Error "FlexResponse Action Failed" when trying to release an email from quarantine

book

Article ID: 221820

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Data Loss Prevention Data Loss Prevention Enforce Messaging Gateway

Issue/Introduction

Data Loss Prevention (DLP)
Network Prevent for Email
Symantec Messaging Gateway (SMG)

Emails are no longer being released from quarantine using the flex response and are stuck in the SMG. 

The DLP error banner states:

FlexResponse Action Failed
[Email Quarantine Connect Approve Action] failed with message: Input error when reading response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService

 

The DLP manager_operational log contains this error: 

Level: SEVERE
Source: RESPONSE_ACTION.12
Message: FlexResponse Action [Email Quarantine Connect Approve Action] failed with message: Input error when reading response from email
gateway: java.io.IOException: Server returned HTTP response code: 500 for URL:
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService.

 

The DLP localhost log contains these errors:

Level: SEVERE
Source: com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectPlugin
Message: Input error when reading response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL:
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService
Cause:
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException: Input error when reading response from email
gateway: java.io.IOException: Server returned HTTP response code: 500 for URL:
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsServicecom.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException:
Input error when reading response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL:
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService
 at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.submit(EmailWsRemediationSession.java:166)
 at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectRemediator.invokeWebService(EmailQuarantineConnectRemediator.java:39)
 at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectAction.execute(EmailQuarantineConnectAction.java:49)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:272)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:256)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:130)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)




Level: SEVERE
Source: com.vontu.incidentresponse.action.invoker.ActionInvoker
Message: (RESPONSE_ACTION.12) FlexResponse Action [Email Quarantine Connect Approve Action] failed with message: Input error when reading
response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL:
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService.

 

 

 

Resolution

Release from quarantine on the SMG failed suddenly.
The DLP Enforce client cert had expired.
Generated a new DLP Enforce client cert.
Copied the new DLP Enforce client cert into the SMG certstore.jks file.
Release from quarantine is working again.