Troubleshoot Regional CCM Server License Validation Warning in CPNR

Available Languages

Download Options

  • PDF     (227.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (300.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (171.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 2, 2020
Document ID:216090

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the steps to troubleshoot the “Regional CCM server cannot validate license“ error in Cisco Prime Network Registrar (CPNR).

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • CPNR
    • Linux

    Components

    The information in this document is based on CPNR 8.x and above.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Problem

    Starting from release 8.0 onwards, CPNR provides separate licenses for Central Configuration Management (CCM), Authoritative Domain Name System (DNS), Caching DNS, Dynamic Host Configuration Protocol (DHCP), and IP Address Management (IPAM) services or for combinations of these services.

    Whenever you log into a regional or local cluster, the overall licensing status of the system is checked.

    If there are any violations, you will be notified of the violation and the details. This notification is done only once for each user session.

    In addition, you will be able to see a message on each page indicating the violation.

    On the Local CPNR GUI, these are the warning messages that will pop-up on the right bottom for such license violation: License Compliance: Regional CCM server cannot validate licenses.

    Also, when you log to nrcmd from CLI, these warning messages will be observed.

    ./nrcmd 
    101 ok, with warning
    Regional CCM server cannot validate licenses.

    These error messages can be seen on the log (config_ccm_1_log) from the affected local server in the cluster.

    Log file location is /var/nwreg2/local/logs/

    config_ccm_1_log:04/25/2020 18:30:58 config/ccm/1 Info Server 0 06244 conn(0x3a33): Regional CCM server cannot validate licenses.
    config_ccm_1_log:04/25/2020 18:30:58 config/ccm/1 Info Server 0 06244 conn(0x3a33): Regional CCM server cannot validate licenses.
    04/25/2020 21:04:21 config/ccm/1 Warning Server AX_ETIMEDOUT 06529 Failed to connect to regional with address 10.yy.yy.yy:1244 for license utilization reporting.
    04/26/2020  1:04:21 config/ccm/1 Warning Server AX_ETIMEDOUT 06529 Failed to connect to regional with address 10.yy.yy.yy:1244 for license utilization reporting.

    Troubleshoot

    Network Communication

    • Open the ports (1234 and 1244) in the firewall for communication to happen between Local and Regional server.

    This file can be checked in order to find if there are any other alternative ports configured in the environment for this communication between Local and Regional. Based on that, the network can be checked for the ease of communication.

    # more /opt/nwreg2/local/conf/cnr.conf  | grep -i ccm
    cnr.regional-ccm-port=1244
    cnr.ccm-port=1234
    cnr.ccm-mode=local
    #
    • Check if the ports are listening.
    #netstat -an | grep -i 1234
    #netstat -an | grep -i 1244
    • Perform a packet capture in the local server’s CLI in order to analyse the capture with the use of the Wireshark tool when you register the local to regional for licenses.
    #tcpdump -i any host x.x.x.x -w /license-registration.pcap

    where x.x.x.x would be the regional server IP Address.

    Time Sync

    If the time is not in sync between local and regional servers, both cannot communicate with each other. Ensure that the time skew is not more than 5 mins.

    Ensure that both Local and Regional servers are synced to a common Network Time Protocol (NTP) server in order to avoid timesync issues.

    These commands can be used to check the time sync and NTP service status at Local and Regional respectively.

    • date
    (Regional)
    # date
    Sun Aug  9 17:20:57 IST 2020
    (Local)
    # date
    Sun Aug  9 17:21:20 IST 2020
    • ntpq -p 
    # ntpq -p
    remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
     NTP-SERVER-1 .INIT.          16 u    - 1024    0    0.000    0.000   0.000

     NTP-SERVER-2 .INIT.          16 u    - 1024    0    0.000    0.000   0.000
    #
    • /etc/init.d/ntpd status
    # /etc/init.d/ntpd status
    ntpd (pid  23736) is running...
    • strace ntpq -pn ::1|& grep -i conn
    # strace ntpq -pn ::1|& grep -i conn
    connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
    connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
    connect(3, {sa_family=AF_INET6, sin6_port=htons(123), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
    #

    NTP Service Issues

    These outputs are examples of an NTP services non-working scenario.

    • ntpq -p
    # ntpq -p
    ntpq: read: Connection refused
    • /etc/init.d/ntpd status
    # /etc/init.d/ntpd status
    ntpd is stopped

    Trace the NTP connection.

    • strace ntpq -pn ::1|& grep -i conn
    # strace ntpq -pn ::1|& grep -i conn
    connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
    connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
    connect(3, {sa_family=AF_INET6, sin6_port=htons(123), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
    recvfrom(3, 0x7fffb9091bf0, 512, 0, 0, 0) = -1 ECONNREFUSED (Connection refused)
    write(2, "Connection refused\n", 19Connection refused

    This command can be used to restart the NTP services. 

    • /etc/init.d/ntpd restart
    # /etc/init.d/ntpd restart
    Shutting down ntpd:                                        [FAILED]
    Starting ntpd:                                                     [  OK  ]
    #

    Re-registration

    • Re-register the local server to the Regional server for the license with the use of this command.
    /opt/nwreg2/local/usrbin/nrcmd -L -N admin -P password
    license register cdns 10.xx.xx.xx 1244

    Credential Check

    Verify the Admin name, password and port information provided in the Operate > Manage Clusters > Local host are correct in the Regional server GUI.

    Verify

    • Login to GUI, you see that the warning message pop-up will no more be available.
    • Access nrcmd and verify that the warnings do not appear again.

    Related Information

    TAC Authored

    Contributed by Cisco Engineers

    • Annangarachari R
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products