Authentication, license, or 503 error when opening the console

book

Article ID: 222902

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

The Information Centric Analytics (ICA) console doesn't load when opened from any browser. Any of the following error messages may be displayed:

Service Unavailable
HTTP Error 503. The service is unavailable.
Invalid License
Risk Fabric is currently unavailable and requires a valid license. Please contact your system administrator for more information.
Error
There was an error authenticating the user to the system. Please try again and if the error continues contact the system administrator.
Request Failed
An error occurred trying to logdetail

The following entries may be recorded in the ICA server log:

[1:INFO] LicensingController.GetProductStatus() Checking Symantec license RISK-FABRIC 1.0
[1:ERROR] LicensingController.GetProductStatus() Could not validate Symantec license
slic_net.SlicException: The feature requested does not exist.
   at slic_net.HandleSlicError(slic_error* err)
   at slic_net.LicenseManagerTemp.CreateLicense(String featureName, String version)
   at RiskFabric.Web.Library.Licensing.LicensingController.GetProductStatus()

If this error occurred during an active console session, the following entry may also be recorded in the log:

[8:ERROR] LoggingExceptionFilterAttribute.OnException() http://<hostname>/<function>
System.Web.HttpException (0x80004005): Invalid license.

The following error may also be logged in the RiskFabric Log_Client table:

Request/response -- url:/api/Portal/GetProductStatus api:null params:undefined extraParams:null Status: 0 StatusText: responseText: -- portalConfig -- _PortalUserId :null _Administrator :null _CanViewMetrics :null _CanViewDIMRemediation :null _CanRemediateDIM :null _CanViewComplianceRemediation :null _CanRemediateCompliance :null _ExceptionAdministrator :null _CanViewScanExclusionS3 :null _CanViewScanExclusionAdmin :null _ScanExclusionAdministrator :null _CanViewPII :null

In some cases, the Risk Fabric application pool (RiskFabricAppPool) in IIS is stopped and will not remain in a running state. The ICA server log may show attempts at checking the license file, but no entries indicating success or failure. E.g.:

[1:INFO] LicensingController.GetProductStatus() Checking Symantec license RISK-FABRIC 1.0[1:INFO] StdSchedulerFactory.Info() Using object serializer: Quartz.Simpl.BinaryObjectSerializer, Quartz<...>

In very rare cases, the RiskFabricAppPool stops and no entries are written to the ICA server log.

Cause

In most cases, the license for ICA has expired or the license file is missing from the following path on the IIS application server hosting ICA:

%SystemDrive%\ProgramData\Symantec Shared\Licenses

In environments that have locked-down additional security policy settings, the right Logon as Batch may be disabled for the account being used for the RiskFabricAppPool identity in IIS.

Environment

Release : 6.5.x

Component : License

Resolution

For those environments in which the right Logon as Batch is disabled for the ICA service account in Active Directory, that right will need to be granted. This is an additional prerequisite for installing ICA and will be added to the Prerequisites and Privileges for Installing and Administrating Symantec ICA section of the Administrator Guide.

If your license has expired, obtain a new active license file and activate it via the Symantec ICA Installation Wizard:

After activating the new license file, restart the Risk Fabric application pool in IIS.

If your license has not expired but the license file is missing, download a new copy of the license file from support.broadcom.com and either copy it to the license folder or register it through the Symantec ICA Installation Wizard.

After restoring the old license file, restart the Risk Fabric application pool in IIS.

Additional Information

The ICA server log is stored in the following default path on the IIS application server hosting ICA:

%SystemDrive%\ProgramData\BayDynamics\Logs\

The log name is in this format:

w3wp_RiskFabric.yyyymmdd.log

Additional information about the Logon as Batch right can be found in this Microsoft KB article.

Attachments