11-09-2017 07:04 AM - edited 03-08-2019 07:27 PM
Good morning, We just built up a new vESA for our internal MTA to work with our Cloud ESA. Since building up the vESA, we have been receiving the following message:
The Warning message is: Unable to connect to the Cisco Aggregator Server. Details: Invalid response received.
We have opened up the firewall to allow the server to communicate with aggregator.cisco.com on 443 but still continue to receive the messages. Any ideas what needs to be done to resolve this error message?
Thanks in advance,
Doug
Solved! Go to Solution.
11-09-2017 07:24 AM
Hi Doug,
This is due to a known issue that we are facing with the aggregator server.
What will cause this issue is an ESA will be unable to connect to the aggregator due to any number of reason (for example, the firewall blocking the connection). As soon as this connection is restored, the ESA will request all the data that it missed while it was unable to connect. This can be months of data.
When this ESA queries for the data, this can overflow the aggregator server for a period of time. In this period, if another ESA queries the aggregator server, the aggregator server may not respond in time causing the alert you are seeing.
Thankfully. This issue doesn't affect mail flow of the ESA. The following is a link to a defect that was opened to require the ESA's to only query for 30 minutes of data at a time:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg39701/
Regards,
Libin Varghese
11-09-2017 07:24 AM
Hi Doug,
This is due to a known issue that we are facing with the aggregator server.
What will cause this issue is an ESA will be unable to connect to the aggregator due to any number of reason (for example, the firewall blocking the connection). As soon as this connection is restored, the ESA will request all the data that it missed while it was unable to connect. This can be months of data.
When this ESA queries for the data, this can overflow the aggregator server for a period of time. In this period, if another ESA queries the aggregator server, the aggregator server may not respond in time causing the alert you are seeing.
Thankfully. This issue doesn't affect mail flow of the ESA. The following is a link to a defect that was opened to require the ESA's to only query for 30 minutes of data at a time:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg39701/
Regards,
Libin Varghese
11-09-2017 07:59 AM
11-09-2017 04:53 PM
That is correct. We are taking steps to improve this on the aggregator server and should have a resolution soon.
- Libin V
11-15-2017 05:38 AM
Are there any updates as to when we might see resolution? I am receiving emails to my devices a few times an hour saying Invalid response received.
Thanks!
11-15-2017 04:31 PM
+1
11-15-2017 07:05 PM
No ETA on a fix as of now. Investigation continues.
05-08-2018 04:36 AM
05-08-2018 04:46 AM
The defect that was discussed on this post shows fixed on Async OS 11.1 for ESA.
What Async OS version is the device on?
Could you share the complete error seen?
Have you verified connectivity to the aggregator server using telnet over 443?
05-08-2018 04:54 AM - edited 05-08-2018 04:56 AM
Hi @Libin Varghese
Version: 11.0.1-027
Update path: 11.0.2b037 2018-04-20 (MD) is the latest (and only) available release.
Device is C170.
Warning <System> <hostname>: Unable to connect to the Cisco
Aggregator Server.; Details: ...
The Warning message is:
Unable to connect to the Cisco Aggregator Server.
Details: Invalid response received.
Version: 11.0.1-027
Serial Number: <>
Timestamp: 08 May 2018 11:56:39 +0200
To learn more about alerts, please visit our Knowledge Base [...]
From ESA I can telnet just fine to v2.sds.cisco.com and aggregator.cisco.com
<host>> telnet v2.sds.cisco.com 443
Trying 172.110.204.44...
Connected to scasds.vrt.sourcefire.com.
Escape character is '^]'.
^**
HTTP/1.1 403 Forbidden
Server: nginx
Date: Tue, 08 May 2018 11:53:20 GMT
Content-Type: text/plain
Content-Length: 36
Connection: close
ETag: "576d7302-24"
1017: Could not authenticate client
Connection closed by foreign host.
<host>> telnet aggregator.cisco.com 443
Trying 208.90.58.190...
Connected to 208.90.58.190.
Escape character is '^]'.
^*
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 08 May 2018 11:55:01 GMT
Content-Type: text/html
Content-Length: 166
Connection: close
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx</center>
</body>
</html>
Connection closed by foreign host.
--K
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide