License upgrade is a smooth and easy process. There are a few predictable cases where you may come across some problems. Use this section to solve those license upgrade problems.In This Section Error: “License version might be not compatible” SecureKnowledge solution sk30478
Symptoms
• Error: Warning: Can't find .... in cp.macro. License version might be not compatible
• Error occurs with commands such as cplic print, cpstop, cpstart, and fw ver.
• The error occurs when a license upgrade is performed before a software upgrade.
The error appears in any situation where a licensed version is not compatible with the version installed on a machine, for example, an NGX license on an NG machine.
Cause
License on the target machine was upgraded to NGX before the software was upgraded
from a previous NG version to NGX.
Error: “License version might be not compatible”
Evaluation Licenses Created in the User Center
Evaluation Licenses Not Created in the User Center
Licenses of Products That Are Not Supported in NGX
License Enforcement on Module is now on Management
License Not in Any Of Your User Center Accounts
User Does Not Have Permissions on User Center Account
SKU Requires Two Licenses in NG and One License in NGX
SmartDefense Licenses
License Upgrade Partially Succeeds
Upgraded Licenses Do Not Appear in the Repository
Cannot Connect to the User Center
Troubleshooting License Upgrade
If the license upgrade is performed before the software upgrade, Check Point products
will generate warning messages until all the software on the machine has been
upgraded. Refer to “License Upgrade Methods” on page 25 to determine the upgrade
path that best applies to your current configuration.
Resolution
Upgrade the software to version NGX. Errors will not appear after the upgrade.
Note that these errors do not affect the functionality of the version NG software.
Evaluation Licenses Created in the User Center
Symptoms
User Center message (Error code: 106):
Cause
Evaluation licenses are not entitled to a license upgrade.
Resolution
Evaluation licenses cannot be upgraded. If you don’t need the evaluation license, delete
it. If you do need it, contact Account Services at US +1 817 606 6600, option 7 or
e-mail AccountServices@ts.checkpoint.com.
Evaluation Licenses Not Created in the User Center
Symptoms
User Center message (Error code: 151):
Cause
These evaluation licenses do not exist in the User Center. Evaluation licenses are not
entitled to a license upgrade.
An evaluation license can be identified by examining the license string. Evaluation
licenses may contain one of the following strings in the Features description:
CK-CP
or
No license upgrade is available for evaluation product.
Your license contains a Certificate Key (CK) which is not found in
User Center.
Licenses of Products That Are Not Supported in NGX
Chapter 2 Upgrading VPN-1 Pro/Express Licenses 39
CK-CHECK-POINT-INTERNAL-USE-ONLY
Resolution
Evaluation licenses cannot be upgraded. If you don’t need the evaluation license, delete
it. If you do need it, contact Account Services at US +1 817 606 6600, option 7 or
e-mail AccountServices@ts.checkpoint.com.
Licenses of Products That Are Not Supported in NGX
Symptoms
User Center Message (Error code: 154):
Cause
VPN-1 Net and VPN-1 SmallOffice are not supported in NGX. Therefore, if an
attempt is made to upgrade the license for these products, the User Center generates an
error message. The affected SKUs are:
VPN-1 Net Family SKUs: CPVP-VNT and LS-CPVP-VNT families
SmallOffice family SKUs: CPVP-VSO and LS- CPVP-VSO families
Resolution
Contact Account Services at US +1 817 606 6600, option 7 or e-mail
AccountServices@ts.checkpoint.com.
License Enforcement on Module is now on Management
Symptoms
User Center Message (Error code: 132):
Cause
The enforcement of NG module features is now performed by the NGX management.
For example, the licensing model of QOS (formerly FloodGate-1) for VPN-1 Express
was changed in NGX, and VPN-1 Express NGX modules with QoS require an
This product is not upgradeable to NGX version and therefore a
license upgrade is not needed. The product continues to be
supported in its NG Release
The license enforcement of NG gateway is now performed by the NGX
management server. Perform Change IP operation in User Center and
install the NGX license on the management server
Troubleshooting License Upgrade
40
appropriate license to be installed on the management. License Upgrade in this scenario
is not handled automatically by the license upgrade. The affected SKU family for QoS
is: CPXP-QOS
Resolution
If you have an NG Express gateway with a QoS (FloodGate-1) license, and in any other
case where this problem occurs, proceed as follows:
1 Perform a license upgrade at the User Center web site to generate a new license.
2 Install the new, upgraded license on the NGX management machine (even if you
do not upgrade the gateway).
3 Upgrade the gateway.
4 Delete the unneeded license from the gateway in one of two ways:
• Run the command line command at the gateway:
cplic del
• Using SmartUpdate, select the unneeded license, Detach it, and then Delete it.
License Not in Any Of Your User Center Accounts
Symptoms
User Center Message (Error Code 17):
Cause
This specific license does not exist in any of the accounts that belong to this user.
Resolution
Run the tool again with the appropriate username.
Note that each time you run the tool with a different username, upgraded licenses from
the User Center are added to a cache file located on your machine. This file contains
the successfully upgraded licenses from previous runs.
If the partially successful license upgrade was performed via the Wrapper, then after the
Wrapper has finished, run the license upgrade again via the command line, with the
appropriate username.
This license is not in any of your accounts. Run the license
upgrade again with the username that owns this license in the User
Center.
User Does Not Have Permissions on User Center Account
Chapter 2 Upgrading VPN-1 Pro/Express Licenses 41
User Does Not Have Permissions on User Center Account
Symptoms
User Center Message (Error Code 19):
Cause
This user is not authorized to change this license in the User Center.
Resolution
Run the tool again with the appropriate username.
Note that each time you run the tool with a different username, upgraded licenses from
the User Center are added to a cache file located on your machine. This file contains
the successfully upgraded licenses from previous runs.
If the partially successful license upgrade was performed via the Wrapper, then after the
Wrapper has finished, run the license upgrade again via the command line, with the
appropriate username.
SKU Requires Two Licenses in NG and One License in NGX
Symptoms
User Center Message (Error code: 135):
Cause
The NG version of SecureClient requires two licenses: one license for the module and
one for the management. In NGX only the management license is needed. The module
license (CPVP-VPS-1-NG) is no longer needed because it is incorporated in the
VPN-1 Pro license. The relevant SKU families are:
• CPVP-VSC,
• LS- CPVP-VSC,
• CPVP-VMC,
• LS-CPVP-VMC,
• CPVP-VSC-100-DES-NG
This license is in your account but you are not authorized to
upgrade licenses in this account because you have just view-only
permissions. Run license upgrade again with a username that is
authorized to change the license in the User Center.
This license is no longer needed in the version you are upgrading
to. It can be safely removed from the machine after the software
upgrade.
Troubleshooting License Upgrade
42
Resolution
After the software upgrade, delete the unneeded module license from the machine. Do
this in one of two ways:
• Using the command line: Run
cplic del
• Using SmartUpdate: Select the unneeded license, Detach it, and then Delete it.
SmartDefense Licenses
Symptoms
User Center Message (Error code: 902):
Cause
In NGX, enforcement of SmartDefense licenses is handled by the User Center. The
SKU families for which this issue is relevant are SU-SMRD and SU-SMDF.
Resolution
Delete the unneeded license from the machine.
License Upgrade Partially Succeeds
Symptoms
License upgrade fails for some of the licenses but succeeds for others.
Cause
License upgrade may fail for some licenses and succeed for others. A license may fail to
upgrade for a number of reasons. For example, you may not have an Enterprise
Subscription contract for these licensed product. See some of the other items in
“Troubleshooting License Upgrade” on page 37 for more reasons why license upgrade
may fail.
Resolution
After solving all or some of the licensing problems referred to in the error log, run the
license_upgrade tool. This will upgrade the licenses for which the problem has been
solved.
The tool can be found in one of the following locations
• On the CD at
SmartDefense License is not needed on the gateway.
Upgraded Licenses Do Not Appear in the Repository
Chapter 2 Upgrading VPN-1 Pro/Express Licenses 43
• In the Check Point Download site at
http://www.checkpoint.com/techsupport/ngx/license_upgrade.html.
When the license_upgrade tool is run several times, the results are cumulative. This
means that if the upgrade of some licenses failed and the tool is run again:
• Licenses that were successfully upgraded to NGX remain unchanged.
• Licenses that failed to upgrade in a previous run and were now successfully
upgraded, are added to the machine.
For example, if the upgrade of a license failed because there was no Enterprise Software
Subscription contract for the licensed product, purchase Software Subscription for those
products and then run the tool again to fetch the new licenses from the User Center
Web site to the machine.
Upgraded Licenses Do Not Appear in the Repository
Symptoms
Upgraded license does not appear in the SmartUpdate Repository. However, the
license_upgrade tool log indicates that the license upgrade succeeded.
The license upgrade was performed on the NGX machine, after the software upgrade
to NGX.
Cause
The file with the upgraded licenses that was fetched from the User Center cannot be
imported into the SmartUpdate Repository while SmartUpdate is open.
Resolution
Close any SmartUpdate GUI client that is running, and run
license_upgrade import -r
This imports the upgraded licenses into the SmartUpdate Repository.
Cannot Connect to the User Center
Symptom
Failed to connect to the User Center.
Cause
Access to port HTTPS-443 is not allowed through the firewall. Access to the User
Center requires this port to be open.
Troubleshooting License Upgrade
44
Resolution
Open port HTTPS-443 in the firewall.
For example, in a deployment with one main firewalled gateway, and other gateways for
branch offices within the organization, open HTTPS-443 in the main gateway for all
the branch office gateways behind it.
No comments:
Post a Comment