Messaging Gateway

Hi all,

We have an installation with 2x scanners and one control center.

We have upgraded first the 2x scanners to 9.0-20 without any issues.

When we tried to update the control center, we have the following error:

Error During Software Update: An error has occurred during software update. Err Inappropriate ioctl for device.

 

Any ideas?

Scanners seem to connect without any issues but we do not have mail traffic!!!

 

Thanks in advance,

Nikos

Hi Nikos,

It sounds like Control Center ran out of disk space, but it's hard to tell without looking at the diagnostics from the Control Center.

I suggeste openeing up a support ticket.

Regards,

Adnan

It appeared that the user did not leave the appliance to update and rebooted and after run again the update...

After another reboot the update run successfully.

The issue now is that services are stopped and not running.

The only service running is directory data service.

the other services are greyed out.

 

Any ideas?

If the box is rebooted in middle of an upgrade, then it is sure to cause upgrade failure.  Once that happens, there is very little chance of using the same box in that state.  You can spend time trying to figure out what's broken but fixing that will require root and even then there is no assurance that the software would be in a stable state.  The best option at this point to perform an OSRESTORE.  You can OSRESTORE to the previous version, restore from the backup and then attempt to upgarde again if you want to keep the old configuration and data, otherwise just a simple OSRESTORE to the new version should get you going.

Regards,

Adnan

The bad thing is that customer does not have a backup from the previous version.

What about backup the configuration now and then perform the OSRESTORE?

If we use the backup/restore for the configuration, will the scanners be connected without any issues or we should first connect the scanners and the restore the configuration?

Regards,

Nikos

I would strongly recommend opening up a support ticket so they can analyze the logs and assess the current state of database for next actions.

If you did not have a backup, then you should take the backup in the current state and keep a copy somewhere just in case you need to recover something from the database before performing the OSRESTORE.

You can add the already upgarded scanner(s) later to a newly built control center (with the new version and same network settings including IP addresses and hostname as before) using the Add Scanner Wizard.

Again, please do get in touch with support for a better resolution.

Regards,

Adnan

Hi AdnanH,

Actually the case solved. The upgrade was successful and regarding the services, it should be greyed out on the Control Center.
After the upgrade to 9, the LDAP Authentication changed, so we should change the authentication method on the scanners...

So simple, but I was not aware of...

To be more specific, from the v9 Release notes:

• For some installations, you may need to add access to LDAP ports for Symantec Brightmail Gateway 9.0. The Control Center and Scanners using any LDAP features must be able to communicate to the LDAP servers. LDAP features include authentication, routing, recipient validation, and address resolution (previously known as synchronization). Your Control Center and Scanners may already meet this requirement. This access change is a new requirement if your environment matches the following criteria: If your environment matches these criteria, use the ldapsearch command to check connectivity on each host before you update to version 9.0. For information about how to use ldapsearch, go to the following URL on the Internet:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009082610493254
• You have a distributed deployment with at least one separate Scanner AND
• The deployment uses one or more LDAP sources with the Synchronization usage enabled
• The new directory data service caches the query results to reduce the load that is placed on the directory servers and to improve Scanner performance. The cache builds over time. After you update to version 9.0 there may be an initial slow down of mail throughput under heavy load. The slow down can occur in the first few minutes as the cache builds.
• The LDAP query filter formats in Symantec Brightmail Gateway 9.0 have been standardized to use the %s, %u, and %d tokens. These tokens were previously used only for the recipient validation and routing query filters. If authentication, synchronization, or both are enabled in 8.0.3, the query filters are modified to use the standard tokens after you update to version 9.0. If you modified any of the query filters, confirm the functionality of the authentication and address resolution functions in 9.0. Use the new Test Queryoption in the Control Center.
• In Symantec Brightmail Gateway 8.0.3 and earlier releases, only LDAP groups were displayed in the Administration > Users > Groups page. In Symantec Brightmail Gateway 9.0, both LDAP groups and distribution lists are displayed for a newly added LDAP source. You can view both groups and distribution lists after you update your deployment. Click Administration > Settings > Directory Integration and then click Restore Defaults on the address resolution group query. Alternatively, clickCustomize Query to remove the part of the group query filter excluding distribution lists.
• The LDAP "recipient validation" function is now used to check incoming messages for both Reject invalid recipients and Drop invalid recipients. If you have an 8.0.3 deployment using LDAP synchronization withProtocols > SMTP > Invalid Recipients set to Drop invalid recipients, the LDAP source is migrated to a source with both "recipient validation" and "address resolution" functions enabled after you update to Symantec Brightmail Gateway 9.0. Additionally, if you have any enabled "recipient validation" sources in your 8.0.3 deployment, they are used for Drop invalid recipients upon update to 9.0.
• In version 9.0, any recipient address that includes a domain alias is considered valid if the following conditions are true: If both of the conditions are true, no call is made to the LDAP server to determine whether the recipient is valid or not.
• You have one or more domains configured as an alias in Protocols > SMTP > Aliases
• You have Protocols > SMTP > Invalid Recipients set to either Drop or Reject

So, ALWAYS check the Prerequisites prior to update... And ALWAYS... have a backup!

I am glad the case is resolved, but I am still worried about he error that you reported when upgrading the control center: "Error During Software Update: An error has occurred during software update. Err Inappropriate ioctl for device."

Regards,

Adnan

I had the same consern but the appliance is up and running now without any issues.
A quick question though... We will backup the Contol Center and the scanners (3 machines) tomorrow.
What is the best practice for this? If we just use the backup from the Control Center, it will backup the configuration and the database of the control center or it will also backup the Scanners?
I am asking to be prepared if a scanner failure appears in the future.
Though, I think that control center has all the configuration needed and in case of scanner failure, we only need to re-image it and apply the same network settings.

Thanks in advance