Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Synchronization with server failed

Hi

My home licence has stopped synchronising and the modules have now deactivated. I've looked at some of the other posts so I've double-checked the serial number, expiry date and system clock.. all look good. Can anyone help?

I've attached a tail of the log file when trying to synchronise (I've redacted the serial number and chopped out part of the certificate)

INFO Feb 15 11:06:53 [0]: --requestType = 2
INFO Feb 15 11:06:53 [0]: --lastCheckCode = c7543461-aa2c-4031-8e21-90992f8b138d
INFO Feb 15 11:06:53 [0]: --cert = /content/licensing/lic_csr.pem
INFO Feb 15 11:06:53 [0]: --token = Token-Id:C01001JXX______
INFO Feb 15 11:06:53 [0]: --key = /content/licensing/lic_csr.key
INFO Feb 15 11:06:53 [0]: URL : eu-prod-utm.soa.sophos.com/.../license
INFO Feb 15 11:07:00 [0]: response : {"errorCode":"ITSERVICELAYER_CLIENT_AUTHENTICATION_ERROR","message":"Authentication failed","statusCode":403,"trackingId":"42c9ee8e-8b76-4a4f-b7ca-be91469287c1"}
ERROR Feb 15 11:07:00 [0]: license_check failed : Authentication failed
ERROR Feb 15 11:07:00 [0]: licensing_do_licensecheck() :parsing response failed...
####################################################
generate certificate signing request (CSR) Sat Feb 15 11:07:02 GMT 2020

Sat Feb 15 11:07:03 GMT 2020 certificate signing request generated with status :: 0

####################################################
INFO Feb 15 11:07:03 [0]: --requestType = 4
INFO Feb 15 11:07:03 [0]: --serial = C01001JXX______
INFO Feb 15 11:07:03 [0]: --deviceid = dfccfece-fb88-4ee1-b111-8b5afbb0f0e4
INFO Feb 15 11:07:03 [0]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem
INFO Feb 15 11:07:03 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
INFO Feb 15 11:07:03 [0]: URL : eu-prod-csr.soa.sophos.com/.../signing
INFO Feb 15 11:07:03 [0]: certificate_signing_request() : request : {
"serialNumber":"C01001JXX______",
"deviceId":"dfccfece-fb88-4ee1-b111-8b5afbb0f0e4
", "certificateSigningRequest":"---
--BEGIN CERTIFICATE REQUEST-----
MIIDIjCCAgoCAQAwgZcxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtPeGZvcmRzaGly
ZTERMA8GA1UEBwwIQWJpbmdkb24xFDASBgNVBAoMC1NvcGhvcyBMdGQuMQwwCgYD
VQQLDANOU0cxGzAZBgNVBAMMElNGX0MwMTAwMUpYWDM4WVdENzEeMBwGCSqGSIb3
mfl1+yWu0gplLBwYZs2aNQRxG4LhiQIDAQABoEUwGgYJKoZIhvcNAQkCMQ0MC1Nv
cGhvcyBMdGQuMCcGCSqGSIb3DQEJDjEaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BeAwDQYJKoZIhvcNAQELBQADggEBAGBYABrlPZ1PixeiEINfa+FEZbZw/joO25PY
jd+mgR4ZcZmgcNI5CP9EBoX5ebjmFc10s5X0/ftZBapc5MBsCCsUjdGf2pzDsnEg
X6ow98WFVtafruPefoRypONKkxhzjSnmnT6PA0R3b57DBUer0EB9bccdAG+JkaD6
D/8Ij88noNU57iKWnUWH0sV3iWFIIKqGy5Qf82QTygVAdeflgZ5Zxu0K8F3iWX9U
ik23vIk1aCOvlbgOTzphLAb+C4ndJX0O8o4PB9Nxege6J+L5RSJM0OW+YwtRXkEX
p59xXMSNIq9jhkBGF+HLUF7Rczym5eDA0sWYQolHmH9lIzJFwik=
-----END CERTIFICATE REQUEST-----
"}
INFO Feb 15 11:07:03 [0]: certificate_signing_request() : response : {"errorCode":"ITSERVICELAYER_DEVICE_NOTFOUND_ERROR","message":"Device not found","statusCode":404,"trackingId":"e31b0c61-fbfa-470a-bad6-b76baa91785d"}

ERROR Feb 15 11:07:03 [0]: Certificate signing Failed : Device not found...:
(
ERROR Feb 15 11:07:03 [0]: certificate signing request() : parsing failed...
INFO Feb 15 11:07:06 [0]: --requestType = 8
INFO Feb 15 11:07:06 [0]: --serial = C01001JXX______
INFO Feb 15 11:07:06 [0]: --fwversion = 17.5.9.577
INFO Feb 15 11:07:06 [0]: --cert = /content/licensing/lic_csr.pem
INFO Feb 15 11:07:06 [0]: --key = /content/licensing/lic_csr.key
INFO Feb 15 11:07:06 [0]: --token = Token-Id:C01001JXX______
INFO Feb 15 11:07:06 [0]: URL : eu-prod-utm.soa.sophos.com/.../appliance
INFO Feb 15 11:07:06 [0]: licensing_do_applianceupdate : request : { "serialNumber": "C01001JXX______", "applianceAttributes": [ { "name": "firmwareVersion", "value": "17.5.9.577" } ] }
ERROR Feb 15 11:07:06 [0]: curl_easy_perform(58) failed: Problem with the local SSL certificate
ERROR Feb 15 11:07:06 [0]: licensing_do_applianceupdate() : Problem in contacting Server

Thanks

Mark

 



This thread was automatically locked due to age.
Parents Reply Children
  • Hi. Thanks for that.

