You are using DLP Network Prevent for Email with Symantec Messaging Gateway, have tried to implement the DLP FlexResponse plugin for releasing quarantined mails.
In the incident (history tab), you see an error as follows:
FlexResponse Action Failed [Email Quarantine Connect Approve Action] failed with message:
java.net.SocketException: Connection reset.
This is usually logged in the Tomcat (localhost) logs, on the Enforce Server:
15 Mar 2022 20:32:09,773- Thread: 248 SEVERE [com.symantec.dlpx.flexresponse.emailquarantineconnect.
EmailQuarantineConnectPlugin]
java.net.SocketException: Connection reset
Cause:
com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectException:
java.net.SocketException: Connection reset
You may also see this error in the Tomcat log:
14 Mar 2022 20:24:54,182- Thread: 128 SEVERE [com.vontu.incidentresponse.action.invoker.ActionInvoker] (RESPONSE_ACTION.12)
FlexResponse Action [Email Quarantine Connect Approve Action] failed with message:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target.
While PKIX errors can indicate the Certificate itself is bad (misconfigured DN value in the Cert, missing Intermediate or Root certificates), there is another common cause for this particular error:
SSL Packet inspection will break the HTTPS handshake being performed as part of the Quarantine Release request from Enforce to SMG, and exceptions to that usually need to be made.
Release : 15.8
Component :
DLP Network Prevent for Email
Symantec Messaging Gateway
Verify whether Enforce is going through a proxy, and whether that proxy is allowing (whitelisting) your Enforce Server <=> SMG certificate handshake.
If not, be sure to whitelist traffic between these servers.
You might have configured a proxy on Enforce Server for AIP integration (15.8 and above) or for the integration of the DLP Cloud Services. In these cases, check your Cloud Proxy Settings in the System > Settings > General page.