Failed to communicate with the online licensing service due to missing Trusted Root CA

In extra cases, you might get the "Failed to communicate with the online licensing service" error even when all the requirements from the Online protection tips article are met. The issue could be caused by missing Trusted Root Certification Authority on the used machine.

 

Symptoms

There is no "Go Daddy Root Certificate Authority - G2" line in the Trusted Root Certification Authorities - Certificates section of Certificate Manager (certmgr.msc).

 

Also, after collecting AInfo report it is possible to find an entry like

Online licensing error: f73967e8ce6dd8b55eb17e955eb17e9, 0x0000 0x0003 0x0023

 in the NetworkServer.log file.

 

Cause

When the Trusted Root Certification Authority of GoDaddy is missing on a certain machine, it leads to the revocation check problem while establishing the SSL connection with ABBYY Licensing Server. As a result, Online license cannot work on that machine.

 

Resolution

To resolve the issue, please try to add the missing CA with the CertMgr.exe utility:

1. Get the certificate files from ABBYY sites (https://license-cloud.abbyy.com/heartbeat and account.abbyy.com). For example, in Google Chrome you may do the following:

  • Click the Secure button (a padlock) in an address bar.
  • Click the Show Certificate button.
  • Go to the Details tab.
  • Click the Export button.
  • Save the certificate to a file (for example, using license-cloud.cer as a filename)

2. Install CertMgr.exe as a part of Windows 10 SDK (download) or download the utility directly from ABBYY Share: https://share.abbyy.com/index.php/s/ii8N596HCm86gfm 

3. Run the command prompt or Powershell in Administrator mode (cmd.exe - right click - Run as Administrator) and run the following command:

CertMgr.exe -add license-cloud.cer -s -r localMachine root

In case you get the "Failed to save to the destination store" error after executing a command, the following article might help: https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/0302488e-eb00-4385-92b8-f06317b586dc/certmgrexe-install-thrusted-publisher-certificate-problem?forum=windowssdk 

4. After adding the certificate with CertMgr.exe, open Certificate Manager (Run - certmgr.msc) and see if GoDaddy appeared in the Trusted Root Certification Authority list:



5. Run the 

certutil -verify -urlfetch license-cloud.cer 

command. There should be a line "Leaf certificate revocation check passed" at the end of the command output which means certificate checking has been passed successfully.

Was this article helpful?

3 out of 3 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Recently viewed