Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3150
Views
5
Helpful
3
Replies

ESA 13.5.2 - Invalid Analysis Service Key

roy.tsang
Level 1
Level 1

‎06-01-2021 01:16 AM

ESA 13.5.2 keeps reporting Invalid Analysis Service Key through email alert. I have checked the following:

1. Under system administration -> Feature Key -> File Analysis feature is "active" and not yet expired

2. Under Monitor -> AMP File Analysis -> Try to search by SHA256 with sample value, it shows error of "Invalid API keys"

3. Tried to telnet to cloud-sa.amp.cisco.com and panacea.threatgrid.com through 443 ports from the ESA virtual appliance, the connection was successful

4. Tried to change the AMP service from North America to Europe, same result, "Committed" change

5. Run "Tail AMP" from console, and getting reports with "Unscannable Category = Service Not Available, Unscannable Reason = File Reputation service not available" even for pdf, xlsx file types.

 

Thanks in advance for your help!

 

Labels:
0 Helpful
3 Replies 3

SriramV
Cisco Employee
Cisco Employee

‎06-01-2021 04:14 AM

This is known issue in ESA, sometimes happens after upgrade.

In ESA CLI, try (hidden command)

diagnostic > ampregister

this will trigger rekey.

If still falling, need to rise a TAC case

roy.tsang
Level 1
Level 1
In response to SriramV

‎06-02-2021 01:12 AM

Thanks SriramV,

 

Unfortunately, already try it as well.

0 Helpful

svgeorgi
Cisco Employee
Cisco Employee

‎06-03-2021 05:59 AM

As Sriram said, TAC can fix this on the backside of the appliance. Will require a remote tunnel access to the affected appliance/s.

0 Helpful
Customers Also Viewed These Support Documents