Virtual Secure Web Gateway

Hi,

I get this error after updating the Web Gateway :

  ALERT: The DCInterface Client running on <server> is not contacting the Web Gateway on its regularly scheduled interval.

  07/07/2011   15:12:31 Failed to send data to host <IP_Address_Symantec_Web_Gateway>. error: 10053

Any idea ?

SDISAdmin

Is there a way to clear LDAP cache ?

On this web page : http://www.symantec.com/business/support/index?page=content&id=TECH98028

1. Navigate to the Administration> Configuration> Authentication page of the web interface.
2. Set the "Age out login entries after" to 0
3. Click Save.

Where is the option "Age out login entries after" ?

The error appears almost 3 hours after reboot Web Gateway

The Age Out Login entries was changed to LDAP sync Freq

Thanks !

I have already set this parameter to 0 but the problem remains.

Maybe I have to wait one hour ? I'll try tomorrow.

Regards,

SDISAdmin

The issue with DC interface is not likely to be fixed by the LDAP sync Freq option. The DC interface error 1005x errors are typically connection related problems from dcinterface to the SWG.

Does restarting dcinterface service help?

Hi,

I have already restarted the service DCInterface and stunnel : the error "Failed to send data to host ..." disappear for some hours then start again.

You can take a look at the log in attachment.

The only thing I can do is to uninstall DCinterface/reboot DC/reinstall DCinterface.

Regards

Attachment(s)

errorlog.txt   4.61 MB 1 version

We upgraded to the new version 5.0.1.1 yesterday and we experience the exact same error.

I upgraded the DC interface software on all our DC's to version 4.5.4 and cleared the ldap cache.

I have to admit that the virtual ip's on our citrix servers seem to now be correctly linked to the user, but the error is still emailed to us every 2/3 hours.

I would be very much interested in the solution for this problem.

After Uninstalling DCinterface 4.5.4/ rebooting Domain Controller / Reinstalling DCInterface 4.5.4, the error messages have gone.

Hi. We have same problem on 10 DCs. Uninstall/reboot/install, not solved.

During attempts to resolve problem i noticed strange think:

dcinterface.exe during start installs stunnel.exe as service with automatic start. 
(command in services after installation is stunnel.exe -service -install -quiet  - this means install as service - again. oh. (http://www.stunnel.org/static/stunnel.html)). but then, launches stunnel as process, without calling installed service. oh. why ? 

this means, that every stop/start of service dcinterface launches another instance of stunnel. plus, automatic start of installed service stunnel during launch of OS.  please explain my why. is it normal behavior or is something going wrong with my environment ?  

because of error 10053  means connection related problems i think multiple instances of stunnel on same host can be related with it.  but when i on one of 10 DCs start single instantion of stunnel with debug=7 log file is without any network problems. But SWG still send alert from all of 10 DCs, without difference.

Hi,

It seems the connection pool is exhausted after some time.

The issue should be fixed soon.

Please make sure your database updates are set to automatic and subscribe to the following article for updates:

http://www.symantec.com/docs/TECH164619

If you need an urgent workaround/solution for this problem, please open a case with Symantec Support.

Thanks,

 Federico

The issue has been fixed via Database Updates. Make sure you update to version 5.0.0.163 or later.

Thanks,

Federico

PS: to check open the GUI and go to Administration > Updates