Symantec Intelligence Services download failures/Errors

book

Article ID: 171662

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Getting "% Failed to connect to subscription.es.bluecoat.com" error, when trying to download Symantec Intelligence Services (SIS) DB on ProxySG or Advanced Secure Gateway (ASG)

 

There could also be other errors as:

% Unable to bind socket to SSL profile "_bluecoat-services-cloud": Profile not suitable for requested purpose
% Failed to connect to subscription.es.bluecoat.com; The certificate for keyring 'appliance-key' is missing.
 

Cause

This can be caused by using a completely invalid IP address during initial configuration. Which is used to create Certificates and backend SSL Profiles used in connection to our servers for update and subscriptions.

The use case for this article is based on:

  • Aa invalid IP used on a 0:0 interface on Factory-Default and initial configuration.
  • CN of Default Certificate showing that invalid IP
  • The SSL Handshake seen that the ProxySG sending "TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Protocol Version)"

 

Other causes in the case of VM appliances can be the need to update the appliance key through the Retrieve license key function

Resolution

One reason of the failure,"% Failed to connect to subscription.es.bluecoat.com"

There could be other reasons as well, that troubleshooting should be done for if this is not matching the use case example about an invalid IP on initial configuration. Seeing the invalid IP on the Default Certificate CN, for the validation on this case well.

For this case of use of invalid IP used as cause, the resolution is to Factory Reset the device, using Valid IP address, Default Gateway, and DNS servers on initial configuration steps.

How to restore system defaults on the ProxySG appliance

The ProxySG/ASG then during the pause before getting MGMT Console, will create appropriate SSL Profiles with correct Ciphers and Protocol data to correct be able to communicate with Symantec servers needed.

 

For the VM or Physical Devices reporting the the Errors:

% Unable to bind socket to SSL profile "_bluecoat-services-cloud": Profile not suitable for requested purpose
% Failed to connect to subscription.es.bluecoat.com; The certificate for keyring 'appliance-key' is missing
 
VM Appliances
  1. Go to Maintenance Tab > Licensing > Install Tab
  2. Click on "Retrieve" to get successful licensing update that would also update the Appliance Key and the bluecoat-appliance-certificate Device Profile that it is on, that is locked up from editing
    1. Enter Valid Credentials that would get access to the Network Protection Licensing Portal (NPLP) under the support.symante.com site
  3. Click on "Update" to get successful licensing update that would also update the Appliance Key and the bluecoat-appliance-certificate Device Profile that it is on, that is locked up from editing
  4. Go back to Configuration Tab > Content Filtering > Blue Coat
    1. Download Now and Refresh until updated full and saying "No download required.  Subscription is up to date" status

Physical Devices

  1. Renew the Applicance Certificate
    1. How To Renew The SSL Certificate Of The ProxySG appliance-key
  2. Go back to Configuration Tab > Content Filtering > Blue Coat
    1. Download Now and Refresh until updated full and saying "No download required.  Subscription is up to date" status

Attachments