Synchronization with server failed

Hi

My home licence has stopped synchronising and the modules have now deactivated. I've looked at some of the other posts so I've double-checked the serial number, expiry date and system clock.. all look good. Can anyone help?

I've attached a tail of the log file when trying to synchronise (I've redacted the serial number and chopped out part of the certificate)

INFO Feb 15 11:06:53 [0]: --requestType = 2
INFO Feb 15 11:06:53 [0]: --lastCheckCode = c7543461-aa2c-4031-8e21-90992f8b138d
INFO Feb 15 11:06:53 [0]: --cert = /content/licensing/lic_csr.pem
INFO Feb 15 11:06:53 [0]: --token = Token-Id:C01001JXX______
INFO Feb 15 11:06:53 [0]: --key = /content/licensing/lic_csr.key
INFO Feb 15 11:06:53 [0]: URL : eu-prod-utm.soa.sophos.com/.../license
INFO Feb 15 11:07:00 [0]: response : {"errorCode":"ITSERVICELAYER_CLIENT_AUTHENTICATION_ERROR","message":"Authentication failed","statusCode":403,"trackingId":"42c9ee8e-8b76-4a4f-b7ca-be91469287c1"}
ERROR Feb 15 11:07:00 [0]: license_check failed : Authentication failed
ERROR Feb 15 11:07:00 [0]: licensing_do_licensecheck() :parsing response failed...
####################################################
generate certificate signing request (CSR) Sat Feb 15 11:07:02 GMT 2020

Sat Feb 15 11:07:03 GMT 2020 certificate signing request generated with status :: 0

####################################################
INFO Feb 15 11:07:03 [0]: --requestType = 4
INFO Feb 15 11:07:03 [0]: --serial = C01001JXX______
INFO Feb 15 11:07:03 [0]: --deviceid = dfccfece-fb88-4ee1-b111-8b5afbb0f0e4
INFO Feb 15 11:07:03 [0]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem
INFO Feb 15 11:07:03 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
INFO Feb 15 11:07:03 [0]: URL : eu-prod-csr.soa.sophos.com/.../signing
INFO Feb 15 11:07:03 [0]: certificate_signing_request() : request : {
"serialNumber":"C01001JXX______",
"deviceId":"dfccfece-fb88-4ee1-b111-8b5afbb0f0e4
", "certificateSigningRequest":"---
--BEGIN CERTIFICATE REQUEST-----
MIIDIjCCAgoCAQAwgZcxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtPeGZvcmRzaGly
ZTERMA8GA1UEBwwIQWJpbmdkb24xFDASBgNVBAoMC1NvcGhvcyBMdGQuMQwwCgYD
VQQLDANOU0cxGzAZBgNVBAMMElNGX0MwMTAwMUpYWDM4WVdENzEeMBwGCSqGSIb3
mfl1+yWu0gplLBwYZs2aNQRxG4LhiQIDAQABoEUwGgYJKoZIhvcNAQkCMQ0MC1Nv
cGhvcyBMdGQuMCcGCSqGSIb3DQEJDjEaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BeAwDQYJKoZIhvcNAQELBQADggEBAGBYABrlPZ1PixeiEINfa+FEZbZw/joO25PY
jd+mgR4ZcZmgcNI5CP9EBoX5ebjmFc10s5X0/ftZBapc5MBsCCsUjdGf2pzDsnEg
X6ow98WFVtafruPefoRypONKkxhzjSnmnT6PA0R3b57DBUer0EB9bccdAG+JkaD6
D/8Ij88noNU57iKWnUWH0sV3iWFIIKqGy5Qf82QTygVAdeflgZ5Zxu0K8F3iWX9U
ik23vIk1aCOvlbgOTzphLAb+C4ndJX0O8o4PB9Nxege6J+L5RSJM0OW+YwtRXkEX
p59xXMSNIq9jhkBGF+HLUF7Rczym5eDA0sWYQolHmH9lIzJFwik=
-----END CERTIFICATE REQUEST-----
"}
INFO Feb 15 11:07:03 [0]: certificate_signing_request() : response : {"errorCode":"ITSERVICELAYER_DEVICE_NOTFOUND_ERROR","message":"Device not found","statusCode":404,"trackingId":"e31b0c61-fbfa-470a-bad6-b76baa91785d"}

ERROR Feb 15 11:07:03 [0]: Certificate signing Failed : Device not found...:
(
ERROR Feb 15 11:07:03 [0]: certificate signing request() : parsing failed...
INFO Feb 15 11:07:06 [0]: --requestType = 8
INFO Feb 15 11:07:06 [0]: --serial = C01001JXX______
INFO Feb 15 11:07:06 [0]: --fwversion = 17.5.9.577
INFO Feb 15 11:07:06 [0]: --cert = /content/licensing/lic_csr.pem
INFO Feb 15 11:07:06 [0]: --key = /content/licensing/lic_csr.key
INFO Feb 15 11:07:06 [0]: --token = Token-Id:C01001JXX______
INFO Feb 15 11:07:06 [0]: URL : eu-prod-utm.soa.sophos.com/.../appliance
INFO Feb 15 11:07:06 [0]: licensing_do_applianceupdate : request : { "serialNumber": "C01001JXX______", "applianceAttributes": [ { "name": "firmwareVersion", "value": "17.5.9.577" } ] }
ERROR Feb 15 11:07:06 [0]: curl_easy_perform(58) failed: Problem with the local SSL certificate
ERROR Feb 15 11:07:06 [0]: licensing_do_applianceupdate() : Problem in contacting Server

Thanks

Mark

 

  • In reply to lferrara:

    Hi. Thanks for that.

