When updating license in Deep Security, you may experience the following issues:
Issue 1: In Deep Security 9.0 SP1 P2, license shows wrong expiration date.
Solution: Upgrade to Deep Security 9.0 SP1 P3 or P4.
Issue 2: Unable to update licenses and extend license expiration date due to inconsistent expiration date in Deep Security Manager (DSM) and in PLS portal.
Solution: Upgrade to Deep Security 9.0 SP1 P3 or P4.
Issue 3: DSM allows users to enable multi-tenancy using expired activation license codes.
Solution: Upgrade to Deep Security 9.0 SP1 P4. This build has a checking mechanism for the validity of an activation code before allowing users to enable the multi-tenancy functionality using the code.
Issue 4: “Relay license is expired” appears in Deep Security 8.0.
Solution: This alert can be ignored because the Relay is updated and fixed in Deep Security 8.0 SP2.
These issues give the following error code (Unexpected ErrorCode: -536805286) from the PR module:
/* Fail, socket connect fail */
PR_ERROR_TMDL_HTTP_SOCKET_CONNECT_FAIL: Socket connection failed.
To prevent license update issues, check on the following before performing license update:
The Activation Code (AC) contains the following information:
- Initial LED (License Expiration Date)
The default LED in AC will be overridden by the one from the server after performing Online License Update. - Initial grace period
The date is the same with LED. - License enforcement flag
This indicates whether or not the product enforces license expiry. - Others: Product Code, Version Type, BU Code, Language, OS, Application, Volume
If the AC is incorrect, acquire new AC.
There are two (2) activation modes included during license activation. A product can perform an Online License Update via Internet access in an online environment unlike in offline environment wherein you can only check the LED in the AC.
Sometimes, database cannot be updated when updating product license. Do the following:
- Backup your database.
- Go to dbo.modulestatuses and delete all the rows there by executing:
truncate table dbo.modulestatuses
- Go to dbo.activtioncodes and delete all the rows there by executing:
truncate table dbo.activationcodes
If some tables are unable to truncate, delete the activation code manually:
To check the ActivationCodeID field, use the command:
select * from dbo.activationcodes
To check which rows are using the ActivationCodeID found above, use the command:
select * from dbo.modulestatuses
To delete the rows containing reference to ActivationCodeID, use the command:
delete from dbo.modulestatuses where ActivationCodeID='3'
To delete all the rows containing ActivationCodeID='3', use the command:
delete from dbo.activationcodes where ActivationCodeID='3'
Non-Proxy
Customer should ensure the normal network environment by doing the following:
- Test connection by accessing the license server URL from the DSM via Internet Explorer (IE):
http://licenseupdate.trendmicro.com/ollu/license_update
If the URL cannot be opened, establish the connectivity. If you can successfully access the URL, proceed to Step 2.
- Check Domain Name System (DNS) whether the URL can be translated into IP address. If nslookup license server URL failed, add it into the Windows host file, c:\windows\system32\drivers\etc.
Proxy
When using a proxy server, check on the following:
- Verify proxy settings:
- dsm_c.exe -action viewsetting -name configuration.managerUpdateProxyID
- dsm_c.exe -action viewsetting -name configuration.managerUpdateProxyFlag
- Check the Proxy Protocol, users should ONLY select HTTP.
Deep Security 9.0 SP1 P2 Readme file states that DSM does not support license updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS proxy. To use these two features, use an HTTP proxy. - Check the Proxy User Name and Password. Ensure that you type the correct entries.
