Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Error installing license key. Please check if it is a valid key

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Error installing license key. Please check if it is a valid key

L2 Linker

Techs,

 

I am building a OSS device in parallel to the production one. While uploading the Apps and Threat DB manually I was getting a license error. Hence I tried to install the Apps and Threat license I am getting the error "Error installing license key. Please check if it is a valid key ". I have downloaded the key from paloalto portal itself, its a *.key file. 

 

This device is not connected to the Internet. 

 

How can I fix this license issue?

 

Regards,
Sabin

1 accepted solution

Accepted Solutions

hi @sabi4evr_com 

 

you can't put licences on an OSS device as it is designed to be  'swap in place and adopt licences from donor', you need to make sure you download the apps-only version of the content file, it will be named something like panupv2-all-apps-xxxx-xxxx

 

that will install flawlessly on the OSS and then you can go ahead with the PAN-OS upgrade

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

8 REPLIES 8

Community Team Member

Hi @sabi4evr_com ,

 

You can keep your OSS uptodate as explained here :

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltxCAC

 

As for licensing the OSS ... when the production device fails you'll have to transfer the licenses from the production device to the OSS :

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNMCA0

 

Hope it helps !

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi Kiwi,

 

I was following the same link you have posted. Now the OSS PAN OS version is 8.0.0. As per the upgrade path I have to flash this with PanOS_3000-8.0.0. While flashing it gives me the error related to 'required a content version of 769 or greater and found 695-42002'. 

 

Hence I have downloaded the 'dynamic updates' from the portal named 'panupv2-all-contents-8214-5792'. But while installing the contents its giving me the error code 'no valid threat prevention license'.

 

To fix this error, I am trying to install the licenses that I downloaded from portal in *.key format. But resulting in the subject error.

 

Note: This is a new OSS device, and currently its not connected to the Internet. I am trying to make the OSS PAN OS Version as similar to the production one so that I can import and export other settings from live to OSS.

 

 

Thanks,

Sabin

L2 Linker

I have tried inputting authorization code as well instead of uploading the license file. Getting error "Failed to fetch licenses.

 

pa.png

 

@OtakarKlier 

@VincentPresogna 

@reaper 

 

Gents, any help would be much appreciated. Thanks in advance.

 

hi @sabi4evr_com 

 

you can't put licences on an OSS device as it is designed to be  'swap in place and adopt licences from donor', you need to make sure you download the apps-only version of the content file, it will be named something like panupv2-all-apps-xxxx-xxxx

 

that will install flawlessly on the OSS and then you can go ahead with the PAN-OS upgrade

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

hi @reaper 

A big thank you. 

I followed your advice, finally I flashed the OSS properly and is version is now parallel to the production. 

 

hi @reaper 

 

Just to make sure I am correct. So, during the failure of the production unit I have to import the latest 'Import named configuration snapshot' available to the OSS unit and activate the licenses.. Correct?

 

Once the snapshot is imported to OSS, will the OSS unit have all the policies, objects and network information as similar to the production one?

 

Is it advisable to flash import the 'Import named configuration snapshot' to OSS now? Will the OSS unit conflict with the production one?

@sabi4evr_com if you want the OSS to be a "hot" unit, you can already put a recent configuration onto it. You will need to disconnect its interfaces as it will else cause IP conflicts with your production

 

The usual procedure when your production firewall fails is to initiate a replacement from the support portal, this will transfer all your licenses to the OSS 

Then, on the oss, fetch the licenses, initiate a content update and import and load your names config backup, then commit the change and hook up your device to the network/enable its interfaces (you could put all seitchports in "shut" until you  need to do this, and un"shut" them)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

thank you @reaper 

Much appreciated for all the inputs.

  • 1 accepted solution
  • 10737 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!