    I've ran those commands to replace and rehash the certificates. The output is below. As for the others links..

    • There's nothing in My Sophos to activate/resync from that side
    • I am only running one instance of XG with this licence
    • None of those error messages apply

    SFVH_SO01_SFOS 17.5.9 MR-9# rm /conf/certificate/cacerts/GlobalSign_Root_CA.pem
    SFVH_SO01_SFOS 17.5.9 MR-9# cp /_conf/certificate/cacerts/GlobalSign_Root_CA.pem /conf/certificate/cacerts/GlobalSign_Root_CA.pem
    SFVH_SO01_SFOS 17.5.9 MR-9# perl /bin/c_rehash /conf/certificate/cacerts/
    Doing /conf/certificate/cacerts/
    WARNING: Skipping expired Certificate UTN_USERFirst_Email_Root_CA.pem
    WARNING: Skipping expired Certificate Digital_Signature_Trust_Co_Global_CA_3.pem
    WARNING: Skipping expired Certificate UTN_USERFirst_Hardware_Root_CA.pem
    WARNING: Skipping expired Certificate UTN_USERFirst_Object_Root_CA.pem
    WARNING: Skipping expired Certificate NetLock_Express_Class_C_Root.pem
    WARNING: Skipping expired Certificate Digital_Signature_Trust_Co_Global_CA_1.pem
    WARNING: Skipping expired Certificate NetLock_Notary_Class_A_Root.pem
    WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_2_Policy_Validation_Authority.pem
    WARNING: Skipping expired Certificate STATIC_Entrust_net_Secure_Server_Certification_Authority.pem
    WARNING: Skipping expired Certificate Class1PublicPrimaryCertificationAuthority_2.pem
    WARNING: Skipping expired Certificate Certplus_Class_2_Primary_CA.pem
    WARNING: Skipping expired Certificate STATIC_GTE_Corporation_GTE_CyberTrust_Global_Root.pem
    WARNING: Skipping expired Certificate RSA_Root_Certificate_1.pem
    WARNING: Skipping expired Certificate GeoTrust_Global_CA_2.pem
    WARNING: Skipping expired Certificate UTN_DATACorp_SGC_Root_CA.pem
    WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_1_Policy_Validation_Authority.pem
    WARNING: Skipping expired Certificate NetLock_Business_Class_B_Root.pem
    WARNING: Skipping expired Certificate Equifax_Secure_CA.pem
    WARNING: Skipping expired Certificate Deutsche_Telekom_Root_CA_2.pem
    SFVH_SO01_SFOS 17.5.9 MR-9# /scripts/vpn/ipsec/generate_curl_ca_bundle.sh
    SFVH_SO01_SFOS 17.5.9 MR-9#

  • In reply to Mark Young2:

    Are you okay to play a little bit with your appliance? 

     

    I would recommend to remove the registration certificates. Afterwards restart the appliance and let the appliance resync.

     

    cp /content/licensing/lic_csr.key /var/

    cp /content/licensing/lic_csr.pem /var/

     

    rm /content/licensing/lic_csr.pem

    rm /content/licensing/lic_csr.key

     

    Restart

    Check the License Log again. 

  • In reply to LuCar Toni:

    Hi. Yeah, I'm happy to get stuck into it.

    I've tried to remove those files but the /content/licensing directory is empty.

    Thanks

  • In reply to Mark Young2:

    Could you explain the history of this device? 

    Does this appliance run for a long period and suddenly stopped? 

    Could you also please ping  your Serialnumber, so he can check the Serialnumber in the backend?

    As far as i can tell, the Serial seems to be deactivated in the Sophos Licensing Backend.

    So to call our Backend tells your appliance, it cannot find any device. 

     

     

  • In reply to LuCar Toni:

    Yeah, the device has been running since 2018 and there's be no licensing issues until now.

    It was about 2 weeks ago that I noticed more spam coming through and I went on this morning to review the rules. Could it have expired or failed to renew on Jan 28 2020?

  • In reply to Mark Young2:

    Hi Mark,

    you are in the wrong forum, yes there is a very good chance your UTM licence has expired. UTM licences are issued for 3 uears where as XG licences are unlimited.

    Are you a home or commercial user, I know you said your home licence, but for a 2 year licences it looks like a commercial licence being used at home?

    Ian

  • In reply to rfcat_vk:

    Hi Ian. I'm a home user with the XG image installed on a nano-ITX system. I did have UTM originally, though, so perhaps I've upgraded using the same key..

    I'll have a look into that angle and report back.

  • In reply to Mark Young2:

    UTM is only the "Productfamily" there Ian.

    Its not a UTM. 

     

    I guess we need to look at the backend to find the root cause.

    Or .. If you are willing to simply reinstall and restore the backup, you get generate a new License (Serial)

  • In reply to LuCar Toni:

    Hi LuCar,

    i this case it is a migrated UT licence to XG, so if he had 2 years left on his UTM licence how does that translate to an XG licence using the licence migration, I would expect the same periods to apply. So if my theory is correct he will have to apply for a new XG home licence?

    Ian

  • In reply to rfcat_vk:

    I've generated a new licence key, reinstalled and restored from backup. Everything's back to normal and the licence has many years on it.

     

    Thanks for everyone's help.