Claim Error

Invalid Serial Number

An incorrect serial number has been entered while claiming the device in Cisco Defense Orchestrator.

Resolution

  1. Delete the FDM-managed device instance in CDO.

  2. Create a new FDM-managed device instance by entering the correct serial number and claim the device.

Device Serial Number Already Claimed

The following error occurs when you are onboarding the FDM-managed device using its serial number.

Cause

This error can occur for one of the following reasons:

  • The device may have been purchased from an external vendor, and the device is in the vendor's tenancy.

  • The device may have been previously managed by another CDO instance in a different region and is registered to its cloud tenancy.

Resolution

You need to unregister the device's serial number from other cloud tenancy and then reclaim it in your tenant.

Prerequisite

The device must be connected to the Internet that can reach the cloud tenancy.

Device Purchased from an External Vendor

The device purchased from an external vendor may have been registered to the vendor's cloud tenancy.

  1. Delete the device instance from CDO.

  2. Install the FXOS image on the device. For more information, see the "Reimage Procedures" chapter of the Cisco FXOS Troubleshooting Guide for the Firepower 1000/21000 with FTD guide.

  3. Connect to the FXOS CLI from the console port.

  4. Log in to FXOS using your current admin password.

  5. In the FXOS CLI, connect to local-mgmt: firepower # connect local-mgmt.

  6. Execute the command to deregister the device from the cloud tenancy. firepower(local-mgmt) # cloud deregister.

  7. On successful deregistration, the CLI interface returns a success message.

    Example: firepower(local-mgmt) # cloud deregister Release Image Detected RESULT=success MESSAGE=SUCCESS 10, X-Flow-Id: 2b3c9e8b-76c3-4764-91e4-cfd9828e73f9

    If the device was already unregistered from the cloud tenancy, the CLI interface indicates that the device serial number was not registered with cloud tenancy. RESULT=success MESSAGE=DEVICE_NOT_FOUND: Device with serial number JAD213082x9 is not registered with Security Services Exchange , X-Flow-Id: 63e48b4c-8426-48fb-9bd0-25fcd7777b99

  8. Claim the device again in CDO by providing its serial number. See Onboard an FDM-Managed Device using the Device Serial Number for more information.

  9. Install the FDM-managed device application (version 6.7 or later) on the device. The low-touch provisioning is initiated on the device and it registers itself in the Cisco Cloud. CDO onboards the device.

Onboard an FDM-Managed Device Already Managed by Another Cloud Tenancy in a Different Region

The device may have been previously managed by another CDO instance in a different region and is registered to its cloud tenancy.

Case 1: You have access to the tenant that owns the device.

  1. Delete the device instance from the CDO in region 1.

  2. In Firewall device manager, go to System Settings > Cloud Services page. A warning message appears indicating that the device has been removed from CDO.

  3. Click the link and select Unregister Cloud Services from the drop-down list.

  4. Read the warning and click Unregister.

  5. Claim the device from CDO in region 2.

  6. In Firewall device manager, go to System Settings > Cloud Services and select the Auto-enroll with Tenancy from Cisco Defense Orchestrator option and click Register. The device maps to the new tenant that belongs to the new region and CDO onboards the device.

Case 2: You don't have access to the tenant that owns the device.

  1. Connect to the FXOS CLI from the console port.

  2. Log in to FXOS using your current admin password.

  3. In the FXOS CLI, connect to local-mgmt: firepower # connect local-mgmt.

  4. Execute the command to deregister the device from the cloud tenancy. firepower(local-mgmt) # cloud deregister.

  5. On successful deregistration, the CLI interface returns a success message.

    Example: firepower(local-mgmt) # cloud deregister Release Image Detected RESULT=success MESSAGE=SUCCESS 10, X-Flow-Id: 2b3c9e8b-76c3-4764-91e4-cfd9828e73f9

    The device is unregistered from the cloud.

  6. Claim the device from CDO in region 2.

  7. In Firewall device manager, go to System Settings > Cloud Services and select the Auto-enroll with Tenancy from Cisco Defense Orchestrator option and click Register. The device maps to the new tenant that belongs to the new region and CDO onboards the device.

Device is Offline

Cause

The device is unable to reach the Cisco Cloud due to one of the following reasons:

  • The device is cabled incorrectly.

  • Your network may require a static IP address for the device.

  • Your network uses custom DNS, or there is external DNS blocking on the customer network.

  • PPPoE authentication is needed. (Common in Europe region.)

  • The FDM-managed device is behind a proxy.

Resolution

  1. Sign in to the device and go through the bootstrap CLI process or the CDO Easy setup process to configure the device first so it can reach the Internet.

  2. Check the cabling and network connectivity.

  3. Ensure that your firewall is not blocking any traffic.

  4. Ensure that the Security Services Exchange domains are reachable. See Configuration Prerequisites for Hardware Installation for more information.

Failed to Claim the Device

Cause

This error may occur due to one of the following reasons:

  • Security Services Exchange may have temporary issues.

  • The server may be down.

Resolution

  1. Delete the FDM-managed device instance in CDO.

  2. Create a new FDM-managed device instance and claim the device again after some time.

Note

If you are not able to claim the device, go to the workflows to see the error message and send the details to the CDO support team.