Error: "% Failed to connect to subscription.es.bluecoat.com" error when trying to download Symantec Intelligence Services (SIS) DB on Edge SWG (ProxySG) or Advanced Secure Gateway (ASG)
search cancel

Error: "% Failed to connect to subscription.es.bluecoat.com" error when trying to download Symantec Intelligence Services (SIS) DB on Edge SWG (ProxySG) or Advanced Secure Gateway (ASG)

book

Article ID: 171662

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

When downloading Symantec Intelligence Services database you are seeing download failures and errors such as "% Failed to connect to subscription.es.bluecoat.com" error:

 

Other errors include:

% Unable to bind socket to SSL profile "_bluecoat-services-cloud": Profile not suitable for requested purpose
% Failed to connect to subscription.es.bluecoat.com; The certificate for keyring 'appliance-key' is missing.
 

Cause

This can be caused by using an invalid IP address during initial configuration, which is then used to create certificates and backend SSL Profiles for connecting to Broadcom servers for updates and subscriptions.

 

Resolution

The problem cases for this article are based on:

  • An invalid IP used on a 0:0 interface on Factory-Default and initial configuration. CN of Default Certificate showing that invalid IP.
    • The SSL Handshake seen that the ProxySG sending "TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Protocol Version)"
  • Appliance Key needs updating on VM appliances or Physical appliances. 

invalid IP on initial configuration

When initially configuring the device, using an invalid IP will cause the invalid IP to be used in the Default Certificate CN for validation.

The resolution for this case is to Factory Reset the device using a valid IP address, Default Gateway, and DNS servers, on initial configuration steps.

See: How to restore system defaults on the ProxySG appliance for information on how reset to factory defaults.

The Edge SWG or ASG will create appropriate SSL Profiles with correct Ciphers and Protocol data to communicate with Symantec servers as needed.

For the VM or Physical Devices with appliance keys which need updating

You will see errors such as:

% Unable to bind socket to SSL profile "_bluecoat-services-cloud": Profile not suitable for requested purpose
% Failed to connect to subscription.es.bluecoat.com; The certificate for keyring 'appliance-key' is missing
 

To resolve this issue on VM Appliances

  1. Go to Maintenance Tab > Licensing > Install Tab
  2. Click on "Retrieve" to perform the licensing update which will also update the Appliance Key and the bluecoat-appliance-certificate Device Profile which is locked from editing
    • Enter Valid Credentials for accessing to the Network Protection Licensing Portal (NPLP) under the support.broadcom.com site
  3. Click on "Update" to perform a licensing update which will also update the Appliance Key and the bluecoat-appliance-certificate Device Profile which is locked from editing
  4. Go back to Configuration Tab > Content Filtering > Blue Coat
    • Click the "Download Now" button and Refresh until it says "No download required.  Subscription is up to date" for the status.

Physical Devices

    1. Renew the Appliance Certificate
    2. Go back to Configuration Tab > Content Filtering > Blue Coat
      • Click the "Download Now" button and Refresh until it says "No download required.  Subscription is up to date" for the status.
Powered by Wolken Software