Restoring Vault Service on Cisco AsyncOS 15.5.1 and later for Secure Email and Web Manager (SEWM)

Available Languages

Download Options

  • PDF     (167.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (236.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (205.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:March 20, 2024
Document ID:221802

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document provides the instructions for restoring the Vault service on your Cisco Secure Email and Web Manager.

    Requirements

    Cisco recommends that you have knowledge of Async OS for Secure Email and Web Manager version 15.5.1 and newer

    Components Used

    The information in this document is based on AsyncOS version 15.5.1 and later versions.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    This Techzone article describes common scenarios encountered in the field that could impact the Cisco AsyncOS for Secure Email and Web Manager. This article also guides you to perform troubleshooting steps to restore functionality.

     The Secure Email and Web Manager generates alerts stating, “The vault is down, and some of the services may not work correctly.” Or “The vault health check has failed.

    Note: If the device command line is accessible, use the adminaccessconfig -> encryptconfig CLI command to determine if the encryption is enabled. The vault failure alerts also contain this information.

    Scenario 1: Cisco Secure Email and Web Manager (SEWM) vault is not initialized, and encryption is disabled.

    1. Log in to the Secure Email and Web Manager through a direct SSH connection using the following credentials:

    username: enablediag

    password: admin user's password

    Aftersuccessfulauthentication,the enablediag menu is displayed.

    enablediag commands menu

    2. From the menu, enter command recovervault. Confirm with 'Y' and press Enter.

    recovervault prompts

    3. Enter2,if encryption isdisabledto perform aVaultRecovery process. Itmay take a few seconds to complete.

    4.Log in toSecure Email and Web Manager with admin user credentials after the process is complete and reboot the appliance.Monitoryour appliance for a couple of hours forany vault alerts.

    NoteIf you require assistance at any point or if the steps provided do not fix the issue, contact the Cisco Technical Assistance Center (TAC).

    Scenario 2: Cisco Secure Email and Web Manager (SEWM) vault is not initialized, and encryption is enabled

    NoteFor appliance's running AsyncOS 15.0 encountering vault errors with encryption enabled, Graphical User Interface (GUI) or Command Line Interface (CLI) of Secure Email and Web Manager can become inaccessible. If this occurs, access the Secure Email and Web Manager using serial console with enablediag user and contact TAC with service access details.

    If the device is accessible through CLI, perform the following steps:

    1. Log in to the Secure Email and Web Manager through a direct SSH connection using the following credentials:

    username: enablediag

    password: admin user's password

    Aftersuccessfulauthentication,the enablediag menu is displayed.

    enablediag commands menu

    CautionEnsure you have a copy of the device’s saved configuration with encrypted passwords available that can be loaded back into the device. Using the vault recovery command on systems with encryption enabled resets encrypted variables to their default factory value and needs to be reconfigured.

    2. From the menu, enter command recovervault. Confirm with 'Y' and press Enter.

    recovervault prompts

    3. Enter1,if encryption isdisabledto perform aVaultRecovery process. Itmay take a few seconds to complete.

    4.Log in toSecure Email and Web Manager with admin user credentials after the process is complete and reboot the appliance.Monitoryour email and web manager for a couple of hours forany vault alerts.

    5. Load a copy of the device's saved configuration to restore encrypted variables.

    NoteIf you require assistance at any point or if the steps provided do not fix the issue, contact the Cisco Technical Assistance Center (TAC).

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    19-Mar-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Aaron Vega
      Cisco Engineering
    • Libin Varghese
      Cisco Engineering

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products