Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

licence error - home licence

Since some time obviously - just reognized now - my XG home licence has been revoced with a message of licence incommunicado.

errors are following:

ERROR     Dec 04 22:30:26 [4154148288]: curl_easy_perform(58) failed: Problem with the local SSL certificate
ERROR     Dec 04 22:30:26 [4154148288]: licensing_do_applianceupdate() : Problem in contacting Server

I don´t have an idea which certificate it is referring to.

Does anyone have an idea?

regards,

Christian

Parents
  • Hi Christian: Based on error message it seems firewall cannot communicate with the license server. Since when you started observing this issue?  Are you running with 2 instances of SF-OS using the same serial number? Are you running with HA setup?  If yes then in past such issue has been reported due to such things. 

    https://community.sophos.com/xg-firewall/f/discussions/93760/not-able-to-sync-home-license

    If that is not the case here in your setup or deployment then you may check few more log lines from licensing.log and you may share it here to check the issue further.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • Hi Vishal,

    honestly i do not remember to have the same lcence used butit might be. I checked the logs and found post here more errors:

    -----

    INFO      Dec 04 22:30:26 [4154103232]: certificate_signing_request() : response : {"errorCode":"ITSERVICELAYER_DEVICE_NOTFOUND_ERROR","message":"Device not found","statusCode":404,"trackingId":"009dac34-b239-4fd8-930b-1d4155234988"}

    ERROR     Dec 04 22:30:26 [4154103232]: Certificate signing Failed : Device not found...:(
    ERROR     Dec 04 22:30:26 [4154103232]: certificate signing request() : parsing failed...
    INFO      Dec 04 22:30:26 [4154148288]: --requestType = 8
    INFO      Dec 04 22:30:26 [4154148288]: --serial =xxxxxxxxxxxxxxx
    INFO      Dec 04 22:30:26 [4154148288]: --fwversion = 18.0.3.457
    INFO      Dec 04 22:30:26 [4154148288]: --cert = /content/licensing/lic_csr.pem
    INFO      Dec 04 22:30:26 [4154148288]: --key = /content/licensing/lic_csr.key
    INFO      Dec 04 22:30:26 [4154148288]: --token = Token-Id:xxxxxxxxxxxxxx
    INFO      Dec 04 22:30:26 [4154148288]: URL : eu-prod-utm.soa.sophos.com/.../appliance
    INFO      Dec 04 22:30:26 [4154148288]: licensing_do_applianceupdate : request : { "serialNumber": "xxxxxxxxxxx", "applianceAttributes": [ { "name": "firmwareVersion", "value": "18.0.3.457" } ] }
    ERROR     Dec 04 22:30:26 [4154148288]: curl_easy_perform(58) failed: Problem with the local SSL certificate
    ERROR     Dec 04 22:30:26 [4154148288]: licensing_do_applianceupdate() : Problem in contacting Server
    SFVH_VM01_SFOS 18.0.3 MR-3#

    ---------

    What i recognized is tha i have no licence in im Licence portal but if i do  a search for the licence it has run with i can find it as an UTM licence with SFOS. Maybe the problem is that my licence portal is now running under a different email adress. the email address in the licence is not longer existing.

    Christian

  • Did you, for some reason, reused this Serialnumber? Looks like you did.

    Device not found is a indicator, that your current "device ID" which will be generated by registration, does not exists anymore. Frequently occur, if you re used this SN once again, while the old appliance is still in use. This will replace your current appliance. 

    If you want to resolve this, the best way is to reinstall this XG and reinstall the old Serial. Then import your backup. 

    __________________________________________________________________________________________________________________

  • Hello,

    I only remember to have that Serial number none else. Can i import the backup only the for the configuration not for serial or licence key?

    Christian

  • Just one additional question : I received a new serial number, could i register this device with that?

  • Yes you can but you will have to reinstall from an installation image which will completely wipe your installation.

    However, you can take a backup first and then restore it. The new serial number will be kept, it isn't part of the backup.

  • Hi JasP, it means the interfce and routing configuraion as well? Just to be shure, as i then need to shutdown the old one first to avoid IP address conflicts.

  • Yes it will restore the interface and routing configuration as well. Make sure you use the backup/restore option not the import/export option.

Reply Children
No Data