McAfee application may fail to initialize if system clock isn't accurate

Article Id: 167973

Status: Published

Updated On: 13-05-2017 11:06

Legacy Id: TECH244187

Products:

XOS

Issue/Introduction:

McAfee application may fail to initialize if system clock isn't accurate.Symptoms:

McAfee application status is Down after chassis or VAP reload (the McAfee VAP doesn't become Active)

NTP cannot reach upstream server and the system clock is running significantly ahead of actual current time:

Aug 23 12:31:46 CBS ntpdate[4166]: no server suitable for synchronization found

Message on VAP virsh console reports a licencing issue:

The system has transitioned into failure mode for the following reason:
The firewall must be licensed.

Cause:

McAfee Firewall Enterprise may fail to initialize and application status stays Down if system clock isn't accurate.

Resolution:

Make sure the configured NTP server is reachable from the CPM. Verify system clock with the show calendar command. If necessary, remove unreachable NTP servers from XOS configuration and adjust the clock manually using the calendar command.

Workaround

N/A