Re :Unable to connect to the Cisco Aggregator Server.

SuryaPrakash · ‎07-02-2019

Hi CISCO,

The Warning message is:

Unable to connect to the Cisco Aggregator Server.
Details: (7, 'Failed to connect to aggregator.cisco.com port 443: Operation timed out').

Version: 10.0.0-203
Serial Number:
Timestamp: 02 Jul 2019 13:00:49 +0530

To learn more about alerts, please visit our Knowledge Base. In many cases, you can find further information about this specific alert. Please click the Knowledge Base link after logging into our Support Portal at:

http://www.cisco.com/cisco/web/support/index.html

If you desire further information, please contact your support provider.

To open a support request for this issue, access the IronPort C170 and issue the "supportrequest" command. The command sends an email with diagnostic information directly to Cisco IronPort Customer Support to facilitate a rapid diagnosis of the problem.

Is this transient or known issues, or should I open a case with TAC?

Paul Thomas Cyblue · ‎07-03-2019

On your Web Proxy, turn off certification verification for the CISCO Aggregator site.
It uses a CISCO root cert that will not be in the Web Proxy trust store.

ppreenja · ‎07-24-2019

Hi Surya Prakash,

If the alerts are being received quite frequently then you can try to telnet the aggregator service from the CLI of your ESA appliance and make sure that there is connectivity established for the aggregator services. Please find below the steps for the same:

ESA_HOSTNAME>telnet aggregator.cisco.com 443

Trying 208.90.58.190...
Connected to 208.90.58.190.
Escape character is '^]'.

If the above test is a success (you are able to see Connected to option) then you need not worry as the connectivity is established.

If you are not able to see that connectivity coming up then there must be an issue with the network and to determine the same you can setup a packet capture as below:

If you need help getting the packet capture, kindly follow these steps (GUI):
Go to "Help and Support v" >> Packet Capture.
Click on "edit settings."
Under "Filters" choose "Predefined Filters".
Select “Custom filter” and host 208.90.58.190.
Click "submit".
Click "start capture".
Wait for the next warnings to occur again OR Try performing telnet connection again until you get timed out or "Connected to.." output.
After finishing click "finish".
Select the capture and click "download file".

This will help you to check the issue on the network end.

Please find below details with regards to the aggregator services:

The “aggregator” server is a reporting server that the appliance will reach out to every 30 minutes to collect data on URLs that were re-written by either the URL Filtering Service (Message or Content Filter) or by the Outbreak Filter service. In the event, the appliance is not able to reach the server, or an invalid response is returned, the appliance will query for the previously “missed” period at the next check. Please note that this alert does not affect the processing of mail on the appliance. The appliance’s ability to collect the reporting data that is on the “aggregator” server also does not affect the appliance’s ability to determine the status (reputation or category) of a URL.

I hope the aforementioned information is able to answer your queries.

Regards,
Pratham

Ken Stieers · ‎07-24-2019

Packet capture should be port 443

ppreenja · ‎07-24-2019

Thanks, Ken for updating. I believe that just keeping the IP address in the filter will make sure that we don't miss any packets and will capture for all ports. However, having port added will definitely be precise :)

Surya,

We can create a custom filter and add the port as below:
host 208.90.58.190 && port 443

Regards,
Pratham