After integrating DLP + SMG for Email quarantine, it appears that SMG is unable to update DLP incidents.
1. From DLP we can execute flexresponse rules and quarantine Approve or Reject works as expted and is able to update SMG Status as well.
2. From SMG we execute the Approve or Reject action but when we go back to DLP to review, it is not updated.
Error from SMG Log:
Aug 24 2015 13:30:10 [BrightmailScheduler_Worker-43] [IncidentUpdateManager] ERROR - failed to publish incident updates to 10.XX.XX.XXX(ENFORCE)
com.symantec.smg.controlcenter.quarantine.contentincident.dlp.jaxws.AuthenticationFailedFault: Authentication failed
at sun.reflect.GeneratedConstructorAccessor241.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:141)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
at com.sun.proxy.$Proxy42.updateIncidentRemediationStatus(Unknown Source)
at com.symantec.smg.controlcenter.quarantine.contentincident.dlp.IncidentUpdateClient.remediate(IncidentUpdateClient.java:224)
at com.symantec.smg.controlcenter.quarantine.contentincident.dlp.IncidentUpdateManager.publishIncidentUpdates(IncidentUpdateManager.java:226)
at com.symantec.smg.controlcenter.quarantine.contentincident.dlp.IncidentUpdateTask.executeTask(IncidentUpdateTask.java:84)
at com.symantec.smg.controlcenter.internal.scheduledtask.ScheduledTask.execute(ScheduledTask.java:133)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Error from DLP Log:
10.X.X.X(SMG) - [24/Aug/2015:20:20:50:959 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 18ms
10.X.X.X(SMG) - [24/Aug/2015:20:25:50:969 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 17ms
10.X.X.X(SMG) - [24/Aug/2015:20:30:50:960 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 30ms
10.X.X.X(SMG) - [24/Aug/2015:20:35:50:942 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 18ms
10.X.X.X(SMG) - [24/Aug/2015:20:40:50:958 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 26ms
10.X.X.X(SMG) - [24/Aug/2015:20:45:50:937 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 16ms
10.X.X.X(SMG) - [24/Aug/2015:20:50:51:026 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 96ms
10.X.X.X(SMG) - [24/Aug/2015:20:55:50:936 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 40ms
10.X.X.X(SMG) - [24/Aug/2015:21:00:51:068 -0400] AUTHORIZATION_FAILED DLPRole\USER1 updateIncidentRemediationStatus 25ms
24 Aug 2015 20:55:50,940- Thread: 97 WARNING [com.vontu.manager.webservice.incidentremediation.security.ServiceAuthenticationHandler] Unable to authenticate request connecting from [10.X.X.X(SMG)]
24 Aug 2015 20:55:50,940- Thread: 97 INFO [com.vontu.manager.webservice.common.security.ServiceAuthenticationHandlerBase] (INCIDENT_REMEDIATION_WEBSERVICE.2) Unable to authenticate request from host [10.X.X.X(SMG)]
24 Aug 2015 21:00:51,072- Thread: 89 WARNING [com.vontu.manager.webservice.incidentremediation.security.ServiceAuthenticationHandler] Unable to authenticate request connecting from [10.X.X.X(SMG)]
24 Aug 2015 21:00:51,072- Thread: 89 INFO [com.vontu.manager.webservice.common.security.ServiceAuthenticationHandlerBase] (INCIDENT_REMEDIATION_WEBSERVICE.2) Unable to authenticate request from host [10.X.X.X(SMG)]