    I've ran those commands to replace and rehash the certificates. The output is below. As for the others links..

    • There's nothing in My Sophos to activate/resync from that side
    • I am only running one instance of XG with this licence
    • None of those error messages apply

    SFVH_SO01_SFOS 17.5.9 MR-9# rm /conf/certificate/cacerts/GlobalSign_Root_CA.pem
    SFVH_SO01_SFOS 17.5.9 MR-9# cp /_conf/certificate/cacerts/GlobalSign_Root_CA.pem /conf/certificate/cacerts/GlobalSign_Root_CA.pem
    SFVH_SO01_SFOS 17.5.9 MR-9# perl /bin/c_rehash /conf/certificate/cacerts/
    Doing /conf/certificate/cacerts/
    WARNING: Skipping expired Certificate UTN_USERFirst_Email_Root_CA.pem
    WARNING: Skipping expired Certificate Digital_Signature_Trust_Co_Global_CA_3.pem
    WARNING: Skipping expired Certificate UTN_USERFirst_Hardware_Root_CA.pem
    WARNING: Skipping expired Certificate UTN_USERFirst_Object_Root_CA.pem
    WARNING: Skipping expired Certificate NetLock_Express_Class_C_Root.pem
    WARNING: Skipping expired Certificate Digital_Signature_Trust_Co_Global_CA_1.pem
    WARNING: Skipping expired Certificate NetLock_Notary_Class_A_Root.pem
    WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_2_Policy_Validation_Authority.pem
    WARNING: Skipping expired Certificate STATIC_Entrust_net_Secure_Server_Certification_Authority.pem
    WARNING: Skipping expired Certificate Class1PublicPrimaryCertificationAuthority_2.pem
    WARNING: Skipping expired Certificate Certplus_Class_2_Primary_CA.pem
    WARNING: Skipping expired Certificate STATIC_GTE_Corporation_GTE_CyberTrust_Global_Root.pem
    WARNING: Skipping expired Certificate RSA_Root_Certificate_1.pem
    WARNING: Skipping expired Certificate GeoTrust_Global_CA_2.pem
    WARNING: Skipping expired Certificate UTN_DATACorp_SGC_Root_CA.pem
    WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_1_Policy_Validation_Authority.pem
    WARNING: Skipping expired Certificate NetLock_Business_Class_B_Root.pem
    WARNING: Skipping expired Certificate Equifax_Secure_CA.pem
    WARNING: Skipping expired Certificate Deutsche_Telekom_Root_CA_2.pem
    SFVH_SO01_SFOS 17.5.9 MR-9# /scripts/vpn/ipsec/generate_curl_ca_bundle.sh
    SFVH_SO01_SFOS 17.5.9 MR-9#

  • Are you okay to play a little bit with your appliance? 

     

    I would recommend to remove the registration certificates. Afterwards restart the appliance and let the appliance resync.

     

    cp /content/licensing/lic_csr.key /var/

    cp /content/licensing/lic_csr.pem /var/

     

    rm /content/licensing/lic_csr.pem

    rm /content/licensing/lic_csr.key

     

    Restart

    Check the License Log again. 

    __________________________________________________________________________________________________________________

  • Hi. Yeah, I'm happy to get stuck into it.

    I've tried to remove those files but the /content/licensing directory is empty.

    Thanks

  • Could you explain the history of this device? 

    Does this appliance run for a long period and suddenly stopped? 

    Could you also please ping  your Serialnumber, so he can check the Serialnumber in the backend?

    As far as i can tell, the Serial seems to be deactivated in the Sophos Licensing Backend.

    So to call our Backend tells your appliance, it cannot find any device. 

     

     

    __________________________________________________________________________________________________________________

  • Yeah, the device has been running since 2018 and there's be no licensing issues until now.

    It was about 2 weeks ago that I noticed more spam coming through and I went on this morning to review the rules. Could it have expired or failed to renew on Jan 28 2020?

  • Hi Mark,

    you are in the wrong forum, yes there is a very good chance your UTM licence has expired. UTM licences are issued for 3 uears where as XG licences are unlimited.

    Are you a home or commercial user, I know you said your home licence, but for a 2 year licences it looks like a commercial licence being used at home?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian. I'm a home user with the XG image installed on a nano-ITX system. I did have UTM originally, though, so perhaps I've upgraded using the same key..

    I'll have a look into that angle and report back.

  • UTM is only the "Productfamily" there Ian.

    Its not a UTM. 

     

    I guess we need to look at the backend to find the root cause.

    Or .. If you are willing to simply reinstall and restore the backup, you get generate a new License (Serial)

    __________________________________________________________________________________________________________________

  • Hi LuCar,

    i this case it is a migrated UT licence to XG, so if he had 2 years left on his UTM licence how does that translate to an XG licence using the licence migration, I would expect the same periods to apply. So if my theory is correct he will have to apply for a new XG home licence?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I've generated a new licence key, reinstalled and restored from backup. Everything's back to normal and the licence has many years on it.

     

    Thanks for everyone's help.