08-11-2022 10:35 AM
So, we started getting this error yesterday:
If your email gateway is experiencing issues when delivering messages to Centralized Policy Quarantine (CPQ) and you received an alert that indicates that the CPQ certificate is expired, make sure you execute the updatepvocert CLI command on the Security Management Appliance to fix this issue. You can ignore this notification if you have not enabled CPQ or have already corrected it.
I followed and did the command to regenerate, but I am still getting the error and getting emails from the email firewalls. Am I missing something?
This command recreates a Policy, Virus, and Outbreak Quarantines certificate
and key of strength 2048 bits.
The new certificate is also signed by a CA of strength 2048 bits.
One of the internal services restarts after the certificate update. There is no
Do you want to proceed with the certificate update? [Y]> y
The certificate update is successful.
. An internal service restart is needed for the changes to be effective.
Enter the number of seconds to wait before abruptly closing connections.
Waiting for listeners to exit...
Receiving suspended for euq_listener, cpq_listener.
Waiting for outgoing deliveries to finish...
Mail delivery suspended.
Receiving resumed for euq_listener, cpq_listener.
Mail delivery resumed.
The internal service will be up in a moment.
Solved! Go to Solution.
08-11-2022 11:51 AM
response from TAC to check your system. Trying to verify if the alert will clear itself or a bug.
From your problem description, I understood:
You applied the command updatepvocert and you still getting the alert.
Please let me know if anything stated above is incorrect.
Action Plan to take for the next step on this case:
Are you getting some issues to send or release emails from the PVO???? Or getting port 7025 issues on your ESAs or SMA.
If all is working fine, you can ignore the alert. This is an advice for the customer triggering and issue with expired certificate since last Sunday.
If you still getting issues on the PVO, please review the next information.
This issue has been resolved for now after pushing the update package.
Since you are using on-prem or virtual appliance, you have to run "updatepvocert" command on SMA.
The command on SMA is to restore the Email flow from ESA>SMA.
Connectivity from the SMA to the ESA has been successfully addressed through a cloud update received at the ESA.
Plan of Action:
After updating the PVO certificate, please run the below command on ESA CLI:
Sort results by:
Status as of: Tue Aug 09 14:30:56 2022 +08
Hosts marked with '*' were down as of the last delivery attempt.
Active Conn. Deliv. Soft Hard
# Recipient Host Recip. Out Recip. Bounced Bounced
Host mail status for: 'the.cpq.host'
Status as of: Tue Aug 09 14:27:12 2022 +08
Host up/down: down
Soft Bounced Events 0
Completed Recipients XXXX
Hard Bounced Recipients 0
DNS Hard Bounces 0
5XX Hard Bounces 0
Filter Hard Bounces 0
Expired Hard Bounces 0
Other Hard Bounces 0
Delivered Recipients XXXX
Deleted Recipients 0
After following the above, you can verify from the ESA GUI for the mails. Give around 10 minutes and review that the.cpq.host is draining.
08-11-2022 10:48 AM - edited 08-11-2022 10:49 AM
I have this same message and followed the same steps, even went so far as to reboot the SMA, although I don't think that would have helped. I haven't found a way of supressing this message either or established why it has suddenly started to appear.
SMA Version: 14.2.0-203