cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12464
Views
0
Helpful
12
Replies

Connection to "v2.sds.cisco.com" failed - URL Filtering will not work correctly

keithsauer507
Level 5
Level 5

I just received this message:

The Warning message is:

 

Unable to connect to Cisco Web Security Service.

URL Filtering will not work correctly.

Please verify all network, proxy and firewall settings.

Connection to "v2.sds.cisco.com" failed.

The last error seen on this connection: "Request failed with code: 28 (Operation timed out after 5034 milliseconds with 0 out of -1 bytes received)"

 

Version: 8.5.6-074

Timestamp: 16 Sep 2014 10:11:58 -0400

 

 

Is this site v2.sds.cisco.com legitimately down?  According to http://www.downforeveryoneorjustme.com/v2.sds.cisco.com it is down for everyone and not just me.

 

12 Replies 12

Robert Sherwin
Cisco Employee
Cisco Employee

From your ESA - are you able to telnet over to the URL?  Uses 443...

 

> telnet v2.sds.cisco.com 443

 

Trying 184.94.240.102...

Connected to 184.94.240.102.

Escape character is '^]'.

^]  

telnet> quit

Connection closed.

 

-Robert

I seem to have been able to get connected.  Only thing is when I type the escape character I get that could not authenticate client.

> telnet v2.sds.cisco.com 443

Trying 184.94.240.102...
Connected to 184.94.240.102.
Escape character is '^]'.
^]
1017: Could not authenticate client
Connection closed by foreign host.

You haven't made any changes to the websecurityadvancedconfig, have you?

Default config should look like --->

myesal.local> websecurityadvancedconfig

 

Enter URL lookup timeout (includes any DNS lookup time) in seconds:

[15]> 

 

Enter the URL cache size (no. of URLs):

[1215000]> 

 

Do you want to disable DNS lookups? [N]> 

 

Enter the maximum number of URLs that should be scanned:

[100]> 

 

Enter the Web security service hostname:

[v2.sds.cisco.com]> 

 

Enter the threshold value for outstanding requests:

[50]> 

 

Do you want to verify server certificate? [Y]> 

 

Enter the default time-to-live value (seconds):

[30]> 

 

Do you want to include additional headers? [N]> 

 

Enter the default debug log level for RPC server:

[Info]> 

 

Enter the default debug log level for SDS cache:

[Info]> 

 

Enter the default debug log level for HTTP client:

[Info]> 

 

Try also to flush the web security cache --->

myesa.local> webcacheflush

 

Web Security cache has been flushed.

I didn't make any changes but some values are slightly different from what you posted:

Enter URL lookup timeout (includes any DNS lookup time) in seconds:
[5]>

Enter the URL cache size (no. of URLs):
[810000]>

 

 

Should I change those to what you posted and then flush the webcache?  I haven't received another email from earlier though.  I'm thinking my timeout of 5 is too small.

Checking several appliances I have - I see a variation in the settings.  :-(  I would say - try 15, I have that running on an at home production virtual, and have seen no issues w/ the URL filtering, connections - based on testing I am currently doing...

Ok, the values are updated and committed.  Web UI still says connected.

 

Who knows, maybe it was a small latency issue earlier that make it timeout after 5 seconds.

 

Thanks for your help.

This same message happened 3 days in a row now.  Something up with v2.sds.cisco.com?

 

I notice whenever I try to download the Windows 10 preview, this happens too.  The download runs 5.5 - 6 MBps.  We have two 50 meg circuits.

 

I have to try to download Windows 10 preview multiple times because it will sometimes just quit partially or when almost finished.

Also - have you just started using this, upgraded to 8.5.6-074?  Do you have firewall opened accordingly?

Per the guide:

Yes, we do not block 443 outbound from that subnet.

 

In the web gui it says "Connected", so maybe it was an intermittent issue?  Still I'm thinking of altering the timeout.

Greg.Howley
Level 1
Level 1

I have been seeing this issue with increasing regularity recently. 

I have increased the URL lookup timeout to 15 as per below, still getting the warnings.

Any further steps I can take?

Hey Greg,

There are some changes I would like to suggest to put forward (there was a recent change in the URL filtering service as well). (covered: http://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html)

But the changes I am suggesting, is from what I've worked with personally to cover some issues noted:

Enter URL lookup timeout (includes any DNS lookup time) in seconds:

[20]> 30

 

Enter the URL cache size (no. of URLs):

[810000]>

 

Do you want to disable DNS lookups? [N]>

 

Enter the maximum number of URLs that should be scanned:

[100]> 50

 

Enter the Web security service hostname:

[v2.sds.cisco.com]>

 

Enter the threshold value for outstanding requests:

[50]> 5

 

Do you want to verify server certificate? [Y]>

 

Enter the default time-to-live value (seconds):

[30]> 600

 

Do you want to include additional headers? [N]>

 

Enter the default debug log level for RPC server:

[Info]>

 

Enter the default debug log level for URL cache:

[Info]>

 

Enter the default debug log level for HTTP client:

[Info]>

Regards,

Matthew

Dennis Black
Level 1
Level 1