ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Your FlexResponse Action for Release From Email Quarantine Failed

book

Article ID: 237219

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Messaging Gateway Data Loss Prevention

Issue/Introduction

You are using DLP Network Prevent for Email with Symantec Messaging Gateway, have tried to implement the DLP FlexResponse plugin for releasing quarantined mails.

In the incident (history tab), you see an error as follows:

FlexResponse Action Failed [Email Quarantine Connect Approve Action] failed with message:
 java.net.SocketException: Connection reset.

 

This is usually logged in the Tomcat (localhost) logs, on the Enforce Server:

15 Mar 2022 20:32:09,773- Thread: 248 SEVERE [com.symantec.dlpx.flexresponse.emailquarantineconnect.
EmailQuarantineConnectPlugin]
 java.net.SocketException: Connection reset

Cause:
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException:
 java.net.SocketException: Connection reset

 

You may also see this error in the Tomcat log:

14 Mar 2022 20:24:54,182- Thread: 128 SEVERE [com.vontu.incidentresponse.action.invoker.ActionInvoker] (RESPONSE_ACTION.12)
 FlexResponse Action [Email Quarantine Connect Approve Action] failed with message:
 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
 PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
 unable to find valid certification path to requested target.
 

 

Cause

While PKIX errors can indicate the Certificate itself is bad (misconfigured DN value in the Cert, missing Intermediate or Root certificates), there is another common cause for this particular error:

SSL Packet inspection will break the HTTPS handshake being performed as part of the Quarantine Release request from Enforce to SMG, and exceptions to that usually need to be made.

Environment

Release : 15.8

Component : 

DLP Network Prevent for Email

Symantec Messaging Gateway

Resolution

Verify whether Enforce is going through a proxy, and whether that proxy is allowing (whitelisting) your Enforce Server <=> SMG certificate handshake.

If not, be sure to whitelist traffic between these servers. 

Additional Information

You might have configured a proxy on Enforce Server for AIP integration (15.8 and above) or for the integration of the DLP Cloud Services. In these cases, check your Cloud Proxy Settings in the System > Settings > General page.