Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
ASA running on FP2100/FP1000 may lose smart license registration across reloads, and causing license entitlement previously present to go into EVAL mode. Example when running "show license all" after a reload of an impacted device, which was registered and entitled prior to the reload: FPR2100# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED Registration: Status: UNREGISTERED <<<<<<<<<<<<<< Export-Controlled Functionality: NOT ALLOWED License Authorization: Status: EVAL MODE <<<<<<<<<<< Evaluation Period Remaining: 89 days, 5 hours, 16 minutes, 18 seconds Export Authorization Key: Features Authorized: Utility: Status: DISABLED Data Privacy: Sending Hostname: yes Callhome hostname privacy: DISABLED Smart Licensing hostname privacy: DISABLED Version privacy: DISABLED Transport: Type: Callhome Miscellaneus: Custom Id: License Usage ============== (FIREPOWER_2100_ASA_STANDARD): Description: Count: 1 Version: 1.0 Status: EVAL MODE <<<<<<<<<<< Export status: NOT RESTRICTED (FPR2K-ASA-ENC): Description: Count: 1 Version: 1.0 Status: EVAL MODE <<<<<<<<<<< Export status: NOT RESTRICTED Product Information =================== UDI: PID:FPR-2130,SN:JAD23XXXXXX Smart Licensing registration following the reload is failing because the firewall clock moves unexpectedly backward. Example from an impacted unit following a reload on Jan 25 2024: FPR2100# show clock 15:35:39.949 UTC Tue Nov 21 2023 <<<< Incorrect time FXOS TS: /opt/cisco/config/platform/logs/stdout_fxos_ntp.log 2024-01-28 11:07:22,554 - Sun Jan 1 00:00:00 UTC 2023 Note time reset to 2023
Problem seen an ASA running on FPR2100/FPR1000 series and licensed via Cisco Smart Licensing FXOS 2.10/2.12 with bundled ASA/FTD version Issue could (unconfirmed as writing) affect 1k/2100/3100 platform due to bundled FXOS design.
Manually reset the clock of the device by running "clock set" command. Example: Firepower-chassis# scope system Firepower-chassis /system # scope services Firepower-chassis /system/services # set clock jun 24 2015 15 27 00 Firepower-chassis /system/services # https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos201/cli-config/b_CLI_ConfigGuide_FXOS_201/platform_settings.html#task_6C369764BB10480BB1B476A19E742159 Following the clock change, re-register with the smart licensing server using the command "license smart register idtoken force" These steps will need to be performed again following any reload on the impacted releases.
Device appears to immediately revert to Eval if available. Defect issue (clock reset) can cause multiple other symptoms. See related/duplicate defects for other possible effects of incorrect clock. Issue could (unconfirmed as writing) affect 1k/2100/3100 platform due to bundled FXOS design.