03-17-2021 05:39 AM - edited 03-17-2021 05:41 AM
Hi all!
I have configured Cloud Email Security Search and Remediate according to this guide - https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/esa_user_guide_13-5-1/b_ESA_Admin_Guide_ces_13-5-1/b_ESA_Admin_Guide_12_1_chapter_010101.html
Has anyone succeeded with this?
We are running CES, with version 13.5.1
Two ESAs in clusters with an SMA.
I have done the following:
"" refers to the chapter contents within the guide
- Secured communication - "Certificate for Secure Communication"
- Registered my appliance - "Registering Your Appliance as an Application on Azure AD"
- Enabled Account Settings - "Enabling Account Settings on Cisco Email Security Appliance"
- Created an Account Profile - "Creating an Account Profile" and also tested the connection within Account profile creation.
- Mapped our domain to the account profile - "Mapping Domains to the Account Profile"
I manage to initiate a job, but nothing appears in mail_logs or remediation logs, but the successful tests appear in remediation logs.
Nothing appears in Remediation reports either.
Best regards
Johan
Solved! Go to Solution.
03-24-2021 08:52 AM - edited 03-24-2021 08:53 AM
Reply from TAC:
The SMA shows the following alerts pertaining to Server Verification error
“Warning: Remediation failed for MID(s): 21172 initiated as part of batch Remediate. Reason: server certificate verification error (Host IP)”
What can be done?
This generally happens if there’re any self-signed certs on the ESA and SMA.
However, the fix for this is to log into the SMA’s CLI and make the following changes:
SMAHOSTNAME> esaapiconfig
Choose the operation you want to perform:
- VALIDATE_CERTIFICATES - Whether to validate ESA API server certificates.
[]> validate_certificates
Should ESA API server certificates be validated during interaction? [Y]> N << Please change this to N
Afterwards, please try the remediation function again to see if the feature is working.
03-17-2021 07:28 AM
03-17-2021 07:47 AM
03-24-2021 08:52 AM - edited 03-24-2021 08:53 AM
Reply from TAC:
The SMA shows the following alerts pertaining to Server Verification error
“Warning: Remediation failed for MID(s): 21172 initiated as part of batch Remediate. Reason: server certificate verification error (Host IP)”
What can be done?
This generally happens if there’re any self-signed certs on the ESA and SMA.
However, the fix for this is to log into the SMA’s CLI and make the following changes:
SMAHOSTNAME> esaapiconfig
Choose the operation you want to perform:
- VALIDATE_CERTIFICATES - Whether to validate ESA API server certificates.
[]> validate_certificates
Should ESA API server certificates be validated during interaction? [Y]> N << Please change this to N
Afterwards, please try the remediation function again to see if the feature is working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide