Issue

• Activation of a new Satellite certificate via rhn-satellite-activate fails with the following error(s) at the command line or in /var/log/rhn/rhn_server_satellite.log:

  Certificate specifies 70 of rhn-tools-rhel-workstation-6 non-flex entitlements.
  There are 82 non-flex entitlements allocated to non-base org(s) (5 used).
  You might need to deallocate some entitlements from non-base organization(s).
  You need to free 12 entitlements to match the new certificate.
  Activation failed, will now exit with no changes.
  

or:

    ERROR:: You do not have enough entitlements in the base org.

    Exception type satellite_tools.satCerts.NoFreeEntitlementsError

    Exception Handler Information
    Traceback (most recent call last):
      File "/usr/bin/satellite-sync", line 136, in main
        return satsync.Runner().main()
      File "/usr/share/rhn/satellite_tools/satsync.py", line 199, in main
        ret = method()
      File "/usr/share/rhn/satellite_tools/satsync.py", line 268, in _step_channel_families
        self.syncer.syncCert()
      File "/usr/share/rhn/satellite_tools/satsync.py", line 506, in syncCert
        return self._process_cert(cert)
      File "/usr/share/rhn/satellite_tools/satsync.py", line 541, in _process_cert
        satCerts.storeRhnCert(cert)
      File "/usr/share/rhn/satellite_tools/satCerts.py", line 289, in storeRhnCert
        set_slots_from_cert(sc)
      File "/usr/share/rhn/satellite_tools/satCerts.py", line 189, in set_slots_from_cert
        raise NoFreeEntitlementsError()
    NoFreeEntitlementsError 

or:

Exception type common.rhnException.rhnFault

Exception Handler Information
Traceback (most recent call last):
  File "/usr/bin/satellite-sync", line 136, in main
    return satsync.Runner().main()
  File "/usr/share/rhn/satellite_tools/satsync.py", line 199, in main
    ret = method()
  File "/usr/share/rhn/satellite_tools/satsync.py", line 268, in _step_channel_families
    self.syncer.syncCert()
  File "/usr/share/rhn/satellite_tools/satsync.py", line 506, in syncCert
    return self._process_cert(cert)
  File "/usr/share/rhn/satellite_tools/satsync.py", line 533, in _process_cert
    sync_handlers.populate_channel_family_permissions(sat_cert)
  File "/usr/share/rhn/satellite_tools/sync_handlers.py", line 643, in populate_channel_family_permissions
    importer.run()
  File "/usr/share/rhn/server/importlib/importLib.py", line 617, in run
    self.submit()
  File "/usr/share/rhn/server/importlib/channelImport.py", line 229, in submit
    self.backend.processChannelFamilyPermissions(self.batch)
  File "/usr/share/rhn/server/importlib/backend.py", line 1014, in processChannelFamilyPermissions
    (cfp['org_id'], cfp['channel_family'], cfp['max_members']), explain=0)
rhnFault: (23, 'ORA-20290: (not_enough_entitlements_in_base_org) - You do not have enough entitlements in the base org.: org_id [1] family [rhel-server-cluster] max [-87]', 'Could not update database entry.')

or

  <rhnFault class (code = 23, text = 'ORA-20290: (not_enough_entitlements_in_base_org) - You do not have enough entitlements in the base org.: org_id [1] family [rhel-server] max [-53]')>
(23, 'ORA-20290: (not_enough_entitlements_in_base_org) - You do not have enough entitlements in the base org.: org_id [1] family [rhel-server] max [-53]', 'Could not update database entry.'

or

RHN_PARENT: satellite.rhn.redhat.com
Certificate specifies `x` number of rhel-server non-flex entitlements.
    There are `y` number of non-flex systems in the base organization.
    You might need to unentitle some systems in the base organization.
    You need to free `z` number of entitlements to match the new certificate.
Activation failed, will now exit with no changes.

For Satellite 5.8:

# rhn-satellite-activate --manifest=/tmp/manifest.zip --verbose

15:28:33 HTTP_PROXY: None
15:28:33 HTTP_PROXY_USERNAME: None
15:28:33 HTTP_PROXY_PASSWORD: <password>
15:28:33 Checking cert XML sanity and GPG signature: '/usr/bin/validate-sat-cert.pl --keyring /etc/webapp-keyring.gpg /etc/sysconfig/rhn/rhsm-manifest.zip-cert-Lmzfsh'
15:28:53 Database connectioned initialized: refer to /etc/rhn/rhn.conf
15:28:53 Attempting local RHN Certificate push (and therefore activation)
Certificate specifies 501 of enterprise_entitled entitlements.
    There are 19 entitlements used by systems in the base (id 1) organization,
    plus 1000 entitlements allocated to non-base org(s) (0 used).
    You might need to unentitle some systems in the base organization,
    or deallocate some entitlements from non-base organization(s).
    You need to free 518 entitlements to match the new certificate.
    In the WebUI, the entitlement is named Management.
Certificate specifies 501 of provisioning_entitled entitlements.
    There are 5 entitlements used by systems in the base (id 1) organization,
    plus 1000 entitlements allocated to non-base org(s) (0 used).
    You might need to unentitle some systems in the base organization,
    or deallocate some entitlements from non-base organization(s).
    You need to free 504 entitlements to match the new certificate.
    In the WebUI, the entitlement is named Provisioning.
Activation failed, will now exit with no changes.

• satellite-sync fails with:

  SYNC ERROR: unhandled exception occurred:
  
  (Check logs/email for potentially more detail)
  
  Error: You do not have enough unused provisioning_entitled 
  entitlements in the base org. You will need at least 1 free 
  entitlements, based on your current consumption. Please un-entitle the 
  remaining systems for the activation to proceed.
  

• Red Hat Satellite upgrade fails with error: "You do not have enough entitlements in the base org" during Satellite certificate activation step, how to fix this?