Issue Plesk licence key update failed (Network failure / Couldn't resolve host name)

[Dukemaster]

Hi at all
Since several months (update Ubuntu to 16.04 by provider or changing hostname of my server!!!!) my Plesk licence key couldn't updated only manual. This time I want to repair it instead.

Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-25 13:39 CEST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for keys.odin.com (52.29.203.196)
Host is up (0.0040s latency).
PORT     STATE SERVICE
5224/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds
root@server:~# ^C

# telnet keys.odin.com 5224
Trying 52.29.203.196...
Connected to keys.odin.com.
Escape character is '^]'.
Connection closed by foreign host.

~# traceroute keys.odin.com
traceroute to keys.odin.com (52.29.203.196), 64 hops max
  1   10.255.255.253  0.317ms  *  0.324ms
  2   195.20.243.93  0.347ms  *  0.401ms
  3   195.20.243.40  9.512ms  2.098ms  0.644ms
  4   212.227.120.19  19.655ms  2.886ms  13.775ms
  5   80.81.194.152  3.262ms  3.230ms  3.251ms
  6   *  *  *
  7   *  *  *
  8   54.239.5.132  5.023ms  3.963ms  4.870ms
  9   *  *  *
 10   *  *  *
 11   *  *  *
 12   *  *  *
 13   *  *  *
 14   *  *  *
 15   *  *  *
 16   *  *  *
 17   *  *  *
 18   *  *  *
 19   *  *  *
 20   *  *  *
 21   *  *  *
 22   * ^C

/opt/psa/admin/logs/panel.log

[2017-08-24 06:25:23] ERR [panel] KeyUpdate Result desc: cURL cannot communicate with license server https://ka.plesk.com:5224/xmlrpc (195.214.233.80): Server returned nothing (no headers, no data)(52)
cURL cannot communicate with license server https://ka.plesk.com:5224/xmlrpc (): Couldn't resolve host name(6)

[2017-08-24 06:25:23] ERR [panel] KeyUpdate Result additional information: cURL verbose output:
*   Trying 195.214.233.80...
* Connected to ka.plesk.com (195.214.233.80) port 5224 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
> SSL data removed for security reason* TLSv1.2 (OUT), TLS handshake, Client hello (1):
> SSL data removed for security reason< SSL data removed for security reason* TLSv1.2 (IN), TLS handshake, Server hello (2):
< SSL data removed for security reason< SSL data removed for security reason* TLSv1.2 (IN), TLS handshake, Certificate (11):
< SSL data removed for security reason< SSL data removed for security reason* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
< SSL data removed for security reason< SSL data removed for security reason* TLSv1.2 (IN), TLS handshake, Server finished (14):
< SSL data removed for security reason> SSL data removed for security reason* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> SSL data removed for security reason> SSL data removed for security reason* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> SSL data removed for security reason> SSL data removed for security reason* TLSv1.2 (OUT), TLS handshake, Finished (20):
> SSL data removed for security reason< SSL data removed for security reason* TLSv1.2 (IN), TLS change cipher, Client hello (1):
< SSL data removed for security reason< SSL data removed for security reason* TLSv1.2 (IN), TLS handshake, Finished (20):
< SSL data removed for security reason* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*     subject: OU=Domain Control Validated; OU=PositiveSSL; CN=ka.plesk.com
*     start date: Mar 28 00:00:00 2017 GMT
*     expire date: Mar 27 23:59:59 2020 GMT
*     issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*     SSL certificate verify ok.
> SSL data removed for security reason> POST /xmlrpc HTTP/1.1
Host: ka.plesk.com:5224
Accept: */*
Content-Type: text/xml
Content-Length: 30752

> Data removed for security reason> SSL data removed for security reason> Data removed for security reason< SSL data removed for security reason* TLSv1.2 (IN), TLS alert, Client hello (1):
< SSL data removed for security reason* Empty reply from server
* Connection #0 to host ka.plesk.com left intact

cURL verbose output:
* Could not resolve host: ka.plesk.com
* Closing connection 0

[2017-08-25 06:25:23] ERR [panel] KeyUpdate Result code: 2 Network failure

[2017-08-25 06:25:23] ERR [panel] KeyUpdate Result desc: cURL cannot communicate with license server https://ka.plesk.com:5224/xmlrpc (195.214.233.80): SSL connect error(35)
cURL cannot communicate with license server https://ka.plesk.com:5224/xmlrpc (): Couldn't resolve host name(6)

[2017-08-25 06:25:23] ERR [panel] KeyUpdate Result additional information: cURL verbose output:
*   Trying 195.214.233.80...
* Connected to ka.plesk.com (195.214.233.80) port 5224 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
> SSL data removed for security reason* TLSv1.2 (OUT), TLS handshake, Client hello (1):
> SSL data removed for security reason* Unknown SSL protocol error in connection to ka.plesk.com:5224
* Closing connection 0

cURL verbose output:
* Could not resolve host: ka.plesk.com
* Closing connection 0

