Failed to activate Katalon Runtime Engine license
This document explains troubleshooting methods to these errors when using Katalon Runtime Engine - Local:
Failed to activate with API keyFailed to activate with Katalon Runtime Engine license
This issue is commonly reported in CI/CD environments such as Jenkins or TeamCity, especially when KRE works on a local machine but fails on the build agent.
Causes
The activation failure is usually caused by one of the following issues:
- The API key is either invalid, expired, revoked.
- KRE license is assigned to an organization, but
-orgIDis not specified. - The machine cannot complete the TLS handshake with
admin.katalon.com. - A firewall, proxy, or network policy is blocking outbound HTTPS traffic to the Katalon licensing service.
You might see the issue appear in the KRE console output/session log as:
Failed to activate with API keyFailed to activate with Katalon Runtime Engine license.Failed to activate with TestCloud license. Failed to get organization or project infoCannot execute this test suite. There is no Katalon Runtime Engine and TestCloud license available.
Troubleshoot
1. Check network connectivity to the license server
From the CI/CD agent or the machine running KRE, test the connection to admin.katalon.com on port 443.
For Windows PowerShell:
Test-NetConnection admin.katalon.com -Port 443
For curl:
curl -v https://admin.katalon.com
A successful result shows TcpTestSucceeded: True.
If the connection test fails, ask your network or security team to allow outbound HTTPS traffic to admin.katalon.com:443.
For more details, see Katalon domain and IP whitelist.
Even if the connectivity test succeeds, the TLS handshake can still fail at the application level. Continue with the next step to troubleshoot further.
2. Verify your API key and command arguments
Make sure the API key used in your KRE command is still active and belongs to the correct account. To review or regenerate your key, see Katalon API Key in Katalon True Platform.
Run the same KRE command with the same API key from a different machine (e.g., your local workstation). If activation succeeds elsewhere, the issue is environment-specific — proceed to the next step.
3. Enable SSL debug logging
To diagnose TLS handshake problems, add the following JVM option to the katalonc.ini file in your KRE installation directory (e.g. C:\KRE\katalonc.ini):
-Djavax.net.debug=ssl:handshake
Run KRE again and review the logs. If you see entries similar to the following, the machine is likely failing during TLS negotiation:
... NewSessionTicket received
... Connection reset
Log locations to check:
| Log | Example path |
|---|---|
| KRE configuration log | C:\KRE\configuration\<timestamp>.log |
| Session metadata log | <workspace>\.metadata\.log |
| Offline license folder | C:\Users\<user>\.katalon\license |
4. Force KRE to use TLS 1.2
If the SSL debug logs point to a TLS handshake issue, add the following lines to the end of katalonc.ini:
-Dhttps.protocols=TLSv1.2
-Djdk.tls.client.protocols=TLSv1.2
-Dkatalon.ignore_ssl=true
Save the file and run KRE again.
This workaround is especially useful for Windows Server 2019 or older server environments, where TLS 1.3 support may be limited or disabled by policy.
5. Compare behavior across KRE versions
If the issue started after upgrading to KRE 9.x or later, test the same workflow with an older version such as KRE 8.6.5.
If the older version activates successfully while the newer version fails, the issue is likely related to TLS handling in the newer bundled Java runtime on that machine.
Workaround
If you need to unblock execution while investigating the root cause, consider these options:
- Regenerate the API key and try the activation again.
- Use an offline license if your organization supports it. For more information, see Activate licenses.
- Contact support and provide:
- KRE version being used
- OS version of the CI/CD agent
- Full session metadata log (
.metadata\.log) - SSL debug output (from
katalonc.iniwith-Djavax.net.debug=ssl:handshake) - Output of
Test-NetConnection admin.katalon.com -Port 443