SOLUTION: Cisco ESA (Ironport) Mails are backing up (waiting) in the workqueue. If URL Filtering configured

Applies to:

Cisco Email Security Appliance 9.1.0-032 and above with URL Filtering.

Symptoms:
Outgoing and incoming internet mails are delivered with a delay. Workqueue command shows up to 5000 mails in the queue.
If you track the messages you noticed that there are 20-25 minutes difference between the mail accepted action and policy apply action. Mails waits for approx 20 minutes but as soon as incoming mail policy applies, it is delivered in few seconds. No disk, RAM, or CPU performance issues on ESA.

Cause:
A bug in URL Reputation Cloud Service Feature. A change deployed in  4 April 2016 leads to the problem.

Explained here:

Field Notice: FN – 64111 – Cisco Email Security Appliances – Change in URL Reputation Feature Servers Requires Configuration Change in Order to Avoid Work Queue Backups

http://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html

Resolution:

1- Connect ESA with SSH
2- Run websecurityadvancedconfig command
3-  set threshold value for outstanding requests to 5 as stated in the link above. (default 50)
4- Don’t change and accepts other vaules.
5- Run Commit command.
6- Do the same on all ESA Hosts.

 

Advertisements
Gallery | This entry was posted in Cisco Email Security (Ironport) and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s