Flame "No Internet Connection" - "Required Connection to Autodesk could not be established" Single User Login

motoronlysync · April 18, 2024, 2:21am

sudo update-ca-trust -f, give it a spin, assuming you’re in a RHEL/Rocky environment.

ytf · April 18, 2024, 2:23am

I’ve already rebuilt and moved on. Next time . . .

allklier · April 18, 2024, 2:25am

Yes, seems update-ca-trust is indeed the Rocky command. It’s a short script located in /usr/bin that appears to extract the certificates from a bundle file.

update-ca-certificates appears to be the Ubuntu flavor of the same process, and which does not resolve it on Rocky.

To be tested for the next person that is unfortunate enough to run into this.

Dwklink · April 18, 2024, 2:34am

I’d like to live in a world where there is never a next person. Here’s hoping that is soon the case

allklier · April 18, 2024, 3:09am

For the TL;DR on how SSL works in this case, and why it matters.

TLS/SSL is at the heart of any communication with a server that has a https:// URL. These set themselves apart from the now largely deprecated http:// URLs which go back to the days of the Internet when there were mostly good guys, and you could generally trust everything.

TLS/SSL provides two functions - it encrypts the communication and it verifies the identity of the server, so you know you can trust it (it’s actually your bank, not a scammer).

This is accomplished by installing an SSL certificate (a digital signature) on the server, which becomes part of the handshake when the connection is established. Certificates always fall into the private/public key encryption category. Meaning the server keeps a private key on hand, that only the server knows, and a public key that it freely gives out. That ensures that only this server can generate a valid response that matches the public key. And the other party can validate that.

However software doesn’t know all the various servers around the world, and a trusted 3rd party needs to vouch for server’s identity. Those are the certificate authorities (or CA). There are some 2nd tier ones, but in the end they all roll up to a small number of well known ones that everyone will trust. Similar to root DNS servers, that translate domains into IP addresses.

When a SSL certificate is created and attached to a server, it must be signed by a certificate authority who has validated the server’s identity (yes, this was really Autodesk). Server administrators have to jump through various hoops to create these certificates and prove that they are authorized and represent the domain in question. The certificates generally expire and have to be renewed each year.

So when the license server calls home to check a license it uses an https:// connection to an ADSK owned domain. This is verified via these certificates and their respective certificate chains to the certificate authorities. In doing so the license server can be certain that the answers it gets are coming from a trusted ADSK server, and not an imposter that tries to cheat on a license.

So when this certificate chain breaks for some reason (expired certificate, trashed CA lists, etc), the license server cannot establish a secure connection and eventually will tell Flame that it is not licensed.

So while your Internet connection in total may be totally fine, it’s possible that the license server cannot call home in confidence. And so you end up with a big headache.

ytf · April 19, 2024, 11:38pm

Follow Up:
I booted up from my old drive, mv’d the offending file and started flame. I was able log in and clean up my framestore before rebooting back to my new drive, so the fix seemed to work, although when I logged in on the old drive it said something about an rng? something, and when I exited it logged me out as well. Since I had accomplished what I set out to do, I didn’t think much of it. I’m not having any of those issues with my new build. Thanks to all who have looked into this and come up with solutions.

cnoellert · May 6, 2024, 4:34pm

Jut want to say that I ran into this, again… today and that the instructions worked. Thanks so much.

randy · July 17, 2024, 7:44pm

Dwklink:

Wow, didn’t realize how much went on here last week. I thought I had updates turned on for this thread but apparently not. Sorry I wasn’t here for moral support.

Anyway… I finally had a zoom with a bunch of the licensing programers in Asia last night. After an hour and a half they were able to “hopefully” locate the issue and after two years, were finally able to get me able to sign back into my Autodesk license without an OS reinstall.

The issue had something to do with messed up with the SSL certificates - you were on the right trail, Jan… So we have a fix that worked (at least one time) for me on my rig and now and they’re going to investigate what might have caused the issue and hopefully prevent it in the future on their end.

With that being said, this was what they did on my system (Beau from AD support was involved with this case from the start, so if you need additional assistance I’d file a case and try to get in touch with him for more help). To restate, these are the steps I followed when I tried to log into my Autodesk user license on Rocky and received the error stating I could not make an internet connection to Autodesk (even though the machine was connected to the internet without any FireWall impedance):

Head to /etc/ssl/certs and do an ls -la

Look for any symlinks that are a series of 8 characters like this “663b494.0” and rename that symlink to a random name under 8 characters with a mv 663b494a.0 xyz.crt command

Bob’s your uncle! You should be able to connect to their license validation server now. YMMV, but worked a charm for me when trying to log in again after this tweak.

Let me know if you have any luck with this. I’m AD would love the feedback as well.

@randy

Dwklink · July 17, 2024, 7:58pm

Glad to hear that the workaround is still working around!

ytf · July 17, 2024, 10:07pm

Someone else had the issue and I pointed them to this post. It saved their ass as well.

randy · July 17, 2024, 10:49pm

Yah this is gold. Thank you everyone for doing your thing. It’s a massive lifesaver.

andymilkis · July 18, 2024, 10:28am

This bit me yesterday. Very thankful for the Logik Forum and this amazing community!!

Dwklink · July 22, 2024, 9:07pm

Amazing! Glad this is still holding up. One of my clients also got hit with this today on one of their internal rigs.

Thanks again to Beau @ Autodesk for all his help getting to this solution.