Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Troubleshooting Subscription Manager in Red Hat Enterprise Linux

Red Hat Subscription Management 2023

to respond to problems with Red Hat Subscription Manager

Customer Content Services

Abstract

Troubleshoot problems with the subscription-manager tool in Red Hat Enterprise Linux.

1. Red Hat Enterprise Linux 8

1.1. Unable to register to Red Hat Subscription Management

Registration may fail with error "HTTP error (401 - Unauthorized): Invalid user credentials" in both Kickstart setup and Red Hat Subscription Manager, even if your credentials still work with the Customer Portal. This sometimes happens with passwords that contain special characters such as a dash.

Before you proceed, make sure that you are using:

  • Correct credentials for the Customer Portal and these credentials grant you Organization-level access
  • Your login ID for Customer Portal instead of your email

However, if all of your information is correct but still doesn’t work, you can create an activation key in the Customer Portal and use that activation key in the subscription-manager command line interface.

1.1.1. Creating an Activation Key in the Customer Portal

Procedure

  1. From the Customer Portal, click Activation Keys.
  2. Click New.
  3. Enter a unique Name for the key. You will need this value later.
  4. Select the Service Level and Auto Attach preferences.
  5. Select the subscriptions you want to add to the activation key. You can use the search bar to filter your results without exiting the page.
  6. Click Create.

When successful, the Customer Portal displays a banner stating that the activation key has been created. The Organization ID also displays below the banner.

With the Activation Key created, you can now register your system even if Subscription Manager kicks back a valid Customer Portal ID.

1.1.2. Registering with an Activation Key in the Customer Portal

Prerequisites

  • Organization ID
  • Activation Key Name

Procedure

  1. Open a Terminal window.

  2. Enter the following command, where <activation_key_name> is the name of the activation key that you want to use and <organization_ID> is your organization ID: 

    # subscription-manager register --activationkey=<activation_key_name> --org=<organization_ID>

If successful, subscription-manager displays the output: 

The system has been registered with ID: 00000000-0000-0000-000000000000
The registered system name is: system-name
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64
Status: Not Subscribed

Once you have registered, make sure you remember to attach the subscription using the attach command, as well.

1.2. subscription-manager reports invalid subscription

Refreshing and re-registering a system against Subscription Manager may help resolve issues seeing "invalid subscription" when checking the status of a system using subscription-manager status.

Procedure

  1. First, refresh the subscription: 

    # subscription-manager refresh
# subscription-manager attach --auto
# subscription-manager status

  2. If the subscription is still invalid, unregister it from the system and re-register it back. To unregister, enter the command: 

    # subscription-manager remove --all
# subscription-manager unregister
# subscription-manager clean

  3. To re-register the system, enter the command: 

    # subscription-manager register
# subscription-manager attach --auto

2. Red Hat Enterprise Linux 7

2.1. Cannot register due to certificate issues

If 'subscription-manager'' generates the error “CA certificate for subscription service has not been installed”, the certificate on the system does not match the certificate for subscription-manager. To resolve this error, you need to configure your firewall to allow the following hostnames and ports on the outgoing network firewall to enable yum and subscription-manager to access Red Hat subscription services and the Content Delivery Network (CDN):

  • subscription.rhn.redhat.com:443 [https] AND subscription.rhsm.redhat.com:443 [https]
  • cdn.redhat.com:443 [https]
  • *.akamaiedge.net:443 [https] OR *.akamaitechnologies.com:443 [https]
Note

It is not recommended that you use specific IP addresses, because those are subject to change. However, there is a running list of public CIDR lists for Red Hat Subscription Management.

3. Red Hat Enterprise Linux 6

3.1. Yum update cannot establish communication

Red Hat uses the Content Delivery Network (CDN) to distribute updates through yum. If you have issues troubleshooting through yum, you may see “[Errno 14] problem making ssl connection". The communication is not properly established with the correct certificates. To troubleshoot the error:

Procedure

  1. Verify a proxy is not changing the SSL certificate. Sometimes proxies are configured to resign SSL communication.

  2. Verify the UUID of the system matches what you see on the Customer Portal. To check the UUID of the system, enter: 

    # openssl x509 -in /etc/pki/consumer/cert.pem -noout -text| grep 'Subject: CN'

  3. If the UUID does not match, refresh the subscription data from system: 

    # subscription-manager refresh --force
# subscription-manager attach --auto
  4. If you are using an HTTP proxy with Red Hat Subscription Manager, the proxy settings need to be recorded in ''/etc/rhsm/rhsm.conf' (and not '/etc/yum.conf').
  5. Check if the system is using a standard curl package from Red Hat.

3.2. Manually Setting a Preferred Operating System Release

Beginning in Red Hat Enterprise Linux 6.3, Red Hat Subscription Manager could set a preferred operating system version to use to limit automatic updates for a system. This is one of several preferences that can be set to use for autoattaching subscriptions. However, it is not possible to set a preferred operating system through Red Hat Subscription Manager on older versions of Red Hat Enterprise Linux.

The system can be restricted to a certain operating system version on Red Hat Enterprise Linux 6.2 by editing the yum configuration. For example, to limit yum updates to 6.2-version packages: 

[root@server ~]# echo 6.2 > /etc/yum/vars/releasever

4. Red Hat Enterprise Linux 5

4.1. Guest Fact Shows UUID Unknown

For virtual guests, the Subscription Manager daemons use dmidecode to read the System Management BIOS (SMBIOS) value, which is used to retrieve the guest UUID. On 64-bit Intel architecture, the SMBIOS information is controlled by the Intel firmware and stored in a read-only binary entry. Therefore, it is not possible to retrieve the UUID or set a new and readable UUID.

Because the guest UUID is unreadable, running the facts command on the guest system shows a value of Unknown in the virt.facts file for the system (virt.uuid: Unknown). This means that the guest does not have any association with the host machine and, therefore, does not inherit some subscriptions.

The facts used by Subscription Manager can be edited manually to add the UUID.

Procedure

  1. Obtain the guest name or guest ID.

  2. On the virtual host, use virsh to retrieve the guest UUID. For example, for a guest named 'rhel5server_virt1': 

    virsh domuuid rhel5server_virt1

  3. On the guest, manually create a facts file: 

    vim /etc/rhsm/facts/virt.facts

  4. Add a line which contains the given UUID: 

    {
   "virt.uuid": "$VIRSH_UUID"
       }

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.