Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[WebApp Secure/Mykonos] Troubleshooting JWAS license server reachability issues



Article ID: KB30318 KB Last Updated: 19 Feb 2016Version: 2.0

Junos WebApp Secure (JWAS) needs to reach the the Mykonos license server in order for license load and renewals to go through.


Unable to load or renew a license because JWAS cannot reach the license server.


Follow the troubleshooting steps below to determine the cause of the problem.


Complete the following troubleshooting steps:

  1. Make sure that port 443 is being allowed on the network to reach the license server

  2. Use nslookup to resolve the IP address of the license server to make sure that the DNS resolution is working.

  3. If the resolution doesn’t occur, check the  /etc/resolv.conf file entries for DNS and set the DNS appropriately if it is missing or incorrect. This can be set using the command cli system set dns nameservers <dns_server_ip>.

  4. Get a tcpdump on the relevant interface to see where the connection is getting dropped: sudo tcpdump -i eth0 -w /tmp/license.pcap host and port 443

  5. If the license request is not being seen at all in pcaps, there is a routing issue. Check to make sure that the proxy settings on JWAS are correct. The proxy IP address cannot be the JWAS IP itself. If it is, then the license request cannot be sent out. The cli system show proxy command should be either null (if no proxy is used) or the IP address of the proxy server, but not JWAS itself.

  6. If any "Pyro" service error is seen, restart the pyro service by running the command sudo /etc/init.d/mykonos-pyro restart.
[mykonos@JWAS-89 ~]$ cli system show proxy
[mykonos@JWAS-89 ~]$

[mykonos@JWAS-89 ~]$ nslookup

Non-authoritative answer:

[mykonos@JWAS-89 ~]$

Update: The Juniper DNS server IP is changed and for a quick tweak, please use the following DNS nameserver when manually adding an entry to /etc/resolv.conf: IP:
Use the following command: cli system set dns nameservers Restart the service to get the license update after the above changes.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search