Topic |
Scenario |
Outcome |
Remediation |
Upgrade from pre 1.4.2.x |
- No birth certificate
- Fully licensed
- Internet connectivity
|
License avoidance error immediately encountered |
Option 1
- Post upgrade, connect Management Center to the Internet
- Re-license on NPLP, using either the CLI or UI
- Wait for 5 minutes to elapse
Option 2
- Pre-upgrade, connect Management Center to the Internet
- Re-license on NPLP, using either CLI or UI
Option 3
- Post upgrade, obtain a license with the “offline license”
- Install the new license.
|
- Valid birth certificate
- Fully licensed
- Internet connectivity
|
No issues |
N/A |
New 1.4.2.x installation |
- Subscription-based license format (not perpetual)
- License via URL or by copy and paste
- No internet connectivity
|
Unable to license Management Center |
Option 1
- Connect Management Center to the Internet
- License on NPLP, using either CLI or UI
- Wait for 5 minutes to elapse
|
- Subscription-based license format (not perpetual)
- License using NPLP
- Internet connectivity
|
No issues |
N/A |
- Perpetual license format
- License via URL or by copy and paste
- License has birth certificate and user has passphrase
- No internet connectivity
|
Management Center is licensed but license avoidance error immediately encountered |
Option 1
- Connect Management Center to the Internet
- Wait for 5 minutes to elapse
Option 2
- Obtain a license with the “offline” component
- Install the license
|
- Perpetual license format
- License using NPLP
- Internet connectivity
|
No issues |
N/A |
Running 1.4.2.x or later |
- Fully licensed
- Has Internet connection for some time but then loses Internet connection
|
- Management Center will attempt to contact Symantec every hour
- There is a maximum grace period of 7 days
- If the Internet connection is not restored within the 7-day grace period, Management Center sends a “License Avoidance” message
NOTE: Users do not receive a warning during the grace period.
|
Option 1
- Fix Internet connectivity within the 7-day grace period
Option 2
- Obtain a license with the “offline” component
- Install the license
|
Any release |
- Perpetual or subscription-based license format
- License using NPLP
- Internet connectivity
- Incorrect proxy settings
|
Unable to license Management Center |
Option 1
- Go to Administration > Settings > HTTP Proxy.
- Verify proxy settings. You must enter the IP address of the proxy, not a VIP address.
|
Workaround
A few key notes to keep in mind for troubleshooting:
- Ensure the birth certificate is valid. To determine if you have a birth certificate on your VA, attempt to retrieve the license from the CLI by issuing the following command:
(For MC version 1.x) #license get-from-bluecoat
If you are prompted for your Symantec/Broadcom credentials, the birth certificate is missing.
(For MC version 2.x) #show birth-certificate-status
If birth certificate shows valid, you could refetch license by running
#licensing load username <Broadcom Portal username> password <Broadcom Portal password>
Ensure that you can successfully ping the following:
-
- License validation servers (validation.es.bluecoat.com)
- MySymantec (bto.bluecoat.com)
- Attempt a tracepath to validation.es.bluecoat.com.
- Is there anything in the network that could be blocking this request?
- Is a proxy required for Management Center to make this request? If so, please add the correct proxy settings or ensure that the existing settings are correct.
- Enable verbose logging, let it run for about 5 minutes, and then get the logs. Use the logs to see if there are any issues on Management Center.
- Packet Capture is possible with Management Center 11.5.2.1 and later only. You have to be in enable mode and the syntax is:
- pcap info: Shows the status of the pcap~
- pcap filter, clear, set-host, set-port, view. These options do exactly what they suggest.
- pcap start, pcap stop.
- To download the pcap you need to download the entire diagnostics from the CLI:
service upload-diagnostics: there are several options for uploading. Use the ? for the complete list.
- Using the packet capture, you should be able to see if there is anything blocking the network path.