"FlexResponse Action Failed" with an "Input error" when trying to release an email from quarantine
search cancel

"FlexResponse Action Failed" with an "Input error" when trying to release an email from quarantine

book

Article ID: 221820

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Data Loss Prevention Data Loss Prevention Enforce Messaging Gateway

Issue/Introduction

Data Loss Prevention (DLP)
Network Prevent for Email
Symantec Messaging Gateway (SMG)

Emails are no longer being released from quarantine using the flex response and are stuck in the SMG. 

The DLP error banner states:

FlexResponse Action Failed
[Email Quarantine Connect Approve Action] failed with message: Input error when reading response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService

 

The DLP manager_operational log contains this error: 

Level: SEVERE
Source: RESPONSE_ACTION.12
Message: FlexResponse Action [Email Quarantine Connect Approve Action] failed with message: Input error when reading response from email 
gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: 
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService.

 

The DLP localhost log contains these errors:

Level: SEVERE
Source: com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectPlugin
Message: Input error when reading response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: 
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService
Cause:
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException: Input error when reading response from email 
gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: 
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsServicecom.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException: 
Input error when reading response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: 
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService
 at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailWsRemediationSession.submit(EmailWsRemediationSession.java:166)
 at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectRemediator.invokeWebService(EmailQuarantineConnectRemediator.java:39)
 at com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectAction.execute(EmailQuarantineConnectAction.java:49)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:272)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:256)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:130)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)




Level: SEVERE
Source: com.vontu.incidentresponse.action.invoker.ActionInvoker
Message: (RESPONSE_ACTION.12) FlexResponse Action [Email Quarantine Connect Approve Action] failed with message: Input error when reading 
response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: 
https://<SMG_IP>:8443/brightmail/ws/DlpQuarantineActionsService.

 

 

 

Resolution

Release from quarantine on the SMG failed suddenly.
The DLP Enforce client cert had expired.
Generated a new DLP Enforce client cert.
Copied the new DLP Enforce client cert into the SMG certstore.jks file.
Release from quarantine is working again.

Make sure that you restart the SMG Control Center after all.
Otherwise, you will see the next error:
"Error: FlexResponse Action Failed[Email Quarantine Connect Approve Action] failed with message: java.net.SocketException: Software caused connection abort: recv failed."

Additional Information

1. When importing the certificate into SMG, make sure the user assigned to the certificate has either Full Admin rights or Content Control Admin Rights.

2. For a similar error with a different solution, please see Your FlexResponse Action for Release From Email Quarantine Failed with a "Connection reset" (broadcom.com).

3. Additionally, this issue can occur when TLS handshake can be seen to successfully complete, but client certificate presented to SMG does not match the client certificate allowed certificate list in SMG.  If an intermediary network device, such as firewall, proxy or load balancer performs SSL modification/inspection, this can present the 500 error even when setup for certificates have been successfully completed with no mistakes.

A packet capture from Enforce will show that no certificate size is presented in some cases when this occurs, for example:

To diagnose the type of issue above, obtain a Packet Capture (PCAP) from the Enforce server and perform diagnostic logging from the SMG appliance.

  1. Collect a packet capture of port 8443 from the Messaging Gateway as described in How to collect a packet capture with tcpdump on a Messaging Gateway and have the customer attempt to release a message while the packet capture is running
  2. Collect a diagnostics from the SMG Control Center host as described in How to collect a diagnostics package from the Messaging Gateway
  3. Export the client certificate from Administration > Certificates > Applications
  4. Upload the diagnostics and client certificate to a Support case for review by DLP/SMG Support Engineer(s)
Powered by Wolken Software