search cancel

Symantec Messaging Gateway is not able to forward emails to Network Prevent for Email detection server

book

Article ID: 163306

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

DLP connect from Symantec Messaging Gateway access to DLP enforce server generates authentication failures, cannot update incidents in Data Loss Prevention Enforce.

The emails are not forwarded and are queuing on Symantec Messaging Gateway side.

In Incident_remediation_access_0.log:

[28/Apr/2016:12:13:16:998 +0200] AUTHORIZATION_FAILED ISR\svc_dlpconnect "" 15ms XX.XXX.XX.XXX - [28/Apr/2016:12:18:17:001 +0200] AUTHORIZATION_FAILED ISR\svc_dlpconnect "" 16ms XX.XXX.XX.XXX - [28/Apr/2016:12:23:17:005 +0200] AUTHORIZATION_FAILED ISR\svc_dlpconnect "" 15ms XX.XXX.XX.XX

[28/Apr/2016:12:28:17:008 +0200] AUTHORIZATION_FAILED ISR\svc_dlpconnect "" 16ms manager operational log: [INFO] (INCIDENT_REMEDIATION_WEBSERVICE.2) Unable to authenticate request from host [XX.XXX.XX.XXX] [INFO] (INCIDENT_REMEDIATION_WEBSERVICE.2) Unable to authenticate request from host [XX.XXX.XX.XXX]

In localhost.timestamp.log:

02 Mai 2016 09:24:25,410- Thread: 1357 INFO [com.vontu.enforce.webservice.security.ServiceAuthenticationHandlerBase] (INCIDENT_REMEDIATION_WEBSERVICE.1) Unable to authenticate request as user [ISM\svc_dlpconnect] connecting from host [XX.XXX.XX.XXX]
02 Mai 2016 09:29:25,389- Thread: 30426 INFO [com.vontu.enforce.webservice.security.ServiceAuthenticationHandlerBase] (INCIDENT_REMEDIATION_WEBSERVICE.1) Unable to authenticate request as user [ISM\svc_dlpconnect] connecting from host [XX.XXX.XX.XXX]

 

Cause

Missing Role, that needs be used to update incidents in DLP.

Resolution

You need to create a role and user for Email Quarantine Connect

To create a role and user for Email Quarantine Connect
1 Log on to the Enforce Server administration console as an administrator.
2 Select System > User Management > Roles.
3 Click Add Role.
4 Type a name for the new role in the Name field. For example, type
dlp-remediator-role.
5 In the User Privileges section of the screen, select the following items:

Incidents: View -> Select View and then select Network Incidents.
Incidents: Actions -> Select the Remediate Incidents privilege.
Select the following user privilege:
Incident Update
Incidents: Incident Reporting and Update API
6 Click Save.
7 Select System > User Management > Users.
8 Click Add User.
9 Type values for the Name, Password, and Re-enter Password fields.
10 In the Roles section of the screen, select the new role you created in step 4.
For example, select dlp-remediator-role.
11 Select the same role in the Default Role menu.
12 (Optional) Click the Incident Access tab and add conditions to limit the
incidents that Email Quarantine Connect may act on. The condition must not
exclude Network incidents.
13 Click Save.
14 In the Symantec Messaging Gateway Control Center, specify the Enforce
Server user and password.
See "Configuring Symantec Messaging Gateway to update data with Enforce
Server" in the Symantec Messaging Gateway Administration Guide. 

Attachments