible logs are seen:

    %PKI-3-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed Reason : Failed to select socket. Timeout : 5 (Connexion timed out)
    %PKI-iii-CRL_FETCH_FAIL: CRL fetch for trustpoint SLA-TrustPoint failed Reason : Failed to select socket. Timeout : 5 (Connection timed out)

    Next Steps:

    - To correct this issue the SLA-TrustPoint should be configured as none under the running configuration

    evidence running-config

    <omitted>

    crypto pki trustpoint SLA-TrustPoint

    revocation-cheque none

    What is a CRL?

    A Certificate Revocation List (CRL) is a list of revoked certificates. The CRL is created and digitally signed past the certificate authority (CA) that originally issued the certificates. The CRL contains dates for when each certificate was issued and when information technology expires. Farther information in regards to CRL is available here.

    Scenario #viii: License in "OUT OF COMPLIANCE" condition

    Snip of "show license all":

    License Authorization:
     Condition: OUT OF COMPLIANCE on Jul 26 09:24:09 2018 UTC
     Last Communication Try: Pending on Aug 02 14:34:51 2018 UTC
      Failure reason: Waiting for reply
     Side by side Communication Attempt: Aug 02 14:53:58 2018 UTC
     Communication Deadline: Oct 25 09:21:39 2018 UTC

    Possible logs are seen:

    %SMART_LIC-iii-OUT_OF_COMPLIANCE: I or more than entitlements are out of compliance

    Side by side Steps:

    - Verify if Token from proper Smart Virtual Account has been used,

    - Verify amount of available licenses here.

    Scenario #nine: Switch License Authority "Failure reason: Data and signature do not match "

    Snip of "show license all":

    License Authorization:

     Status: AUTHORIZED on Mar 12 09:17:45 2020 EDT

     Last Communication Endeavour: FAILED on Mar 12 09:17:45 2020 EDT

      Failure reason: Data and signature do non match

     Adjacent Advice Attempt: Mar 12 09:eighteen:15 2020 EDT

     Communication Deadline: May 09 21:22:43 2020 EDT

    Possible logs are seen:

    %SMART_LIC-3-AUTH_RENEW_FAILED: Authorization renewal with the Cisco Smart Software Manager (CSSM) : Error received from Smart Software Director: Data and signature exercise non friction match for udi PID:C9000,SN:XXXXXXXXXXX

    Adjacent Steps:

    - Deregister the switch with "License smart deregister"

    - Then register the switch using a new token with "license smart annals idtoken <TOKEN> forcefulness"

    1) Cisco Smart Licensing dwelling house page

    ii) Cisco Community - On-Need Trainings.

    3) Smart Business relationship - direction portal: Smart Software Licensing

    4) Smart Account - create new accounts:  Smart Accounts

    5) Configuration guide (example) - Organisation Direction Configuration Guide, Cisco IOS XE Fuji 16.9.ten (Catalyst 9300 Switches)

    How Come On Nexus I Cant Register Cuase It Says My Email Is Alreasy Takenm,

    Source: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9500-series-switches/214484-cisco-smart-licensing-troubleshooting.html

    Posted by: jeffreyhimse1987.blogspot.com

    0 Response to "How Come On Nexus I Cant Register Cuase It Says My Email Is Alreasy Takenm"

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Iklan Atas Artikel

    Iklan Tengah Artikel 1

    Iklan Tengah Artikel 2

    Iklan Bawah Artikel