Error: "The license did not download (status=-14500)" Failed to activate AV Vendor license using Content Analysis

book

Article ID: 169137

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

Failed to activate AV Vendor license with error message "The license did not download (status=-14500)" using Content Analysis

Fail to activate and download AV license, a License Download Failure pop up with following message:

The license did not download (status=-14500)

At the CAS management console, go to System > Licensing, the Base License component status is Active and Sandboxing component is available, whereas Antivirus component is unavailable as shown in figure below:

License Download Failure 14500 status

Command line show licenses show AV license status as unknown

CAS# show licenses
* Base license
Kaspersky Labs (unknown)
McAfee, Inc. (unknown)
Sophos, Plc. (unknown)
* Sandboxing
File Reputation (unknown)
Cylance (unknown)

Cause

Internet access is available however packet capture shows ssl alert handshake failure (40) on following URLs.

device-services.es.bluecoat.com
subscription.es.bluecoat.com

Note: Wireshark Display Filter is ssl.alert_message.desc == 40

Noticed repeated Error message in clp_services.log (Go to Utilities > System Logs > Click the magnifier icon to View)

Error Message Keywords in clp_services.log

  1. License file DOES NOT exist
  2. Error initializing license data
  3. license is not installed
  4. request failed with SSLPeerUnverifiedException
  5. peer not authenticated


Error Message Example:

[main] ERROR com.bluecoat.clp.license.ClpLicenseManager- LIC_MGR: validateLicenseFile: License file DOES NOT exist.

[main] ERROR com.bluecoat.clp.license.ClpLicenseManager- Error initializing license data

localhost ErrorCode=-14203: ErrorMessage=license is not installed

[Thread0.7023404319999382] WARN com.bluecoat.clp.downloadservice.DownloadThread- Executing head request failed with SSLPeerUnverifiedExceptionDownloadResponse: URI = https://subscription.es.bluecoat.com/whitelisting/license?device=<serial number>, StatusCode = 0, StatusMessage = null, ReasonMessage = null, AmountDownloaded = 0, DownloadDate =, CurrentlyDownloading = false, StartTime = null, EndTime = null, RequestToken = null, ETag = null


[Thread0.7946303028211905] WARN com.bluecoat.clp.downloadservice.DownloadThread- Executing head request failed with SSLPeerUnverifiedExceptionDownloadResponse: URI = https://device-services.es.bluecoat.com/licensing/lkf.cgi, StatusCode = 0, StatusMessage = null, ReasonMessage = null, AmountDownloaded = 0, DownloadDate = , CurrentlyDownloading = false, StartTime = null, EndTime = null, RequestToken = null, ETag = null

localhost javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Resolution

Solution provided was to acquire factory certificate by performing CLI command via SSH:

CAS# acquire-factory-certificate
writing RSA key
Certificate was added to keystore
Success

[CAS Versions (2.x) use CAS# request-appliance-certificate]

CAS# request-appliance-certificate
  ok

After that, able to activate AV engine and download pattern.

 

 

 

 

Attachments