Loading...
Loading...
- Firepower Management Center (FMC) complains about 'Smart Licensing ID certificate expired' - Firepower Threat Defense (FTD) devices are getting Unlicensed On MySQL table for smart_licenses, active flag will be set to 0 for license='BASE'. Additionally, check /etc/sf/.health_monitor.data for the presence of following: IDCERTEXPERR:2 FMC logs show: /var/log/smart_agent.log ERROR SAMsgThread-Trust chain Verification failed: Depth:1 Error (certificate has expired) /var/log/sch.log: \"signing_cert_serial_number\":null,\"id_cert_serial_number\":null},\"status_code\":\"LS_INVALID_DATA\",\"status_message\":\"Missing Id cert serial number field; Missing signing cert serial number field; Signed data and certificate does not match\" /var/log/sa_process.logs.log: firepower SF-IMS[3499]: [3535] SLA:SLA [DEBUG] src/smart_agent.c:288:sa_global_notif_callback(): sa_global_notif_callback(): received SmartAgentNotifyIdCertExpired
This is a corner scenario which occurs when the licensing registration method moves from CSSM and later eventually to SLR.
1. vim into the file /etc/sf/.health_monitor.data and delete the following line. IDCERTEXPERR:2 2. Have the following modifications made on MySQL. Replace with the right number. >update smart_licenses set active=1 where license='BASE' and uuid in (select uid from sensor where active=1); >update smart_licenses set count= where license='VIRTUAL'; >update license_caps set active=1 where capability='BASE'; 3. Restart the sla process on FMC: #pmtool restartbyid sla
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.