All Secure Email, Management, and Web virtual appliances that use the traditional Virtual License Number (VLN) certificate file with certificates created before December 15, 2021, that expire after January 13, 2023, will need an updated VLN file that contains a new certificate to avoid disruption to updates and upgrades.
Problem Symptoms
Engine updates and AsyncOS upgrades for affected Cisco Secure Web, Secure Management, and Secure Email virtual appliances will fail after January 13, 2023, with this error in the updater_logs subscription:
"Dynamic manifest fetch failure: Failed to authenticate with manifest server"
A negative effect on efficacy is experienced when the virtual appliance can no longer receive upgrades and updates.
How to Identify Affected Devices
Note: The issue is not AsyncOS specific. It impacts all versions that use a VLN certificate file that was made by the older Talos Keymaster CA.
Perform these steps to determine if your virtual appliance is affected. Please note that these steps must be performed on each virtual device.
Log in to the CLI of your appliance. Enter the showlicense command and press Enter. If the begin_date reads December 14, 2021, or earlier, the virtual appliance is affected.
Workaround/Solution
An updated VLN certificate file must be applied to each affected virtual appliance to resolve this issue.
To obtain an updated VLN certificate file, contact the Cisco Systems Technical Assistance Center (TAC). The new VLN certificate file must be applied to each impacted appliance. See the Load the Virtual License onto Your Appliance section of Best Practices for Virtual ESA, Virtual WSA, or Virtual SMA License
Please note that impacted customers will be contacted separately, but can reach out to TAC at any time.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please get in touch with the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: