Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Central Quarantine gateway error.

Updated: 12 Aug 2010 | 12 comments
Rodders's picture
Rodders
0 0 Votes
Login to vote
I'm not sure which board to post this to, but since I've installed Central Quarantine for the SEP clients to use, this one seems as good as any...
 
I've installed Central Quarantine on a server and after configuring it and updating the global policy in SEPM all the clients are dumping their items in the quarantine. Unfortunately the server doesn't seem to be talking to the gateway server (gateways.dis.symantec.com). I checked my settings as per this Symantec doc:
 
but I'm still getting this error every time the server tries to download the certified definitions. As of yet it has not succeeded and I do not yet have an active sequence number.
 
Any help would be appreciated. The error (I have sanitized network values):
 
Type: Error
Source: Central Quarantine
Event ID: 34054
Event Time: 4/24/2008 3:01:19 PM
User: n/a
Computer: <server_name>
Description:
A general error was detected with Central Quarantine.
[Error Connecting to Gateway - Unable to connect to the Gateway]
Quarantine Server: <server_name>
Address: <server_ip>   DNS name: <server_fqhostname>
download: QServer cannot connect to the gateway to download definitions.
Ensure QServer has access to an adequate Internet connection
Discussion Filed Under:
,

Comments

pete_4u2002's picture
24
Apr
2008
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

port ( 2847 http) needs to be open, check the connection is established
 
 
Cheers
Pete
 

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

Rodders's picture
24
Apr
2008
0 Votes 0
Login to vote
Rodders

Thanks for the suggestion Pete. I checked connectivity to those sites. I can access the first (http on port 2847) and it worked fine. I can't however access the second link in IE7 (https on port 2848) - maybe due to the domain name mismatch on the secure certificate... I can connect fine with Firefox on my home machine and workstation (the server doesn't have Firefox) but I can't connect with any of them using IE.
 
While this might be the source of my problem (I'll try and nut out the connectivity problem with IE), I tried unchecking the "Secure Submission" and "Secure Download"  check boxes on the Web Communication tab. I figured this would probably switch submission to port 2847, but it hasn't worked... Maybe I should RTM :)
Matt Pierce's picture
24
Apr
2008
0 Votes 0
Login to vote
Matt Pierce

I'm also experiencing this issue.  Using secure submission fails.  https://gateways.dis.symantec.com:2848 gives a certificate error when I try and go to it with a browser.  Also, I can't select my SEP11 server in the Install Definitions tab.  Select Targets fails to show my SEPM or SAVCE server.  Is Qserver still an active product or is it going away?

PcSysAdmin's picture
21
May
2008
0 Votes 0
Login to vote
PcSysAdmin

I've ran into the same issue with your question about SEP11 Servers and Quarantine Server.  It seems pretty odd they still bundle it on CD2 but it seems not to have been updated to handle SEP11..
 
Did you ever get the certificate error figured out?  I'm curious if it's because of all their site redirection to their www.sarc.com / www.symantec.com / akamai craziness.
Rodders's picture
07
Jul
2008
0 Votes 0
Login to vote
Rodders

Sorry for the rather tardy response. I ended up in hospital for quite a while... (viral infection ironically enough)

 

I've had no luck on the certificate error (I switched to non-secure mode as I don't care if people want to sniff my virus'). The server just started working after a few weeks. No explaination. I now have instead an endless supply of "An error was detected in a Central Quarantine sample.  Sample Processing Error - Sample: too long with Released status]" errors.

 

Time to consult Mr. Google, or maybe the manual... 

Jack Benson's picture
08
Sep
2008
0 Votes 0
Login to vote
Jack Benson

Hi

 

did you ever find the solution to this problem?

 

thanks

 

jack

 

Rodders's picture
09
Sep
2008
0 Votes 0
Login to vote
Rodders

Sorry, I've found no solution. Google returns my post and the implementation manual just says that given this error (and the other ones I get (too long with Released status)), the gateway hasn't responded yet. Not too helpful.

Rob_C's picture
10
Sep
2008
0 Votes 0
Login to vote
Rob_C

Getting the same problem, even over a raw connection so not a proxy issue.

Is this the only address available??

The documentaion says "In the web communication dialog box, either accept the default gateway address, or type another address (if supplied by Symantec)

 

HMMM

Jack Benson's picture
10
Sep
2008
0 Votes 0
Login to vote
Jack Benson

hi

 

are you also getting these error messages in your event log

 

Error 1: 

An error was detected in a Central Quarantine sample.

[Sample Processing Error - Sample: too long with Released status]

ComputerName: XXXXXXXXX

Address: xxx.xxx.xxx.xxx DNS name: xxxx.xxxxx.local

VirusName: Backdoor.Paproxy

FileName: JJ5567712.zip

Sample Status: Released

Sample State: captured

released: This sample will be submitted to the analysis center.

Sample has had the "Released" status for too long.

 

Error 2:

An error was detected in a Central Quarantine sample.

[Sample Processing Error]

ComputerName: EXCHSERVER1

Address: xxx.xxx.xxx.xxx DNS name: xxx.xxx.local

VirusName: Trojan Horse

FileName: BANK_DETAILS.zip

Sample Status: Error

Sample State: deferred

internal: An internal failure occurred while processing this sample.

 

 

jack

 

Bumiputera's picture
15
Mar
2009
0 Votes 0
Login to vote
Bumiputera

Have you find the problem ?

Hi, i'm also have the same problem with you guys. I'm allready ask to mysupport.symantec.com since december 2008 (Case # 320-147-460) but until now i still don't get the solutions.
 
I can verify connection to http://gateways.dis.symantec.com:2847 and 2848. I'm also can ping to gateways.dis.symantec.com :)
 
Where's the problem ?

 

Hear4U's picture
23
Mar
2009
0 Votes 0
Login to vote
Hear4U

Hi Bumiputera, Just want to

Hi Bumiputera,

Just want to reassure you someone from our Advanced Team is monitoring you case.  At this time, there is nothing to update you with, as this issue is still being investigated.

Microsoft appears to have changed something in Internet Explorer…a timeout value, if I understand correctly, from something exceptionally large (like 30 minutes) to something extremely tiny (like 60 seconds).  It’s this timeout that is causing us issues…as soon as IE 7 is uninstalled and IE 6 installed, the issue goes away.

 
The only workaround we have at this time is to uninstall IE 7 and install IE 6.  Development is still investigating this issue.

Hope that helps,

Eric

Subscribe to the upcoming Security Newsletter - Log in, visit your profile, and click on "Newsletter Subscriptions!"

mjmartino's picture
11
Feb
2010
0 Votes 0
Login to vote
mjmartino

Just wondering if

Just wondering if developement has found a solution for this or if it suggested to just remove Quarantine Server and hope its fix by the next release version?

Matt

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017