Control center cannot communicate with Messaging Gateway scanner

book

Article ID: 170788

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

The Messaging Gateway (SMG) control center is unable to communicate with the SMG scanner resulting in a number of potential issues:

  • Message audit log queries fail and / or are delayed or spin indefinitely.
  • Cannot propagate configuration changes to scanners
  • Unable to view Message Queues

agent_log

2018-01-09T21:41:13+05:30 (ERROR:2422.54671328): [33048] Error creating new connection: Unknown error 336150661.

BrightmailLog.log

Jan 09 2018 21:41:13 [BrightmailScheduler_Worker-33] [ScriptHelper] ERROR - com.symantec.smg.controlcenter.BrightmailException: The Agent running on 127.0.0.1 is temporarily unreachable. Please check the specified host. ; nested exception is: java.net.SocketException: Connection reset

Running netstat on the SMG scanner when it is in this state will also show a number of connections in the SYN_RECV state indicating that the TCP connections are only half open:

smg [10.7.5-4]> netstat -tn | grep 41002
tcp        0      0 192.168.100.25:41002    192.168.100.100:59162   SYN_RECV
tcp        0      0 192.168.100.25:41002    10.255.1.44:51440       SYN_RECV
tcp        0      0 192.168.100.25:41002    10.255.1.44:51446       SYN_RECV
tcp        0      0 192.168.100.25:41002    10.255.1.44:51450       SYN_RECV
tcp        0      0 192.168.100.25:41002    10.255.1.44:51448       SYN_RECV
tcp        0      0 192.168.100.25:41002    10.255.1.44:51442       SYN_RECV
tcp        0      0 192.168.100.25:41002    192.168.100.100:59160   SYN_RECV

Packet captures of connections to the affected SMG scanner also show retransmissions of the SYN-ACK indicating that on the scanner the TCP connection is only half open:

Cause

Network security scanners can, over time, cause the agent service on Messaging Gateway to become unresponsive. 

Resolution

The workaround is to restart the agent service on each SMG scanner, one at a time. This should alleviate the issue temporarily.

On the command line run "service agent restart".

This issue will be addressed with a future release but until then it's best to exempt port 41002 on the Messaging Gateway from internal port scans.

Attachments