Troubleshooting Device Templates

Initial Troubleshooting

For initial troubleshooting, we recommend looking at the information in the Template Apply Report and notifications that come up on the Management Center UI when you run into an error. The management center log files also contain detailed debugging and troubleshooting info.

Follow the procedure given below for initial troubleshooting.

  1. Check the errors mentioned in the Template Apply Report. For more information, see Template Apply Report.

  2. Review variable values and check for overlaps and incompatibilities.

  3. Check model mappings to ensure if the correct model mappings exist. Delete or add mappings accordingly.

  4. See the management center audit logs to find any other issues and resolve them.

Consider the following error scenario. In a device template, the inside interface is configured with a static IPv4 variable - $insideIPv4 .

The BGP IPv4 address is configured with an IPv4 BGP neighbor.

An overlapping IPv4 address is configured for the BGP neighbor and an interface.

Due to the issues mentioned above, the application of the device template fails and an error is displayed.

To troubleshoot this error, identify the error from the notification displayed on the UI.

IP Address 192.168.10.1 same as ip address of interface - 'inside'(Ethernet1/1)

Check the Template Apply Report for more information.

Enter correct values for the variables and apply the template again to ensure successful application of the template on the device.

Troubleshoot Device Registration

  • Issue: Admin Password is incorrect or not provided during registration

    Scenario: If the admin password is not set on the device and if you have not provided the admin password during registration, the threat defense device provisioning will fail. In such a scenario, a Provision Error along with an Enter Password link is displayed.

    Workaround: Click Enter Password to enter a new password and click Save. Click Confirm and Proceed to trigger the onboarding again.

  • If the admin password is already set on the device and you provide another admin password during registration, device provisioning will fail.

  • Issue: Device registration in management center fails

    Workaround: Follow existing device registration troubleshooting steps. For more information, see Configure, Verify, and Troubleshoot Firepower Device Registration.

  • Issue: Bulk Registration Request Fails in management center

    Scenario: The bulk registration request can fail due to a few scenarios:

    • You do not have the required permissions to perform template-related operations

    • Template is not visible from the request domain

    • Invalid CSV file provided

    Workaround: You can see logs for these errors in the VMS Shared and USM Shared log files. Fix the errors and initiate registration again.

  • Issue: Device provisioning fails in CDO due to some generic errors, such as communication with the device fails

    Workaround: Click Retry in the Provision Error to trigger the onboarding in CDO again. You can also see the CDO workflows for more information on the error and troubleshooting information.

Troubleshoot Cisco Security Cloud Integration

Issue: Cisco Security cloud integration not successful

Workaround: Follow Cisco Security Cloud integration troubleshooting steps. For more information, see Cisco Security Cloud Integration.

Troubleshoot Device Template Configuration Issues

Issue: Device template misconfigurations causing deployment failures after registration

Workaround: Follow the steps given below for initial troubleshooting.

  1. Check the errors mentioned in the Template Apply Report.

  2. Review variable values and check for overlaps and incompatibilities.

  3. Check model mappings to ensure if the correct model mappings exist. Delete or add mappings accordingly.

  4. See the management center audit logs to find any other issues and resolve them.

Troubleshoot CDO Issues

  • Issue: Device with serial number already claimed

    Workaround: Verify serial number and reinitiate onboarding.

  • Issue: CDO fails to claim devices

    Workaround: Select the device in the CDO Inventory window for more details on the error. You can see logs related to device claim issues in the VMS Shared and USM Shared log files. Click Retry to initiate registration again.

  • Issue: Communication failures between management center and Security Cloud Control

    Scenario: Communication failures between management center and Security Cloud Control can cause failures during the Zero-Touch Provisioning (ZTP) device registration request.

    Workaround: Refresh the ZTP device status, retry ZTP registration, and delete the ZTP device. You can see logs regarding communication failure between the management center and Security Cloud Control in the Auth Daemon logs. For operational failures related to ZTP, you can see the logs in the VMS Shared and USM Shared log files.