Showing results for 
Search instead for 
Did you mean: 

Getting "cluster modes out of sync" trying to configure spam quarantine settings at both Machine and Cluster level.

Rachel Bautista

I am implementing two new C170's this weekend (OS 7.5.1-102) to replace our existing C150's (OS 7.1.5-017).  The only trouble I'm having is setting up the Spam quarantine settings to match the current config.  The settings are different on the two machines, but part of the settings are done at machine mode and part in cluster mode.

Our current configuration for spam is as follows:

IronPort01:  Spam Quarantine and Safelist/Blocklist enabled at machine level.  IP Anti-Spam Overview settings at cluster level.  External Spam Quarantine settings say "Settings for this feature are currently defined at: 'Machine:' & 'Cluster: clustername' ".  Settings at cluster level do not have any external spam quarantine configured.

IronPort02:  Spam Qarantine DISABLED at machine level.  External Spam Quarantine at machine level is Enabled and points to IronPort01 ip address.

From what I understand, it seems that it is configured so that we're quarantining spam and users can access a centralized URL, but IronPort02 is shuffling all of that traffic to IronPort01.  (These appliances were set up way before my time.  I'm an IronPort noob.)

When I try to duplicate this set up on my two new IronPorts (we'll call them 03 and 04), it seems to work, but IronPort03 throws an error if I try to access the "External Spam Quarantine" page in machine mode.  Stating cluster modes are out of sync.

I am leaning toward trying one of the following:

          1.  Break the cluster, create my set up on each machine and then re-join the cluster.

          2.  Copy the set up to each machine and just mod each machine instead of trying to get one of them to use cluster and one to use the machine config.

It really is only affecting how I see/access the pages.  I don't believe it will cause our spam quarantine to break, but I'd like to keep it as clean as possible.

Can anyone tell me the best way to get the same end result as our current set up?

2 Replies 2

Bob Fayne

You are using an external C-series as both a local and external spam  quarantine? Interesting, I didn't think that was still supported but I  will assume that it will still work and answer the cluster issues.

You can configure an external spam quarantine at the  cluster level but local spam quarantines are locked down to machine  level. Since you don't want all machines to have the same setting it  doesn't make sense to define quarantines at the cluster level. Stick  with configuring quarantines at the machine level to reduce complexity.  Your description of the existing config is already a bit circular.

You configure the reference for accessing a quarantine  at the Network -> IP Interfaces screen. if you want to point one box  to the other that's where you would do it.

It's not clear that you actually got the  boxes out of sync but I would break the cluster and re-form it, keeping  in mind cluster config items on appliances after the first get  overwritten, but that's what you want.

Since spam  quarantine settings are not normally changed very often, setting them at  the machine level should only be a on-time job.

Actually a single spam quarantine for a set of ESAs was never officially supported, however there is a knowledge base article describing the procedure (article ID 897):

I'd recomment to check this out and understand the steps, this one can be extended to more than two appliances. However, note that Safelist/Blocklist will not work with this setup.

Hope that helps,


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: