Failed to activate AV Vendor license with error message "The license did not download (status=-14500)" using Content Analysis
Fail to activate and download AV license, a License Download Failure pop up with following message:
The license did not download (status=-14500)
At the CAS management console, go to System > Licensing, the Base License component status is Active and Sandboxing component is available, whereas Antivirus component is unavailable as shown in figure below:
Command line show licenses show AV license status as unknown
CAS# show licenses
* Base license
Kaspersky Labs (unknown)
McAfee, Inc. (unknown)
Sophos, Plc. (unknown)
* Sandboxing
File Reputation (unknown)
Cylance (unknown)
Internet access is available however, packet capture shows SSL alert handshake failure (40) on following URLs.
device-services.es.bluecoat.com
subscription.es.bluecoat.com
Note: Wireshark Display Filter is ssl.alert_message.desc == 40
Noticed repeated Error message in clp_services.log (Go to Utilities > System Logs > Click the magnifier icon to View)
Error Message Keywords in clp_services.log
Error Message Example:
[main] ERROR com.bluecoat.clp.license.ClpLicenseManager- LIC_MGR: validateLicenseFile: License file DOES NOT exist.
[main] ERROR com.bluecoat.clp.license.ClpLicenseManager- Error initializing license data
localhost ErrorCode=-14203: ErrorMessage=license is not installed
[Thread0.7023404319999382] WARN com.bluecoat.clp.downloadservice.DownloadThread- Executing head request failed with SSLPeerUnverifiedExceptionDownloadResponse: URI = https://subscription.es.bluecoat.com/whitelisting/license?device=<serial number>, StatusCode = 0, StatusMessage = null, ReasonMessage = null, AmountDownloaded = 0, DownloadDate =, CurrentlyDownloading = false, StartTime = null, EndTime = null, RequestToken = null, ETag = null
[Thread0.7946303028211905] WARN com.bluecoat.clp.downloadservice.DownloadThread- Executing head request failed with SSLPeerUnverifiedExceptionDownloadResponse: URI = https://device-services.es.bluecoat.com/licensing/lkf.cgi, StatusCode = 0, StatusMessage = null, ReasonMessage = null, AmountDownloaded = 0, DownloadDate = , CurrentlyDownloading = false, StartTime = null, EndTime = null, RequestToken = null, ETag = null
localhost javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Solution provided was to acquire factory certificate by performing CLI command via SSH:
CAS# acquire-factory-certificate
writing RSA key
Certificate was added to keystore
Success
[CAS Versions (2.x) use CAS# request-appliance-certificate]
CAS# request-appliance-certificate
ok
After that, able to activate AV engine and download pattern.