07-26-2011 05:18 AM
Hi
Since a power down over the weekend our C160 which is running version 7.0.1-010 our Ironport device is reporting alerts:
We are getting the message:
LDAP: query AD_Default.accept result inquiry timed out
Can anyone help what could be wrong?
Thanks
07-26-2011 05:27 AM
Greetings,
You have likely lost connectivity to your AD server. I would first recommend enabling the LDAP debug logs so you can obtain more data. In addition you may want to try to test connectivity from your appliance via the CLI using telnet. You can then telnet to the AD server on the specified port 389, or 3268. Generally this is an issue with either connectivity or DNS. If the look up fails when you try to telnet using the hostname try the IP. If the IP works and the host name does not then this likely a DNS issue.
arheel.cisco.com> ldapconfig
Current LDAP server configurations:
1. Campbell: (64.102.157.29:3268)
2. Joe-Ldap: (10.92.152.122:389)
3. vada: (10.92.152.122:389)
Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
- SETUP - Configure LDAP options.
- ADVANCED - Configure advanced LDAP queries.
[]>
tarheel.cisco.com>
tarheel.cisco.com> telnet
Please select which interface you want to telnet from.
1. Auto
2. Data 1 (14.36.191.8/16: tarheel2.cisco.com)
3. Data 2 (172.18.124.51/24: test.cisco.com)
[1]>
Enter the remote hostname or IP address.
[]> 64.102.157.29
Enter the remote port.
[25]> 3268
Trying 64.102.157.29...
Connected to dhcp-64-102-157-29.cisco.com.
Escape character is '^]'.
Below are instructions on setting up the debug logs.
An important feature within the IronPort C-Series appliance is its logging capabilities. AsyncOS can generate many types of logs, recording varying types of information. Log files contain the records of regular operations and exceptions from various components of the system. This information can be valuable when monitoring your IronPort C-Series appliance as well as when troubleshooting or checking performance.
Logs can be configured and created through the IronPort CLI using the logconfig command or via the GUI. See the link below for configurng logs via the GUI.
Below is an example of creating a LDAP debug log subscription using the CLI:.
ironport.com> logconfig
Currently configured logs:
1. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
2. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
3. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
4. "brightmail" Type: "Symantec Brightmail Anti-Spam Logs" Retrieval: FTP Poll
5. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
6. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
7. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
8. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
9. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
10. "rptd_logs" Type: "Mailflow Report Logs" Retrieval: FTP Poll
11. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
12. "status" Type: "Status Logs" Retrieval: FTP Poll
13. "system_logs" Type: "System Logs" Retrieval: FTP Poll
Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]> new
Choose the log file type for this subscription:
1. IronPort Text Mail Logs
2. qmail Format Mail Logs
3. Delivery Logs
4. Bounce Logs
5. Status Logs
6. Domain Debug Logs
7. Injection Debug Logs
8. System Logs
9. CLI Audit Logs
10. FTP Server Logs
11. HTTP Logs
12. NTP logs
13. Mailflow Report Logs
14. Symantec Brightmail Anti-Spam Logs
15. Symantec Brightmail Anti-Spam Archive
16. Anti-Virus Logs
17. Anti-Virus Archive
18. LDAP Debug Logs
[1]> 18
Please enter the name for the log:
[]> ldap_debug
Choose the method to retrieve the logs.
1. FTP Poll
2. FTP Push
3. SCP Push
[1]>
Filename to use for log files:
[ldap.log]>
Please enter the maximum file size:
[10485760]>
Please enter the maximum number of files:
[10]>
Currently configured logs:
1. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
2. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
3. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
4. "brightmail" Type: "Symantec Brightmail Anti-Spam Logs" Retrieval: FTP Poll
5. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
6. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
7. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
8. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
9. "ldap_debug" Type: "LDAP Debug Logs" Retrieval: FTP Poll
10. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
11. "rptd_logs" Type: "Mailflow Report Logs" Retrieval: FTP Poll
12. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
13. "status" Type: "Status Logs" Retrieval: FTP Poll
14. "system_logs" Type: "System Logs" Retrieval: FTP Poll
Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]>
ironport.com> commit
Below is an example for editing an existing log.
ironport.com> logconfig
Currently configured logs:
1. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
2. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
3. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
4. "brightmail" Type: "Symantec Brightmail Anti-Spam Logs" Retrieval: FTP Poll
5. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
6. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
7. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
8. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
9. "ldap_debug" Type: "LDAP Debug Logs" Retrieval: FTP Poll
10. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
11. "rptd_logs" Type: "Mailflow Report Logs" Retrieval: FTP Poll
12. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
13. "status" Type: "Status Logs" Retrieval: FTP Poll
14. "system_logs" Type: "System Logs" Retrieval: FTP Poll
Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]> edit
Enter the number of the log you wish to edit.
[]> 9
Please enter the name for the log:
[ldap_debug]>
Choose the method to retrieve the logs.
1. FTP Poll
2. FTP Push
3. SCP Push
[1]>
Please enter the filename for the log:
[ldap.log]>
Please enter the maximum file size:
[10485760]> 52422880
Please enter the maximum number of files:
[10]> 100
Currently configured logs:
1. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
2. "avarchive" Type: "Anti-Virus Archive" Retrieval: FTP Poll
3. "bounces" Type: "Bounce Logs" Retrieval: FTP Poll
4. "brightmail" Type: "Symantec Brightmail Anti-Spam Logs" Retrieval: FTP Poll
5. "cli_logs" Type: "CLI Audit Logs" Retrieval: FTP Poll
6. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
7. "ftpd_logs" Type: "FTP Server Logs" Retrieval: FTP Poll
8. "gui_logs" Type: "HTTP Logs" Retrieval: FTP Poll
9. "ldap_debug" Type: "LDAP Debug Logs" Retrieval: FTP Poll
10. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll
11. "rptd_logs" Type: "Mailflow Report Logs" Retrieval: FTP Poll
12. "sntpd_logs" Type: "NTP logs" Retrieval: FTP Poll
13. "status" Type: "Status Logs" Retrieval: FTP Poll
14. "system_logs" Type: "System Logs" Retrieval: FTP Poll
Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]>
ironport.com> commit
$REFERENCES
For more information about Creating a Log Subscription in the GUI, see the AsyncOS Advanced User Guide on the IronPort
Christopher C Smith
CSE
Cisco IronPort Customer Support
08-01-2011 04:45 AM
Hi,
This alert is sent based on the AsyncOS 7.0.1 release. However, the issue has already been existing earlier, but was unnoticed due to the absent of this alert in previous AsyncOS releases.
One reason for this alert could be also a firewall interrupting idle TCP session. The IronPort Appliance will establish all sessions and then wait for queries to sent. It will only reconnect after 6 hours or 10.000 queries, whatever comes first.
If a router/firewall interrupts the session after e.g. an timeout of 240 sec then such an inquiry timeout can be triggered. For the production it has no real impact as it will immediately reconnect and resent the query. So in fact the issue is not critical and does not result in a loss of email traffic.
The behavior has changed in version 7.1 where only a consolidated notification is sent out. Please upgrade to that version of AsyncOS to have the issue solved.
Regards,
Enrico
08-01-2011 12:26 PM
Thanks,
Ruveni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide