Guidelines when Troubleshooting Management Center Licensing

book

Article ID: 196620

calendar_today

Updated On:

Products

Management Center Management Center - VA

Issue/Introduction

This article should serve as a guideline when troubleshooting newly deployed or newly rebuild Management Center where licensing installation fails.  This guideline has been tested  helpful  as well when troubleshooting a scenario where  customer suddenly seeing license avoidance message on MC UI that been licensed and deployed for sometime on their network.

Cause

Communication failures Management Center and Broadcom Licensing servers

Environment

You have configured the correct Management Center's serial number provided under your account.   

 

Resolution


1.  Any MITM could break licensing communication between MC and licensing server. If MC goes via proxy, make sure it (proxy) does NOT do protocol detection (i.e. no certificate checks) nor ssl interception on any communication that happens between MC and Broadcom Licensing Servers.   An explicit proxy configured on MC can be easily verified by running "show running-config proxy" under MC CLI/privilege mode.  However, any upstream proxy (e.g. proxy-chaining enviroment), transparent proxy and/or similar intelligent devices within your premise may still be on network path on which it/they  may be doing detect protocol and/or ssl interception.   If you are not sure about network path MC traverse within your premise, highly suggest to engage your network team  or refer to your latest network diagram to determine such device/s.  

2. Licensing server may tolerate time drifts (few seconds) but make sure MC clock (show clock)  is  current or not too far from current time.       Note that MC would inherit host clock soon after deployment by default but you can modify MC clock manually if needed. 

If you define internal or public NTP server (e.g. ntp.bluecoat.com, ntp2.bluecoat.com) and verified ntp is syncing, manually adjusting clock is not necessary.    

3. Make sure your network allows (.e.g, FW, proxy, edge router, etc) communication of MC to Broadcom's licensing servers.   

4   Reboot MC prior licensing or  re licensing the unit if scenario below applies:

  -    Management Center has been deployed and kept running unlicensed for more than 24 hours.

  -    Multiple Network configuration changes made on CLI.  

To reboot MC, run "restart" command under MC CLI, privilege mode.  

5. After unit comes back from restart/reboot run the command under MC, CLI privilege mode.    

licensing load username [email protected] password helloworld
 
  
Note:  Replace "[email protected]" and "helloworld" above with your valid Broadcom Portal credentials.  Usually, this is the same credentials that you used to download code from Broadcom Software Portal.  
 
An "ok" return indicates MC able to fetch birth certificate (i.e. for first time license installation of MC-VA) and  license.   You could also verify license installed by running "show licenses" via MC CLI.

If you were seeing license avoidance message in MC UI, this said message may stay for a while even after you have identified and/or fixed the underlying cause.   As long as no further interruption on MC and licensing server's communication,  the message should clear by itself in few hours to a day.