cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18600
Views
12
Helpful
16
Replies
mdube
Beginner

Paused on services : antispam

Hi,

Quick question here, but would need fast response as the client is not receiving mails anymore.

We had a power failure, then had to reboot everything when power came back.

I've restarted the Spam Blocker when all the servers were up and ready, as it is using Active Directory.

System seems to be working properly, except the fact that when I do a status in CLI I get the following :

Status as of:                  Tue Aug 02 10:52:16 2011 EDT
Up since:                      Tue Aug 02 10:03:15 2011 EDT (49m 1s)
Last counter reset:            Never
System status:                 Paused on services: antispam
Oldest Message:                1 hour 17 mins 37 secs
Feature - Bounce Verification: Perpetual
Feature - IronPort Anti-Spam:  212 days
Feature - Incoming Mail Handling: Perpetual
Feature - Sophos Anti-Virus:   212 days

I've read somewhere that I might be caused by an invalid feature key, but as you may see, everything is up-to-date and.

I'm trying to find the right command to force the device to change from Paused to active in the command line, but haven't found anything yet.

Can someone help me?

Thank you!

Mathieu

2 ACCEPTED SOLUTIONS

Accepted Solutions
Martin Eppler
Beginner

Hi,

Can you please check what the CLI command 'antispamstatus' says? If there's an N/A in it somewhere, then please call the support hotline to get Anti-Spam fixed.

Thanks and regards,

Martin

---

Sent while being on the road. Please excuse any typos and short answers.

Von: mdube@progel.ca

Gesendet: Tuesday, August 02, 2011 05:10 PM

An: Martin Eppler (meppler)

Betreff: - Paused on services : antispam

Cisco Support Community <>

Paused on services : antispam

created by mdube@progel.ca <> in Small Business Spam & Virus Blocker - View the full discussion <>

View solution in original post

jasbryan
Frequent Contributor

Hi,

If this is a B10 series blocker appliance the correct number for support is 1-866-606-1866, to open a support case.

Thanks,

Jason

Cisco Support Engineer

.:|:.:|:.

View solution in original post

16 REPLIES 16
Martin Eppler
Beginner

Hi,

Can you please check what the CLI command 'antispamstatus' says? If there's an N/A in it somewhere, then please call the support hotline to get Anti-Spam fixed.

Thanks and regards,

Martin

---

Sent while being on the road. Please excuse any typos and short answers.

Von: mdube@progel.ca

Gesendet: Tuesday, August 02, 2011 05:10 PM

An: Martin Eppler (meppler)

Betreff: - Paused on services : antispam

Cisco Support Community <>

Paused on services : antispam

created by mdube@progel.ca <> in Small Business Spam & Virus Blocker - View the full discussion <>

View solution in original post

Hello Martin,

It is indeed displaying the following :

  Component              Last Update                  Version

  CASE Core Files        10 May 2011 17:45 (GMT)      N/A

  Structural Rules       01 Aug 2011 11:05 (GMT)      N/A

  CASE Utilities         01 Aug 2011 20:18 (GMT)      3.1.0-014

  Web Reputation DB      30 Jul 2011 19:35 (GMT)      N/A

  Web Reputation Rules   01 Aug 2011 11:05 (GMT)      N/A

I will call hotline right away.
Many thanks!

Hi,

Yes this is definitly a corrupted AntiISpam engine. Most likely the appliance was shut down while AntiISpam was updated.

Regards,

Martin

It's a stupid question, but I can't seem to be able to find the Hotline for Canada...?

Hi,

Sorry but as I'm currently out of the office I cannot point you to the right phone number, but a support request via GUI help and support - open a support case should work.

As a workaround, you may also want to consider Anti-Spam scanning in the Mail Policies until the Anti-Span engine has been fixed.

Regards,

Martin

jasbryan
Frequent Contributor

Hi,

If this is a B10 series blocker appliance the correct number for support is 1-866-606-1866, to open a support case.

Thanks,

Jason

Cisco Support Engineer

.:|:.:|:.

View solution in original post

Thank you guys for the quick response.

I have contacted support and they did have to delete the reporting database.

The unit is up and running again now.

Hello Mathieu,

just a quick follow-up and a side note for other customers that may encounter the same issue.

An immediate fix for this would also be to run an upgrade on the appliance as this will also deploy a new Anti-Spam engine during the upgrade. Of course this only works when the appliance is not yet on the latest AsyncOS release (so everything prior 7.1.3). For customers running the latest release and running into this the only way forward would be to call the support hotline to get this fixed via a remote access.

Regarding a root cause analysis and to provide some technical background here:

The Anti-Spam module (as well as Anti-Virus) is by default checking every five minutes for an update. The update is then pulled and applied (= written to disk). If the appliance encounters an unexpected shutdown (e.g. power loss) it *may* happen that after the reboot the Anti-Spam engine and rules are corrupted and Anti-Spam is therefore not operational. This can be identified with CLI command antispamstatus, that will show N/A then. As Anti-Spam updates are more frequent available than Anti-Virus updates, the chance that Anti-Spam is affected by this is higher than Anti-Virus being affected.

Thanks and regards,

Martin

Thanks to both Martin and Jason for helping me troubleshoot the device.

Upgrading it to AsyncOS 7.1.3 did repair the database.

Many thanks once again to you guys!

Regards,

Mathieu

joshbeen1
Beginner

Hello all.

I had this exact scenario happen on Friday after an extended power outage.

When I contacted Cisco support on Monday morning, they informed me they were no longer suggesting a fix via remote access and that the preferred repair was to RMA the unit for another one from the warehouse.

This seemed silly, but so be it.

In the meantime, I disabled the Anti-Spam in the global settings.

When I enabled the Anti-Spam process the next day, I noticed that the Rules had been updated and the system was back in working order.

So, for anyone else stumbling on this thread, my suggestion would be to give that a try - disable the Anti-Spam and re-enable it an hour or two later and see if the problem has corrected itself.

Hope this helps,

Josh

medstunixp00
Beginner

Hi,

I get the same issue twice, there are is lot of messages stuck in queue and new incoming messages are stuck too; but the difference in my case is that the antispamstatus command gives no N/A, the workqueue command show "Status:        Paused on services: antispam", the status change to "Operational" for a couple of seconds then goes back to "Paused on services: antispam" for several minutes.

I tried the first time to make a rool back using the "revert" command but i lost all the configuration, reports and the most important thing for me : the messages stuck in the workqueue.

So, today it occured again and I had the chance for a second try; I solved the problem by:

1- changing the ip interface on which the email is accepted to stop receiving new messages (I have a spare unit to get emails on it)

2- disabling the antispam then rebooting the unit; the workqueue status is "Operational" and the messages are sent

This solve half of my problem (sending the stuck message in workqueue), now I have to work on getting back the unit in normal operational mode.

We had a similar issue where a C660 was shutdown badly with a power outage. It corrupted the CASE database and stopped everything from updating (AV and time as well).

We tried rebooting, tried turning anti-spam off/on (rebooting in the middle as well). We were already running the latest code so update was not an option.

Anyway, the Cisco TAC guys ended up running these CLI commands:

antispamupdate ironport force

antivirusupdate force

About 15 mins later it had downloaded a full copy of the database, then started processing the workqueue.

Hopefully this saves someone some time!

Thank you! Tom Minchin for your help. I had the same issue as you and your commands worked like a charm. Your comment saved a lot of time for me today.

Thanks for your post Tom - this really helped us out last week and resolved a similar issue on one of our Appliances