License avoidance errors basically mean that Reporter VA is unable to communicate to the Broadcom licensing servers to validate the license.
Article will highlight following points:
With VA appliances (SG/CA/MC/Reporter) require Internet access to certain Broadcom domains in order to obtain a birth certificate which will be later used for license validation.
After the first license attempt is successfully, the Reporter is going to communicate with the licensing servers at Broadcom every hour to validate it.
In restricted environments with no Internet access, Offline license addon can be purchased.
This addon is not available by default.
For details contact your Sales Representative.
When the virtual appliance is initially deployed, in order for licensing to be properly retrieved and installed, it must have internet access. Also, it is necessary to keep the internet connection open at all times with each virtual appliance as they will be periodically reaching Broadcom servers to validate the license in order to prevent license duplicates.
The appliance will attempt to license itself automatically. If the license process somehow fails, you can license the appliance manually, by running the following command:
#licensing load username <Broadcom Portal username> password <Broadcom Portal password>
- The first time Reporter is brought online, it will try and communicate with Blue Coat every 5 minutes until it makes a successful connection.
- The Reporter attempts to establish a connection to validation.es.bluecoat.com on port 443. After a successful connection is made, the Reporter communicates with the licensing servers at Blue Coat every hour.
- If it cannot communicate with the licensing servers or the link is broken or blocked, the Reporter will allow a maximum of 7 days grace period to restore the connectivity before suspending the license. During that time, the Reporter will still try and communicate with the licensing servers back at Blue Coat.
- If more than one virtual appliance uses the same serial number, the Blue Coat licensing servers will detect this and send notification in logs. Maximum of 30 days to given to action and eliminate the duplicate. If there are more than two appliances sharing the same serial number, the grace period is decreased drastically. If the issue is not addressed, then the license will be suspended until the duplicates are removed.
Connect to the virtual appliance CLI via SSH and follow these steps:
- Enter 'enable' mode
- Enter 'configure' mode
- Enter 'ssl' mode
- Remove the existing default cert with the command: delete certificate default
- Create the new certificate with the command: create certificate default
- For the certificate 'Subject', enter this: CN=192.168.121.30,O=SYMC,OU=1006485912
Note: Replace CN, O, and OU with your details. CN must be IP address of Reporter and OU must be serial number
Once procedure is completed Reporter has to be restarted.
Once the certificate is created without error and Reporter has been rebooted, you should be able to login to Reporter.
-