Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

NSM license utility and license file verification

0

0

Article ID: KB20968 KB Last Updated: 01 Jun 2011Version: 1.0
Summary:
This article describes the license verification system and how to troubleshoot it.
Symptoms:
Starting with NSM 2007.3, NSM requires the installation of a valid license file in order to manage more than 25 devices, which is the number included in the base license.

Issues & Errors:
  • On occasion, the NSM UI may report that there are no licenses available when trying to add a device. 
  • The license management utility, /usr/netscreen/GuiSvr/utils/licenseDebug.sh, may report that a previously valid license is no longer valid.
  • During an install or upgrade attempt, the license validation might fail with messages similar to:
Enter the License File Path> /tmp/license.txt
Validating License File.....................................FAILED
Either file is not valid, or it doesn't belong to this system or you have more devices on system than license permits

  • Log entries in /var/netscreen/GuiSvr/errorLog/guiDaemon.0 may look like:
2011/04/14-15:12:09.866 error [Pooh] License does not belong to this system, please check and re-install.
  • Attempts to re-install the license from the GUI may also fail.
Solution:
All of the NSM application processes now run as the "nsm" user rather than the "root" user.  So, the license verification utility must be able to return the same "InstallId" and verify the license as both the "nsm" user and the "root" user.

The following shows the steps to take to ensure proper operation of the licenseDebug.sh utility. All of these commands will be run on the CLI of the NSM (or NSMXpress) server as the root user.

Step A:
  1. Stop the following services:
    /etc/init.d/haSvr stop
    /etc/init.d/guiSvr stop
    /etc/init.d/devSvr stop
  2. Enter: /usr/netscreen/GuiSvr/utils/setperms.sh DevSvr GuiSvr HaSvr
  3. Change directory: cd /usr/netscreen/GuiSvr/utils
  4. The output of the following command should look similar to that shown below: ls -l .installIdTool

    -r-sr-s--- 1 root nsm 483322 Feb 26 12:57 .installIdTool
    (although the size may be different)
    Note the "-r-sr-s---" permissions and the "root:nsm" ownership.   These are critical. If the permissions and ownership do not look like that, please run the following two commands:

    chown root:nsm .installIdTool
    chmod 6550 .installIdTool
Now we have established proper ownership of all the NSM files on the system.

Step B:
  1. Verify the license and the system installId as both the root user and the NSM user. The output of the next two commands (run as root) must be identical to the output when they are run as the NSM user. 
    ./licenseDebug.sh installId
    ./licenseDebug.sh verify /var/netscreen/GuiSvr/license/license.txt
    Sample output from a lab NSM server:
    [root@nsm-vm-96 ~]# /usr/netscreen/GuiSvr/utils/licenseDebug.sh installId
    Installation Id: 30002F0AE521E
    [root@nsm-vm-96 ~]# /usr/netscreen/GuiSvr/utils/licenseDebug.sh verify /var/netscreen/GuiSvr/license/license.txt
    GPG verification Passed

  2. Now, change to the NSM user and rerun the same two commands:
    [root@nsm-vm-96 ~]# su - nsm
    -sh-3.00$ cd /usr/netscreen/GuiSvr/utils/
    -sh-3.00$ ./licenseDebug.sh installId
    Installation Id: 30002F0AE521E

    -sh-3.00$ ./licenseDebug.sh verify /var/netscreen/GuiSvr/license/license.txt
    GPG verification Passed

    Note that the output is identical. This must work on your system or license verification will fail.

  3. If this does work, you can restart the services and check the license in the GUI.

    If it does not work, there may be an issue with the license file, 'var/netscreen/GuiSvr/license/license.txt', itself.  You can try to re-install the GPG utility as in the following article: NSM - How to check and verify NSM GPG installation for license file verification

Please contact JTAC for further assistance.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search