Re: Strange issue with Ironport not seeing dictionaries

Bryan Hance · ‎04-06-2023

Hello, odd problem here. I have to C300V virtual ironports clustered, we'll call them ironport1 and ironport2

These ironports share a number of dictionaries and a number of filters that refer to those dictionaries.

LIST'ing the filters on Ironport2, all is well, except it shows a number are not valid.

The reason they are not valid is because: "mail-from-dictionary-match() rule: "dictionary 'XXXX' unavailable on Machine ironport1" - so it's saying Ironport1 doesn't have dictionary 'XXXX'" for some reason.

There weird thing is, Ironport1 VERY MUCH DOES HAVE this dictionary. It appears in the GUI on ironport1, and on the commandline check (dictionaryconfig), with the same name. It exists and is the exact same as the one on Ironport2, since they are clustered.

And checking a large filters on ironport1 says "Invalidation reason: mail-from-dictionary-match() rule: dictionary 'XXXX' unknown; rcpt-to-dictionary-match() rule: dictionary 'xxxx' unknown" - meaning they are all invalid, on both ironports.

I have tried deleting and recreating the various dictionaries - no change.

I have tried editing a single dictionary entry (thus forcing an update across the cluster) - no change.

I have checked the clustering and cluster communications - no issues there.

Any idea what's going on here? It's like ironport1 can't see the dictionary files even though they are 100% present on that machine.

Ken Stieers · ‎04-06-2023

I wonder if its related to this bug?
https://quickview.cloudapps.cisco.com/quickview/bug/CSCwd11198
I know someone moved their filter order around and it cleared up. (latest response here: https://community.cisco.com/t5/email-security/content-filters-have-failed-to-run-and-are-currently-disabled/td-p/4716752)