Problem:
After the completion of installation of ShadowProtect from Kaseya console,the ShadowProtect UI displays license as trial or license as expired
The ksbr>application logging in kaseya has an entry right after the installation time displaying 'unable to communicate with the Storagecraft activation server'
Once the trial period is complete, the backup will start showing up as failed in Kaseya.
Manual attempt from kaseyasupport to activate the license results with an error message like shown below
Cause:
ShadowProtect needs to communicate with the MSP activation server to activate its license. This process rarely causes problems. However, if a problem does occur, the most likely cause is a network-related issue. ShadowProtect always tries to capture the resulting Windows error message and report it to the user. In a few cases, the error message (such as above) appears without details for troubleshooting. To proceed, examine these potential causes:
No network connection
Client-based firewall blocking access
Network firewall blocking access
Router/AV packet filtering
Proxy configuration
Resolution:
Please ensure to go through these below articles as well
https://helpdesk.kaseya.com/entries/105235006-Shadowprotect-license-becomes-deactivated
http://www.storagecraft.com/support/kb/article/38
No network connection
The network could be down or the network adapter disabled. not running, or failing.
How to test the Network Connection:
- Ping another machine on the same subnet.
- If that works, ping a known good IP address on the internet, e.g. ping 8.8.8.8.
- If that works, test DNS resolution by pinging a URL address, e.g. ping google.com
- Finally, use tracert to verify network connectivity to the activation server: tracert <199.101.231.169>
Client-based firewall blocking access
A client-based firewall (such as the Windows Firewall) may block outbound HTTP traffic to the activation server. This may occur with a new OS install or later on. Although an initial configuration of the firewall may permit such traffic, subsequent firewall software patches/updates may lead to restrictions on outbound traffic. Thus clients may have had no issues with activation for a number of months, then suddenly stop working.
How to test firewall access:
- Check the firewall logs. Note if the firewall blocks traffic to or from the ShadowProtect Service on the client. If necessary, reconfigure the firewall to accept inbound and outbound traffic to or from this service.
- Test the firewall by temporarily disabling it. Retry the activation. If the activation succeeds, re-enable the firewall.
NOTE: This is only recommended if the machine is on a private subnet and not directly connected to the Internet.
Secondary firewall elsewhere on the network
Most sites will have at least one other firewall between their private subnet and the Internet. These firewalls normally pass HTTP traffic without issue. However, it is possible that they are configured to block certain types of traffic.
How to Test for a secondary firewall:
- Check the Firewall logs for any blocked traffic.
- Check firewall/router for any ACL's or similar restrictions.
Router/AV packet filtering
Some sites for security employ packet filtering between subnets using a standalone router or an AV product service that provides router services. If the product detects packets that contain data that matches common virus signatures, the product drops the packet(s) or blocks the traffic. An overly aggressive filter may detect a false positive on ShadowProtect’s benign activation request.
How to Test for a secondary firewall:
- Check the Firewall logs for any blocked traffic.
- Check firewall/router for any ACL's or similar restrictions.
Proxy Configuration:
Some sites redirect traffic from a client to a Proxy server. This includes traffic from ShadowProtect. A client machine can be configured to only use a Proxy in certain situations, such as for certain applications. On 64-bit machines, it is also possible to correctly configure the proxy settings (server hostname and port) for 64-bit applications or services and not for 32-bit ones like ShadowProtect.
How to test for Proxy Configurations.
- Open up the ShadowProtect Console (UI).
- Select Options > Agent Options and review the Agent NT Service Options section. The MSP version of ShadowProtect shows two Proxy-related fields (Proxy Server name and Proxy port). If a Proxy is in use for this client, ShadowProtect displays these values. If these values are missing or incorrect, use the appropriate Windows command line tool to modify them.
- On Windows Server 2008, Windows 7, or newer versions of the OS, use NETSH (set proxy option) from the System32 folder.
- On older OS versions, use the PROXYCFG tool.
- On 64-bit versions of Windows, ONLY use the 32-bit version of NETSH found in the Windows\SysWOW64 folder.
- On systems where the proxy settings are defined within a Group Policy, edit the settings within Internet Explorer Maintenance (IEM).
Example screenshot for proxy configuration
REFERENCE:
http://www.storagecraft.com/support/kb/article/280