Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

General troubleshooting of license update issues in Deep Security

    • Updated:
    • 13 May 2015
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Platform:
    • Amazon AMI 32-bit
    • Amazon AMI 64-bit
    • CentOS 5.4 32-bit
    • CentOS 5.4 64-bit
    • CentOS 5.5 32-bit
    • CentOS 5.5 64-bit
    • CentOS 5.6 32-bit
    • CentOS 5.6 64-bit
    • CentOS 5.7 32-bit
    • CentOS 5.7 64-bit
    • CentOS 5.8 32-bit
    • CentOS 5.8 64-bit
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • CentOS 6.1 32-bit
    • CentOS 6.1 64-bit
    • CentOS 6.2 32-bit
    • CentOS 6.2 64-bit
    • HPUX 11.x
    • IBM AIX
    • IBM AIX 5.3
    • IBM AIX 6.1
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE 10
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Oracle Linux 5 32-bit
    • Oracle Linux 5 64-bit
    • Oracle Linux 6 32-bit
    • Oracle Linux 6 64-bit
    • Oracle Solaris 11 SPARC
    • Oracle Solaris 11 x86
    • Ubuntu 10.04 64-bit
    • Ubuntu 12.04 64-bit
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 4.0
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware ESXi 5.1
    • VMware ESXi 5.5
    • VMware vCenter 5.0
    • VMware vCenter 5.5
    • VMware vSphere 5.1
    • VMware vSphere 5.5
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Server Core
    • Windows 2008 Server Foundation
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Datacenter
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Server R2 with Hyper-V(TM)
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Foundation R2
    • Windows 2012 Standard R2
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows 8.1 32-bit
    • Windows 8.1 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
    • Windows XP SP2 32-bit
    • Windows XP SP3 32-bit
Summary

When updating license in Deep Security, you may experience the following issues:

Issue 1: In Deep Security 9.0 SP1 P2, license shows wrong expiration date.
Solution: Upgrade to Deep Security 9.0 SP1 P3 or P4.

Issue 2: Unable to update licenses and extend license expiration date due to inconsistent expiration date in Deep Security Manager (DSM) and in PLS portal.
Solution: Upgrade to Deep Security 9.0 SP1 P3 or P4.

Issue 3: DSM allows users to enable multi-tenancy using expired activation license codes.
Solution: Upgrade to Deep Security 9.0 SP1 P4. This build has a checking mechanism for the validity of an activation code before allowing users to enable the multi-tenancy functionality using the code.

Issue 4: “Relay license is expired” appears in Deep Security 8.0.
Solution: This alert can be ignored because the Relay is updated and fixed in Deep Security 8.0 SP2.

These issues give the following error code (Unexpected ErrorCode: -536805286) from the PR module:

/* Fail, socket connect fail */
PR_ERROR_TMDL_HTTP_SOCKET_CONNECT_FAIL: Socket connection failed.

Details
Public

To prevent license update issues, check on the following before performing license update:

The Activation Code (AC) contains the following information:

  • Initial LED (License Expiration Date)
    The default LED in AC will be overridden by the one from the server after performing Online License Update.
  • Initial grace period
    The date is the same with LED.
  • License enforcement flag
    This indicates whether or not the product enforces license expiry.
  • Others: Product Code, Version Type, BU Code, Language, OS, Application, Volume

If the AC is incorrect, acquire new AC.

There are two (2) activation modes included during license activation. A product can perform an Online License Update via Internet access in an online environment unlike in offline environment wherein you can only check the LED in the AC.

Sometimes, database cannot be updated when updating product license. Do the following:

    1. Backup your database.
    2. Go to dbo.modulestatuses and delete all the rows there by executing:

      truncate table dbo.modulestatuses

    3. Go to dbo.activtioncodes and delete all the rows there by executing:

      truncate table dbo.activationcodes

If some tables are unable to truncate, delete the activation code manually:

To check the ActivationCodeID field, use the command:

select * from dbo.activationcodes

To check which rows are using the ActivationCodeID found above, use the command:

select * from dbo.modulestatuses

To delete the rows containing reference to ActivationCodeID, use the command:

delete from dbo.modulestatuses where ActivationCodeID='3'

To delete all the rows containing ActivationCodeID='3', use the command:

delete from dbo.activationcodes where ActivationCodeID='3'

Non-Proxy

Customer should ensure the normal network environment by doing the following:

  1. Test connection by accessing the license server URL from the DSM via Internet Explorer (IE):

    http://licenseupdate.trendmicro.com/ollu/license_update

    If the URL cannot be opened, establish the connectivity. If you can successfully access the URL, proceed to Step 2.

  2. Check Domain Name System (DNS) whether the URL can be translated into IP address. If nslookup license server URL failed, add it into the Windows host file, c:\windows\system32\drivers\etc.

Proxy

When using a proxy server, check on the following:

  1. Verify proxy settings:
    • dsm_c.exe -action viewsetting -name configuration.managerUpdateProxyID
    • dsm_c.exe -action viewsetting -name configuration.managerUpdateProxyFlag
  2. Check the Proxy Protocol, users should ONLY select HTTP.

    Using HTTP as Proxy Protocol

     
    Deep Security 9.0 SP1 P2 Readme file states that DSM does not support license updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS proxy. To use these two features, use an HTTP proxy.
     
  3. Check the Proxy User Name and Password. Ensure that you type the correct entries.

    Verifying User Name and Password

Premium
Internal
Rating:
Category:
Troubleshoot; Update; SPEC; Register
Solution Id:
1108763
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.