 

[AYamshanov]

Hi,

Why do you check "keys.odin.com"? I see "ka.plesk.com (195.214.233.80)" and port 5224 in panel.log
cURL cannot communicate with license server https://ka.plesk.com:5224/xmlrpc (): Couldn't resolve host name(6)

 

[Dukemaster]

Hi @AYamshanov,
thanks for answering. I only followed suggestions on internet by people with the same problem. Perhaps they are old or crazy.
But I think to know how my problem occurred.
I made my server new end of april or beginning of may. 1and1 had a new image "Ubuntu 16.04 with Plesk Onyx (instead my old 14.04 with Plesk 12.5).
But they made a lil mistake. However they installed the webadmin image. I asked 1and1 support how to solve the problem. They send me a license key to get webhosting edition which I used for exactly 11 years now, I only changed the servers after 4 years to newer ones by other contracts.
It was the first time that I received such a license key, because usually the key is pre-installed and there was never a problem with it. I always used standard images (Suse, later CentOS and since ~3 years Ubuntu).
Then I entered the correct (new) licence key and hereby the webhosting edition. Everything seemed to be resolved. But it wasn't !
By the first day with the new image none renew/update of licence key was possible.
That's the story. It has to do with the post-installed (new) key. The update system seems not to know about the changed key after installation in April. A little error around this, I guess.

Greets

 

[AYamshanov]

Dukemaster, did you check connectivity with ka.plesk.com (195.214.233.80) and port 5224 as you check keys.odin.com above? I think it can help understand the root of the issue.

 

[Dukemaster]

Hi @AYamshanov ,
you mean:

root@server:~# nslookup ka.plesk.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   ka.plesk.com
Address: 195.214.233.80

root@server:~# nmap -P0 -p5224 ka.plesk.com

Starting Nmap 7.01 ( Nmap: the Network Mapper - Free Security Scanner ) at 2017-08-28 11:30 CEST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for ka.plesk.com (195.214.233.80)
Host is up (0.028s latency).
PORT     STATE SERVICE
5224/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds

But what shall I do now?
I use fail2ban since 2 months and when I open my Thunderbird my own IP will be blocked. I have to disable Plesk firewall over sercon console. I never used fail2ban all the years, no experience with it. Think I have to white list my own network, but dsl Ip is dynamic never had a dyndns.
Greets

 

[Dukemaster]

sorry @AYamshanov

root@server:~# telnet ka.plesk.com 5224
Trying 195.214.233.80...
Connected to ka.plesk.com.
Escape character is '^]'.
Connection closed by foreign host.

 

[Dukemaster]

Hi @AYamshanov ,
since yesterday I know what happens. I wanted to identify my license over shell. But it is impossible. Then I (re-)installed the activation key from my provider.
BUT again the license is not identified. No result by

plesk bin license -c

Please remember, they installed not the correct interface (web admin instead of webhosting) in end of March or early April this year. They put this new Ubuntu 16.04 image on running system Ubuntu 14.04. I was happy by realizing the new image one or two weeks later. And I installed it. Then they send my the new key via email.
And this might be the reason. I think there is a kind of disharmony in realization of this second-hand license-key which I installed afterwards on the system. Or it's the usual agreement between PLESK/Odin and 1and1?
Here is what I have:

I also point to the missing arabic locale / language. I have nothing to do with arabic language, I only identified it as an error after yesterdays Update #20.
Lots of greets perhaps it helps solving my monthly renew/update problem.

 

[AYamshanov]

Hi Dukemaster,

I found a bug report for Arabic locale and can reproduce it. I will provide to developers the information about this bug.
I was wrong, look at next my post.

--check-installed-license or -c

Checks the validity of the installed license key (returns the 0 exit code if the key is valid and 1 if it is invalid)

Could you try the next short code snippet?

# plesk bin license -c; echo $?
0
#

So, could be unclear that the command returned status to the operation system, but do not print it.

 

[AYamshanov]

It is not a bug, this is the real name of the locale.

 

[Dukemaster]

Hi @AYamshanov ,
thanks for quick reply. Like in your example, i got 0. So I have a valid certificate which is ghost-like unvisible.
Just kidding, sorry.....I apologize.

Why I wrote the locales case:
There is also an real error message in Plesk Panel, that's why I checked all locales over shell. I only wanted to report it, I can't speak arabian language.

Greets

 

[Dukemaster]

@AYamshanov m Here the proof or evidence in the end.

 

[LTUser]

@AYamshanov m Here the proof or evidence in the end.

View attachment 13418

Thanks in Advance! Thats solved my Problem. But why Plesk do that things not solve with a Update... Tststs...

 

[AYamshanov]

Why I wrote the locales case:
There is also an real error message in Plesk Panel, that's why I checked all locales over shell. I only wanted to report it, I can't speak arabian language.

Dukemaster, thank you, I will create request about this.