SMA 500v - losing license information (10.2.0.2)
BWC
Cybersecurity Overlord ✭✭✭
Hi,
from time to time several customers facing the issues that SMA 500v is losing it's license information and no user can log into the appliance any more. A restart of the SMA 500v fixes the issue, a manual license sync does not.
I couldn't found any pattern, but internet connection and DNS resolver worked without trouble in the time of the outage.
I have syslog logging enabled and found these related log entries.
15 times over a 30 minutes period: License Manager not responding. Restart may be necessary.
Until restarting the appliance: License Manager not responding for an extended period. Licenses must be updated.
UPDATE: Around one hour before the license complains I found these log entries which might be related? Failed to setup detail log chain Failed to setup IPQ chain Failed to setup Botnet cache chain Failed to setup GeoIP chain Failed to setup Botnet chain Failed to setup Default Allow chain
Anything we can do to have this working more stable, because SMA outages are not welcome these times.
--Michael@BWC
Category: Secure Mobile Access Appliances
0
Answers
Hi,
I guess I'am alone on this, but further analysis of the logfiles brought me to the conclusion that the internal iptables/netfilter got messed up somehow, which is indicated by the log message shown before.
It maybe caused by Botnet oder GeoIP filtering which we use to block nearly all countries worldwide and just allow a few.
Right before the restart of the appliance I can hundreds/thousands messages like that:
Really noone is facing this issue or is it already known at SNWL?
--Michael@BWC
Hi,
one last try because it happened again. Anyone saw this before?
Which caused this a minute later:
But TCP connection check to licensemanager.sonicwall.com and lm2.sonicwall.com was successfull at this point.
--Michael@BWC
@BWC , 10.2.0.3 Released !
bags you try it first.. LOL.
Hi @BWC
The SMA 500v must access the back end license manager every 5 days or its license expires.
Here is the KB article that describes this issue:
If you are seeing many instances of the error log then you need to investigate why the SMA can not talk the either lm.sonicwall.com or lm2.sonicwall.com or licensemanager.sonicwall.com on port 443.
If you are having logs like the following this is a different issue:
[Wed Jul 22 23:56:32 2020]watchdog: no 'licenseManager' process detected
In this case there was a bug opened where the license manager process on the SMA would go down and prevent the SMA from accessing the license manager until the SMA was power cycled. SMA-1582, seen in the Hyper-V virtual, was fixed in July and firmware version 10.2.0.2.
What version are you running @BWC?
@BWC , does a reboot fix it? If so, you can set the box to reboot automatically every night (assuming its not a 24/7 operation)in the diag/internal setting page until you can investigate this further.
Hi guys,
thanks for chime in into this messy situation. If I get you right you don't see any relation to these "chain" messages.
@Simon
10.2.0.2, still waiting for the OK to upgrade to 10.2.0.3 from the customer, because of the update messages for the SMAConnectAgent, which raises confussion to the endusers. As mentioned before, TCP connection check to licensemanager and lm2 was working fine in the moment of trouble. I searched in the syslog files but no watchdog related messages, only the above which seem in context.
@MasterRoshi
Already suggested the auto-reboot to the customer because having no more ideas. As mentioned in the beginning only a restart fixes the situation. Because it's a critical remote access (somewhat 24x7) the customer wasn't very convinced on that "solution".
Stay safe (and licensed).
--Michael@BWC
Updates my sightings over here:
--Michael@BWC