Error: Serial Number Already Claimed

The Device was Purchased From an External Vendor

If the device was purchased from an external vendor and fails to onboard with a Serial Number Already Claimed error, it's possible the device is still associated to the vendor's tenant. Use the following steps to claim the device and its serial number:

  1. Delete the device from your CDO tenant.

  2. Install the FXOS image on the device. For more information, see the "Reimage Procedures" chapter of the Cisco FXOS Troubleshooting Guide for the Firepower 1000/21000 and Secure Firewall 3100 Firepower Threat Defense guide.

  3. Connect a laptop to the device's console port.

  4. Connect to the FXOS CLI and log in as admin.

  5. In the FXOS CLI, connect to local-mgmt with the firepower # connect local-mgmt command.

  6. Execute the firepower(local-mgmt) # cloud deregister command to deregister the device from the cloud tenancy.

  7. Once the device is successfully unregistered, the CLI interface returns a success message. An example of the message:
    Example: firepower(local-mgmt) # cloud deregister Release Image Detected RESULT=success MESSAGE=SUCCESS 10, X-Flow-Id: 2b3c9e8b-76c3-4764-91e4-cfd9828e73f9
    Note

    If the device was never registered to another CDO tenant, the message above states RESULT=success MESSAGE=DEVICE_NOT_FOUND.

  8. Onboard the device to your CDO tenant with its serial number. See Onboard a Threat Defense Device to Cloud-delivered Firewall Management Center using Zero-Touch Provisioning for more information.

The Device is Claimed By a CDO Tenant in Another Region

The device may have been previously managed by another CDO instance in a different region and is still registered to that tenant.

If you do have access to the tenant the device is currently registered to, use the following procedure:

  1. Delete the device from the incorrect CDO tenant.

  2. Log into the device's device manager UI.

  3. Navigate to System Settings > Cloud Services.

  4. Click Cloud Services and select Unregister Cloud Services from the drop-down list.

  5. Confirm the action and click Unregister. This action generates a warning to indicate that the device has been removed from CDO. This is expected behavior.

  6. Log into CDO tenant in the correct region and onboard the device. See Onboard a Threat Defense Device to Cloud-delivered Firewall Management Center using Zero-Touch Provisioning for more information.

  7. Navigate to System Settings > Cloud Services.

  8. Click Cloud Services and select Unregister Cloud Services from the drop-down list.

  9. Select the Auto-enroll with Tenancy from CDO and click Register. The device maps to the new tenant that belongs to the new region and CDO onboards the device.

If you do not have access to the tenant, use the procedure below:

  1. Connect to the FXOS CLI from the console port and log in as admin. For information on how to log into the FXOS CLI, see Accessing the FXOS CLI.

  2. In the FXOS CLI, connect to local-mgmt with the firepower # connect local-mgmt command.

  3. Execute the firepower(local-mgmt) # cloud deregister command to deregister the device from the cloud tenancy.

  4. Once the device is successfully unregistered, the CLI interface returns a success message. An example of the message:
    Example: firepower(local-mgmt) # cloud deregister Release Image Detected RESULT=success MESSAGE=SUCCESS 10, X-Flow-Id: 2b3c9e8b-76c3-4764-91e4-cfd9828e73f9
    Note

    If the device was never registered to another CDO tenant, the message above states RESULT=success MESSAGE=DEVICE_NOT_FOUND.

  5. In your CDO tenant in the correct domain, onboard the device. See Onboard a Threat Defense Device to Cloud-delivered Firewall Management Center using Zero-Touch Provisioning for more information.

  6. In the device's device manager UI, navigate to System Settings > Cloud Services.

  7. Select the Auto-enroll with Tenancy from CDO and click Register. The device maps to the new tenant that belongs to the new region and CDO onboards the device.