Quarantine notification process appears to be failing. Logs may show 421 4.4.1 Connection timed out
|Article:TECH161742|||||Created: 2011-06-07|||||Updated: 2013-08-23|||||Article URL http://www.symantec.com/docs/TECH161742|
It is not clear if the Spam Quarantine Notifications are being sent properly.
- When viewing the Notifications list of the Schedule Tasks you see that the task has failed.
- You may see an adminstrator alert indicating that the Scheduled Task has failed.
- When viewing the Control Center logs you see errors references time outs ten minutes after the process is scheduled to start, and possibly recurring every ten minutes for an extended amount of time.
- Spam Quarantine Notifications are only being sent to some end users.
A database error may also be found for a lost connection due to the excessive mail delivery delay:
com.symantec.smg.controlcenter.internal.dataaccess.DataAccessException: An unexpected database error has occurred. Please contact your system administrator. ; nested exception is:
com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception:
** BEGIN NESTED EXCEPTION **
MESSAGE: Can not read response from server. Expected to read 172 bytes, read 48 bytes before connection was unexpectedly lost.
java.io.EOFException: Can not read response from server. Expected to read 172 bytes, read 48 bytes before connection was unexpectedly lost.
When the Control Center sends Spam Quarantine Notifications, it attempts to send all messages in one connection session. During this session, the Control Center will issue a keepalive command called NOOP.
Exchange has a security related configuration that cause a 5 second delay to the response of a NOOP command. Exchange also has a configurable session limit of 10 minutes. Due to the 5 second delay after NOOP commands, a maximum of 120 messages can be sent before Exchange issues a "421 4.4.1 Connection timed out".
The Control Center will often reconnect after receiving the "421 4.4.1 Connection timed out" and will continue to deliver notifications, so it is possible that nothing needs to be done. However, if there is a problem with notification delivery and tarpitting is taking effect (there is an extended delay after the NOOP command), then the first step should be to disable tarpitting of the Control Center.
More on the feature that causes this behavior, called Message Throttling or Tarpitting by Microsoft, can be found in the following links:
Note: The non-Symantec links above are provided as convenience to Symantec customers. Symantec is not responsible for content on third party sites.
Article URL http://www.symantec.com/docs/TECH161742