06-01-2021 01:16 AM
ESA 13.5.2 keeps reporting Invalid Analysis Service Key through email alert. I have checked the following:
1. Under system administration -> Feature Key -> File Analysis feature is "active" and not yet expired
2. Under Monitor -> AMP File Analysis -> Try to search by SHA256 with sample value, it shows error of "Invalid API keys"
3. Tried to telnet to cloud-sa.amp.cisco.com and panacea.threatgrid.com through 443 ports from the ESA virtual appliance, the connection was successful
4. Tried to change the AMP service from North America to Europe, same result, "Committed" change
5. Run "Tail AMP" from console, and getting reports with "Unscannable Category = Service Not Available, Unscannable Reason = File Reputation service not available" even for pdf, xlsx file types.
Thanks in advance for your help!
06-01-2021 04:14 AM
This is known issue in ESA, sometimes happens after upgrade.
In ESA CLI, try (hidden command)
diagnostic > ampregister
this will trigger rekey.
If still falling, need to rise a TAC case
06-02-2021 01:12 AM
Thanks SriramV,
Unfortunately, already try it as well.
06-03-2021 05:59 AM
As Sriram said, TAC can fix this on the backside of the appliance. Will require a remote tunnel access to the affected appliance/s.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide