PDF(4.6 KB) View with Adobe Reader on a variety of devices
ePub(71.4 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(64.5 KB) View on Kindle device or Kindle app on multiple devices
Updated:January 3, 2019
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to solve the problem that occurs when connectivity to Smart Licensing server can not be established via HTTPS on ASR 9000 series router.
Sometimes, when the connectivity to Cisco Smart Software Manager (CSSM) is established, HTTPS port 443 is reachable. However, it reports that Smart Licensing does not work with this error:
"RP/0/RSP0/CPU0:Aug 14 12:57:51.562 UTC: smartlicserver: %LICENSE-SMART_LIC-3-AGENT_REG_FAILED : Smart Agent for Licensing Registration with Cisco licensing cloud failed: Fail to send out Call Home HTTP message"
Generally, this issue is related with the fact that ASR 9000 router is not able to check on the Certificate Revocation List (CRL) server if the server's certificate used in order to establish HTTPS connection is valid or revoked.
Usually, access for ASR 9000 router is provided only to CSSM or to satellite CSSM that is in internal network. CRL server is outside of the internal network and in order for it to be reachable you need to grant access for ASR 9000 router on their security firewall.
There are two solutions:
Grant access to the ASR9K router to reach CRL server outside the internal network
Configure CRL check with this command
(config)# crypto ca trustpool policy (config-trustpool)#crl optional