Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Database Performance Analyzer (DPA) > DPA online activation requirements

DPA online activation requirements

Table of contents

 

Overview

For a sync to the DPA license server to be possible as online activation, the DPA server must be able to establish communication with the SolarWinds license server. This article outlines the items needed for this communication.
 

Note: There are many environmental factors that may come into play depending on environment security. Proxy servers and firewalls on your environment are outside of the scope of support. 

Environment

All DPA versions later than 9.0

Detail

  • Communication to the license server must be open from the DPA application server to licenseserver.solarwinds.com and port 443 is used (https://licenseserver.solarwinds.com/licensing/larws3.svc). This is in the default trust store for DPA but also needs to exist on any proxy server and if the trust store was replaced in DPA, the certificate trust must exist in the Java trust store.
  • The GeoTrust certificate can be retrieved from https://licenseserver.solarwinds.com...ing/larws3.svc or from the standard Java trust store that is shipped with DPA ([DPA Home]/iwc/jre_linux/lib/security/cacerts).

 

If the trust store was changed and you are not able to sync licenses, it may require reimporting:

  1. Run the following command:
    openssl version
    It should return something like this:
    OpenSSL 1.0.1f 6 Jan 2014
  2. Run the following commands:
    • echo -n | openssl s_client -connect licenseserver.solarwinds.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > swilicense.crt
      This will export the SolarWinds licensing server certificate to a current directory and file swilicense.crt
    • [dpa home]/iwc/jre_linux/keytool -importcert -keystore /home/jan/dpa_9_5_306/iwc/tomcat/conf/.keystore -file swilicense.crt
      This will prompt for a keystore password and confirmation if you want to trust the certificate. Enter the password and select yes to accept the certificate.
  3.  Restart DPA.

If more troubleshooting is needed the logging level can be increased with the following steps:

a. Update file <installation_folder>/iwc/tomcat/webapps/iwc/WEB-INF/classes/log4j.xml.
b. Backup the file before modifying it, so it can be easily restored to original configuration.
c. Add new logger & appender to the file (will contain communication with license server)
<logger name="org.apache.axis.transport.http.HTTPSender">
<level value="DEBUG"/>
<appender-ref ref="axisLogger"/>
</logger>
<appender name="axisLogger" class="org.apache.log4j.FileAppender">
<param name="File" value="logs/axis.log" />
<param name="MaxFileSize" value="20480KB"/>
<param name="MaxBackupIndex" value="10"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p [%c] %m%n" />
</layout>
</appender>


d. Update level value for following loggers to TRACE (will log additional details to license & gen3 log files)
<logger name="com.solarwinds.licensing">
<logger name="com.confio.license.audit" additivity="false">

e. Save the file and restart DPA.

 
 

 

Last modified
23:08, 9 Apr 2017

Tags

Classifications

Public