Error "License Manager SSL connection failed Please check your Internet connection and DNS settings"

03/26/2020 24 15588

DESCRIPTION:

Logs show the following error message: "License Manager SSL connection failed - Please check your Internet connection and DNS settings."

RESOLUTION:

You might encounter situations when the SRA cannot contact the license manager server. This can cause registration issues or problems with the licenses not being synchronized correctly. This KB article outlines some steps you can follow that may help to isolate and solve this kind of issues:

1. Verify that the IP address of the default gateway and the selected outgoing interface are correct from Network > Routes > Default IPv4 Gateway. You can test the connection by pinging the default gateway from System > Diagnostics > select Ping and type the IP address of your default gateway. Also from Network > Routes, check that there is not a static route created that could be routing that traffic through an undesired path.

2. Check that the DNS settings of the SRA are correct inside Network > DNS. The SRA must be able to communicate with the configured DNS servers. You can test the connection by pinging the DNS servers following the same steps described above. Also, verify that the SRA is able to resolve the URL licensemanager.sonicwall.com by going to System > Diagnostics > select DNS Lookup and type “licensemanager.sonicwall.com”.

3. Verify that the SRA is able to communicate with the license manager using the port TCP 443 by going to System > Diagnostics > select TCP Connection Test and type “licensemanager.sonicwall.com:443”. Connection should succeed. If the connection fails check that the connection is not being blocked by a firewall located upstream.

4. If you are still getting the same error message, even when the TCP connection is not being blocked by an upstream firewall, check that the size of RSA public key of the SRA certificate is at least 2048 bits. SonicWall License Manager no longer supports 1024-bit RSA certificates. If you are using an old firmware version and the self-signed certificate uses a 1024-bit public key, upgrading to a current firmware version should solve the issue.