The Information Centric Analytics (ICA) portal doesn't load when opened from any browser. Any of the following error messages may be displayed:

Service Unavailable
HTTP Error 503. The service is unavailable.

Invalid License
Risk Fabric is currently unavailable and requires a valid license. Please contact your system administrator for more information.

Error
There was an error authenticating the user to the system. Please try again and if the error continues contact the system administrator.

Request Failed
An error occurred trying to logdetail

Request Failed
Your Request Failed. Click 'OK' to close this window or 'Refresh' to refresh the page. Try again or contact the site administrator.

Error ID: <n>

The following entries may be recorded in the ICA server log:

[1:INFO] LicensingController.GetProductStatus() Checking Symantec license RISK-FABRIC 1.0
[1:ERROR] LicensingController.GetProductStatus() Could not validate Symantec license
slic_net.SlicException: The feature requested does not exist.
   at slic_net.HandleSlicError(slic_error* err)
   at slic_net.LicenseManagerTemp.CreateLicense(String featureName, String version)
   at RiskFabric.Web.Library.Licensing.LicensingController.GetProductStatus()

[1:INFO] LicensingController.GetProductStatus() Checking Symantec license RISK-FABRIC 1.0
[1:ERROR] LicensingController.GetProductStatus() Could not validate Symantec license
System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
   at slic_cpp.LicenseInfo.FeatureName(LicenseInfo* , basic_string<wchar_t\,std::char_traits<wchar_t>\,std::allocator<wchar_t> >* )
   at slic_net.LicenseInfo.get_FeatureName()
   at RiskFabric.Web.Library.Licensing.LicensingController.GetProductStatus()

If this error occurred during an active portal session, the following entry may also be recorded in the log:

[8:ERROR] LoggingExceptionFilterAttribute.OnException() http://<hostname>/<function>
System.Web.HttpException (0x80004005): Invalid license.

The following error may also be logged in the RiskFabric Log_Client table of ClientLogType REQUEST EXCEPTION :

Request/response -- url:/api/Portal/GetProductStatus api:null params:undefined extraParams:null Status: 0 StatusText: responseText: -- portalConfig -- _PortalUserId :null _Administrator :null _CanViewMetrics :null _CanViewDIMRemediation :null _CanRemediateDIM :null _CanViewComplianceRemediation :null _CanRemediateCompliance :null _ExceptionAdministrator :null _CanViewScanExclusionS3 :null _CanViewScanExclusionAdmin :null _ScanExclusionAdministrator :null _CanViewPII :null

In some cases, the Risk Fabric application pool (RiskFabricAppPool) in IIS is stopped and will not remain in a running state. The ICA server log may show attempts at checking the license file, but no entries indicating success or failure. For example:

[1:INFO] LicensingController.GetProductStatus() Checking Symantec license RISK-FABRIC 1.0[1:INFO] StdSchedulerFactory.Info() Using object serializer: Quartz.Simpl.BinaryObjectSerializer, Quartz<...>

In very rare cases, the RiskFabricAppPool stops and no entries are written to the ICA server log.

Release : 6.x

Component : License

In most cases, the license for ICA has expired or the license file is missing from the following path on the IIS application server hosting ICA:

%SystemDrive%\ProgramData\Symantec Shared\Licenses

This error will also manifest when the password of the ICA service account has changed in Active Directory but has not been updated for the RiskFabricAppPool identity in IIS. If the service account password has not been updated in SQL Server and SQL Server Analysis Services (SSAS), this error may be concurrent with failures in the cube processing steps of the RiskFabric Processing job and RiskFabric Intraday Processing job.

In environments that have locked-down additional security policy settings, the right Logon as Batch might be disabled for the account being used for the RiskFabricAppPool identity in IIS.

If the ICA service account password has changed, follow the procedures in the Resolution section of Broadcom KB article 226575, Update ICA services credentials and data source credentials.

For those environments in which the right Logon as Batch is disabled for the ICA service account in Active Directory, that right must be granted. Refer to the Required Steady State Privileges section of the Information Centric Analytics Administrator Guide.

If your license has expired, obtain a new active license file and activate it via the Symantec ICA Installation Wizard:

After activating the new license file, restart the RiskFabric application pool in IIS.

If your license has not expired but the license file is missing, download a new copy of the license file from https://support.broadcom.com and either copy it to the license folder or register it through the Symantec ICA Installation Wizard. After restoring the old license file, restart the RiskFabric application pool in IIS.

The ICA server log is stored in the following default path on the IIS application server hosting ICA:

%SystemDrive%\ProgramData\BayDynamics\Logs\

The log name is in this format:

w3wp_RiskFabric.<yyyyMMdd>.log

Additional information about the Logon as Batch right can be found in the Microsoft KB article Log on as a batch job:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job

NOTE: URL valid as of December 21, 2023