"Exception name is not recognized as a built-in name, and will not be referenceable: 'spoof_authentication_error"
search cancel

"Exception name is not recognized as a built-in name, and will not be referenceable: 'spoof_authentication_error"

book

Article ID: 271224

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS Management Center Management Center - VA

Issue/Introduction

When you try to install an Exception List Policy, you get an Error.

"Exception name is not recognized as a built-in name, and will not be referenceable: 'spoof_authentication_error"

 

 

Environment

You can import Exception List from a Device or from a File into Management Center/Exception List Policy. You may want to make some modifications to the Exception List Policy and install that Policy to multiple Proxy units in future.

Cause

If you have imported an Exception List that includes 'spoof_authentication_error' exception you can get the above error when you try to install the Exception List Policy.  This is due to the fact that 'spoof_authentication_error' is not recognized by ProxySG as a built-in exception.

Resolution

This 'spoof_authentication_error' exception is no longer a part of built-in exception. If this exception was carried over from older versions or configurations, this should be removed from your Exception List. 

In order to fix this issue:

1. You will have to manually remove the exception 'spoof_authentication_error' from the Exception List Policy in Management Center after the Exception list has been imported and Save. You have to do this before you install this Policy to the Proxy Device.

2. Or if you are importing the exceptions to Management Center from an exception file (e.g. exceptions.txt), you can delete this exception before you import. You have to edit the file and remove the following (please pay attention to the parentheses and do not remove anything before or after it):

  (exception.spoof_authentication_error
    (summary "Internal error")
    (details <<--3334d270.39366--
            The ProxySG encountered an internal error
            while preparing to send your username/password upstream.
            --3334d270.39366--
    )
    (help <<--3334d270.39369--
            This error can only occur when the ProxySG "spoof authentication" feature is enabled.
            --3334d270.39369--
    )
    (http
      (code "500")
    )
  )

3. Or if you are importing the Exception List from a Device, then you may have to remove it from the Device before import. You can go to Proxy Console, Configuration > Policy > Exception Pages > Install > Install from Text Editor (this should load the Device's current Exception List in the Text Editor). Search for spoof_authentication_error and delete the following portion (please pay attention to the parentheses and do not remove anything before or after it) and Install.

  (exception.spoof_authentication_error
    (summary "Internal error")
    (details <<--3334d270.39366--
            The ProxySG encountered an internal error
            while preparing to send your username/password upstream.
            --3334d270.39366--
    )
    (help <<--3334d270.39369--
            This error can only occur when the ProxySG "spoof authentication" feature is enabled.
            --3334d270.39369--
    )
    (http
      (code "500")
    )
  )

Note: When you do not select the 'Delete all exceptions from devices on deployment' option (checkbox) for the Exception List Policy, it will install the exceptions you have in the Exception List Policy on Management Center and also keep (append) the exceptions you already have in the Device. In other words, by just removing the Exception from Exception List Policy will not get rid of the issue if this Exception is already on the Device. To cleanly get rid of this exception, you have to make sure it is removed from the Exception List Policy on Management Center as well and from the Device (or else you have to select the option 'Delete all exceptions from devices on deployment' so that the exception from the device will not be appended. Keep in mind 'Delete all exceptions from devices on deployment' will delete all customized exceptions on the Device and will overwrite with the exceptions from Exception List Policy on Management Center).

Bottom line, the 'spoof_authentication_error' exception has to be removed from the exception/configuration to avoid errors/warnings.

Note: If you have a Policy rule using this Exception then you have to edit the Policy rule to not use this Exception or delete that Policy rule.

Additional Information

In some releases, this issue shows up as an Error and shows "Policy cannot be installed". However, this in not an Error, it is just a Warning and Policy install is indeed successful (with Warning). In future releases, this will show up as a Warning (instead of an Error). There is also a mismatch in Warning count in some releases, that will also be corrected in future releases. The above fixes are going into SG 6.7.5.25 / 7.3.16.x and MC 3.3.5.1 and above.

===================================================

ProxySG NOTE: If you try to add the exceptions (that contains spoof_authentication_error) directly to a ProxySG unit without involving Management Center, you will get similar warning on the Proxy but the exception list gets installed successfully with Warning. The warning is silent (no popups), you see the following at the end.

  Successfully loaded with 1 warning(s)
Exceptions installation
Compiling new configuration file: /legacy/cache_engine/persistent/replicated/volatile//config/v10/exceptions.txt
Mon, 07 Aug 2023 22:29:59 UTC
SGOS 7.3.14.1
Warning: /legacy/cache_engine/persistent/Exceptions.5252: Exception name is not recognized as a built-in name, and will not be referenceable: spoof_authentication_error
There were 0 errors and 0 warnings

===================================================