Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMA 500v - losing license information (10.2.0.2)

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

from time to time several customers facing the issues that SMA 500v is losing it's license information and no user can log into the appliance any more. A restart of the SMA 500v fixes the issue, a manual license sync does not.

I couldn't found any pattern, but internet connection and DNS resolver worked without trouble in the time of the outage.

I have syslog logging enabled and found these related log entries.

15 times over a 30 minutes period:
License Manager not responding. Restart may be necessary.


Until restarting the appliance:
License Manager not responding for an extended period. Licenses must be updated.


UPDATE:

Around one hour before the license complains I found these log entries which might be related?

Failed to setup detail log chain
Failed to setup IPQ chain
Failed to setup Botnet cache chain
Failed to setup GeoIP chain
Failed to setup Botnet chain
Failed to setup Default Allow chain


Anything we can do to have this working more stable, because SMA outages are not welcome these times.

--Michael@BWC

Category: Secure Mobile Access Appliances
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi,

    I guess I'am alone on this, but further analysis of the logfiles brought me to the conclusion that the internal iptables/netfilter got messed up somehow, which is indicated by the log message shown before.

    It maybe caused by Botnet oder GeoIP filtering which we use to block nearly all countries worldwide and just allow a few.

    Right before the restart of the appliance I can hundreds/thousands messages like that:

    Failed to remove 222.186.136.150 from block list, will try again later 
    

    Really noone is facing this issue or is it already known at SNWL?

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi,

    one last try because it happened again. Anyone saw this before?

    Unreadable string in the license information. Ignore...
    


    Which caused this a minute later:

    Unreadable string in the license information. Ignore...
    

    But TCP connection check to licensemanager.sonicwall.com and lm2.sonicwall.com was successfull at this point.

    --Michael@BWC

  • Halon5Halon5 Enthusiast ✭✭

    @BWC , 10.2.0.3 Released !

    bags you try it first.. LOL.

  • SimonSimon Moderator
    edited November 2020

    Hi @BWC

    The SMA 500v must access the back end license manager every 5 days or its license expires.

    Here is the KB article that describes this issue:

    If you are seeing many instances of the error log then you need to investigate why the SMA can not talk the either lm.sonicwall.com or lm2.sonicwall.com or licensemanager.sonicwall.com on port 443.

    If you are having logs like the following this is a different issue:

    [Wed Jul 22 23:56:32 2020]watchdog: no 'licenseManager' process detected

    In this case there was a bug opened where the license manager process on the SMA would go down and prevent the SMA from accessing the license manager until the SMA was power cycled. SMA-1582, seen in the Hyper-V virtual, was fixed in July and firmware version 10.2.0.2.

    What version are you running @BWC?

  • @BWC , does a reboot fix it? If so, you can set the box to reboot automatically every night (assuming its not a 24/7 operation)in the diag/internal setting page until you can investigate this further.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi guys,

    thanks for chime in into this messy situation. If I get you right you don't see any relation to these "chain" messages.

    @Simon

    10.2.0.2, still waiting for the OK to upgrade to 10.2.0.3 from the customer, because of the update messages for the SMAConnectAgent, which raises confussion to the endusers. As mentioned before, TCP connection check to licensemanager and lm2 was working fine in the moment of trouble. I searched in the syslog files but no watchdog related messages, only the above which seem in context.

    @MasterRoshi

    Already suggested the auto-reboot to the customer because having no more ideas. As mentioned in the beginning only a restart fixes the situation. Because it's a critical remote access (somewhat 24x7) the customer wasn't very convinced on that "solution".

    Stay safe (and licensed).

    --Michael@BWC

Sign In or Register to comment.