drtr.rating_service Health Check failing, no response from webpulse.es.bluecoat.com
Article ID: 256195
Updated On:
Products
Issue/Introduction
Proxy has DRTR check failed WARNING - drtr.rating_service
- License valid and reloaded, SSL certs recreated (optional upgrade of SW)
- All the subscriptions updates are ok
- webpulse.es.bluecoat.com domain is allowed and not ssl-intercepted
- DNS test and ping to webpulse.es.bluecoat.com works
- DNS resolves the domain webpulse.es.bluecoat.com fine with success (DNS 168.149.132.97)
- The appliance sends the Hello msg to the webpulse.es.bluecoat.com but does not get Server Hello,
- DRTR config is set correctly, DRTR rating server is using the right port 443 and right interval 10800 sec
- No rejects seen in the pcap
- There is Client Hello sent, but there is no Server Hello message back for the exchange of certs
Communication in Wireshark:
Cipher suite for Client Hello (OK, DEFAULT 6.7.5.x)
CUSTOMER SSL DEVICE PROFILES: DEFAULT (OK, DEFAULT 6.7.5.x)
CUSTOMER SSL DEVICE PROFILES: BLUECOAT-APPLIANCE-CERTIFICATE (OK, DEFAULT 6.7.5.x)
SIMAH_BC#show ssl keyring appliance-key
· Keyring ID: appliance-key
· Private key showability: no-show
· Signing request: absent
· Certificate: present
· Certificate subject: /C=US/ST=CA/O='Blue Coat Systems'/OU=CLP/CN=3118330047
· Certificate issuer: /C=US/ST=California/L=Sunnyvale/O=Blue Coat Systems, Inc./OU=Blue Coat, ABRCA/CN=abrca.bluecoat.com/[email protected]
· Certificate valid from: Dec 13 21:09:50 2022 GMT
· Certificate valid to: Dec 14 21:09:50 2027 GMT
· Certificate thumbprint: <XXXXXXXXXXXXXXXXXXXX>
· Keylist membership:
Environment
Release : 6.7.5.11 / 6.7.5.21
Cause
Fireye service is intercepting connection on port 443 between Proxy and Broadcom License server causing lack of response from Broadcom servers with Server Hello
Resolution
Disable interception of Fireye on port 443 to Proxy appliance and recheck the connectivity status
Attachments
Feedback
