License avoidance errors basically mean that Reporter VA is unable to communicate to the Broadcom licensing servers to validate the license. So in this article, we abroad the following points.
Explanation on how the licensing process works
4. Desired NTP to be set or permit ntp.bluecoat.com and ntp2.bluecoat.com
5. What to do when the birth certificate on the virtual appliance is expired, and we see license errors related to this certificate
With VA appliances (SG/CA/MC/Reporter), they must be allowed out the network to Symantec.com and Bluecoat.com to obtain a birth certificate which will be later used for license validation. In addition, the Reporter needs to download the buff libraries that are required for Web Application. After the first license attempt is successfully, the Reporter is going to communicate with the licensing servers at Blue Coat every hour to validate it.
The offline license file is either for physical appliances or for VMs where you have purchased a special 'offline' license. Most VM customers do not have this special license. If internet access should not be allowed due to security restrictions, an offline license must be purchased.
When the virtual appliance is initially deployed, in order for licensing to be properly retrieved and installed, it must have internet access. Also, it is necessary to keep the internet connection open at all times with each virtual appliance as they will be periodically reaching Broadcom servers to validate the license in order to prevent license duplicates.
The appliance will attempt to license itself automatically. If the license process somehow fails, you can license the appliance manually, by running the following command:
#licensing load username <Broadcom Portal username> password <Broadcom Portal password>
More information on this command can be found here:
The first time Reporter is brought online, it will try and communicate with Blue Coat every 5 minutes until it makes a successful connection. The Reporter attempts to establish a connection to https://validation.es.bluecoat.com/phs.cgi After a successful connection is made, the Reporter communicates with the licensing servers at Blue Coat every hour. If it cannot communicate with the licensing servers or the link is broken or blocked, the Reporter will allow a maximum of 7 days grace period to restore the connectivity before suspending the license. During that time, the Reporter will still try and communicate with the licensing servers back at Blue Coat. If more than one virtual appliance uses the same serial number, the Blue Coat licensing servers will detect this and notify you. You then have a maximum of 30 days to take action and eliminate the duplicate. If there are more than two appliances sharing the same serial number, the grace period is decreased drastically. If the issue is not addressed, then the license will be suspended until the duplicates are removed.
Connect to the virtual appliance CLI via SSH and follow these steps:
note: please replace CN, O, and OU with your details... CN must be IP address of Reporter and OU must be serial number
Now reboot Reporter. First run command exit to exit out of SSL. Now run command restart to reboot Reporter certificate.
Once the certificate is created without error and Reporter has been rebooted, you should be able to login to Reporter.