Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1857
Views
0
Helpful
7
Replies

Problem with Cisco ESA and alerts

Zach_Sec
Level 1
Level 1

‎08-07-2017 05:30 AM

Hi,

one of our customers are getting this kind of alert messages to their email boxes:

The Warning message is:

Unable to connect to Cisco Web Security Service.
URL Filtering will not work correctly.
Please verify all network, proxy and firewall settings.
Connection to "v2.sds.cisco.com" failed.
The last error seen on this connection: "Server busy or service unavailable"

Version: 10.0.1-087

In the past few months, there weren't any alerts like this, but recently we'v got many. I looked up everything on google that could lead to something helpful to resolve this problem, but nothing helped.

We tried to change the DNS servers, and it didn't help. We saw this: https://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html

but it didn't help. One thing that i saw interesting is that when i made a packet capture on the ESA, i saw that the ESA is making a TCP RST in the same time when the alert is being made. 

For some reason, v2.sds.cisco.com resolves sometimes to 172.110.204.44 or 198.148.79.60, and the problem seems to only occur when the ESA is making a URL update using the 198.148.79.60 address.

Any suggestion would be helpful.

Thank you in advance,

Zach

Labels:
0 Helpful
7 Replies 7

Libin Varghese
Cisco Employee
Cisco Employee

‎08-07-2017 05:40 AM

Cisco is working diligently to address this issue. 

In order to mitigate and reduce the number of alerts being received by affected customers, we have recently added capacity to the update service to better address the overall load while we continue to isolate the root cause of the alerts. 

Please note that the alert itself is an informational warning only and does not impact the performance or operation of the appliance.

Regards,

Libin Varghese

0 Helpful

Zach_Sec
Level 1
Level 1
In response to Libin Varghese

‎08-07-2017 05:50 AM

Thank you very much for the information!

Best regards,

Zach

0 Helpful

Zach_Sec
Level 1
Level 1
In response to Libin Varghese

‎08-22-2017 12:16 AM

Any news regarding this? Or is it going to take some time to fix the issue?

 

Best regards,

Zach

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to Zach_Sec

‎08-22-2017 03:04 AM

As per the last update additional servers were added to handle the load being seen which should have reduced the number of alerts.

 

Could you confirm since when you began seeing the alerts and what is the frequency of these alerts per day/per hour?

 

- Libin V

0 Helpful

Zach_Sec
Level 1
Level 1
In response to Libin Varghese

‎08-22-2017 03:09 AM

It looks like it didn't get better. The alerts are coming in a interval of 2-4 hours.

 

Best regards,

Zach

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to Zach_Sec

‎08-22-2017 03:18 AM

Do all alerts end in "Server busy or service unavailable" or are there alerts with other error codes as well?

 

I'll check if there are any further updates.

 

- Libin V

0 Helpful

Zach_Sec
Level 1
Level 1
In response to Libin Varghese

‎08-22-2017 05:10 AM

They all end in "Server busy or service unavailable".

 

Best regards,

Zach

0 Helpful
Customers Also Viewed These Support Documents