Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5774
Views
0
Helpful
6
Replies

ESA not Communicating with the Update Server

Go to solution
Twilhite
Level 1
Level 1

‎05-28-2020 08:47 PM

For the last two days days, I've been getting this email from our ESA appliance.

 

The Warning message is:

The updater has been unable to communicate with the update server for at least 1h.

Last message occurred 8 times between Thu May 28 21:25:22 2020 and Thu May 28 22:14:33 2020.

Version: 13.0.0-392
Serial Number: 4220E354B51E18377F43-3601292ED790
Timestamp: 28 May 2020 22:20:54 -0500

To learn more about alerts, visit our support community and troubleshooting site.  In many cases, you can find more information about this specific alert.
For troubleshooting, see the following URL :
https://www.Cisco.com/c/en/us/support/security/email-security-appliance/products-tech-notes-list.html
For ESA Support, see the Cisco Support Community site :
https://supportforums.cisco.com/t5/email-security/bd-p/5756-discussions-email-security

If you desire further information, please contact your support provider.

To open a support request for this issue, access the IronPort C100V
and issue the "supportrequest" command. The command sends an email with
diagnostic information directly to Cisco IronPort Customer Support to
facilitate a rapid diagnosis of the problem.


Thank you.

 

Is there a known issue going on?

 

If not, then I'm unsure how to troubleshoot this... Is it possible that it's related to a licensing issue?  Right before I started getting the above messages hourly, I got a different message from the ESA that said my licenses had expired. It was referencing the old style "paste in a license" that I had on the ESA. When we renewed our licenses earlier this year, we converted the appliance to Smart Licensing. I just checked it's license page and it says everything is authorized and the entitlements are good but it still sent me an email about the old "paste in" license having expired and gave me warning about services no longer working. So I'm not sure now if the ESA went into an unlicensed state under the hood, even though the Smart Licensing says it is valid.

 

This was the message telling me all about licenses expiring even though the Appliance's Smart Licensing page says all is good. And I converted to Smart Licensing well before these emails started.

 

The Critical message is:

All security services licenses for this Cisco Email Security Appliance have expired. The appliance will continue to deliver mail without security services for 180 days, until 2020/11/23.
To renew security services licenses, Please contact your authorized Cisco sales representative.

Version: 13.0.0-392
Serial Number: 4220E354B51E18377F43-3601292ED790
Timestamp: 27 May 2020 10:06:52 -0500

To learn more about alerts, visit our support community and troubleshooting site.  In many cases, you can find more information about this specific alert.
For troubleshooting, see the following URL :
https://www.Cisco.com/c/en/us/support/security/email-security-appliance/products-tech-notes-list.html
For ESA Support, see the Cisco Support Community site :
https://supportforums.cisco.com/t5/email-security/bd-p/5756-discussions-email-security

If you desire further information, please contact your support provider.

To open a support request for this issue, access the IronPort C100V
and issue the "supportrequest" command. The command sends an email with
diagnostic information directly to Cisco IronPort Customer Support to
facilitate a rapid diagnosis of the problem.


Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
munbali
Cisco Employee
Cisco Employee
In response to Twilhite

‎06-04-2020 01:07 AM

Hi,

 

You will need to log a ticket with our licensing team, and they will be able to provide you with the xml license file which will fix this issue once the file is uploaded

 

Best Regards,

Muna

View solution in original post

0 Helpful
6 Replies 6

Go to solution
daachary
Cisco Employee
Cisco Employee

‎05-31-2020 04:44 AM

Hello,

Incoming mail handling license is required to communicate with the update server. Please check if this license is available.

By default, its perpetual in physical appliance but needs to be installed on the virtual appliance.

 

Regards,

Dayananda Acharya

0 Helpful

Go to solution
Twilhite
Level 1
Level 1
In response to daachary

‎05-31-2020 12:31 PM

I've had it licensed just fine for a while now. Little over a year. The only difference this year is when I renewed it, I converted it to smart licensing.

 

Here is the smart licensing summary from the appliance. It does show the mail handling license is in compliance. Everything operated fine until I got the email saying that the old style "paste-in" type of licenses had expired even though I had already re-licensed the machine under smart licensing.

 

ESALicenses.PNG

0 Helpful

Go to solution
Twilhite
Level 1
Level 1
In response to Twilhite

‎05-31-2020 07:34 PM

I also found the updater logs and I see this exact same entry pattern repeating itself since the beginning of May 28th. The ESA has been doing this since May 28th.

 

Sun May 31 21:08:37 2020 Info: Starting scheduled update
Sun May 31 21:08:37 2020 Info: Dynamic manifest fetch failure: Failed to authenticate with manifest server
Sun May 31 21:09:38 2020 Info: Dynamic manifest fetch failure: Failed to authenticate with manifest server
Sun May 31 21:10:38 2020 Info: Dynamic manifest fetch failure: Failed to authenticate with manifest server
Sun May 31 21:10:38 2020 Info: Scheduled next update to occur at Sun May 31 21:15:38 2020

0 Helpful

Go to solution
munbali
Cisco Employee
Cisco Employee
In response to Twilhite

‎06-02-2020 12:25 AM

Hello,

 

this issue is tracked under the below defect:

Virtual ESA/WSA/SMA Updates/Upgrades will fail after SL migration if XML end_date expires.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn51625

 

where it is needed to obtain the old style XML file for now to activate the updates.

you can also subscribe to the defect to be notified when a fixed version is released 

 

Best Regards,

Muna

0 Helpful

Go to solution
Twilhite
Level 1
Level 1
In response to munbali

‎06-03-2020 11:21 PM - edited ‎06-03-2020 11:22 PM

How do I get an XML? Since I converted the Licensing from the PAK to Smart Licensing, there are no longer any entitlements available for me to issue an old style XML in the traditional licensing portal. When I try, all the options are greyed out because the license was converted to a Smart License. The traditional license manager also shows that it was converted to Smart LicensingLicenses.png.

 

 

0 Helpful

Go to solution
munbali
Cisco Employee
Cisco Employee
In response to Twilhite

‎06-04-2020 01:07 AM

Hi,

 

You will need to log a ticket with our licensing team, and they will be able to provide you with the xml license file which will fix this issue once the file is uploaded

 

Best Regards,

Muna

0 Helpful
Customers Also Viewed These Support Documents