简介
本文档介绍如何对安全邮件网关(SEG)下一代GUI中的错误“Either API server is not started or is unreachable”(API服务器未启动或无法访问)进行故障排除。
先决条件
从AsyncOS 11.4开始,再从AsyncOS 12.x for Security Management Appliance(SMA)继续,Web用户界面(UI)经历了重新设计以及数据的内部处理。
要求
Cisco 建议您了解以下主题:
- 安全邮件网关(SEG)
- 安全管理设备(SMA)
- Web用户界面(UI)访问
使用的组件
- 版本11.4或更高版本上的SEG
- 版本12.x.或更高版本上的SMA
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
问题
无法访问下一代Web界面并获取错误“The API Server is not started or is unreachable”。
解决方案
步骤1:验证已在安全邮件网关/安全管理设备的管理IP中启用AsyncOS API HTTPS
注意:对于思科安全邮件云网关,请联系TAC以查看IP配置。
sma.local> interfaceconfig
Currently configured interfaces:
1. Management (10.31.124.134/26 on Management: esa14.mexesa.com)
Choose the operation you want to perform:
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]> edit
Enter the number of the interface you wish to edit.
[]> 1
IP interface name (Ex: "InternalNet"):
[Management]>
Would you like to configure an IPv4 address for this interface (y/n)? [Y]>
IPv4 Address (Ex: 192.168.1.2 ):
[10.31.124.134]>
Netmask (Ex: "24", "255.255.255.0" or "0xffffff00"):
[0xffffffc0]>
Would you like to configure an IPv6 address for this interface (y/n)? [N]>
Ethernet interface:
1. Management
[1]>
Hostname:
[sma.local]>
Do you want to configure custom SMTP Helo to use in the SMTP conversation? [N]>
Do you want to enable SSH on this interface? [Y]>
Which port do you want to use for SSH?
[22]>
Do you want to enable FTP on this interface? [N]>
Do you want to enable Cluster Communication Service on this interface? [N]>
Do you want to enable HTTP on this interface? [Y]>
Which port do you want to use for HTTP?
[80]>
Do you want to enable HTTPS on this interface? [Y]>
Which port do you want to use for HTTPS?
[443]>
Do you want to enable Spam Quarantine HTTP on this interface? [N]>
Do you want to enable Spam Quarantine HTTPS on this interface? [N]>
Do you want to enable AsyncOS API HTTP on this interface? [N]>
Do you want to enable AsyncOS API HTTPS on this interface? [N]> Y
第二步:确认主机名配置
确保设备主机名未在任何其它配置或设备中使用,运行sethostname命令以验证它或更改配置(如果需要)。
sma.local> sethostname
[sma.local]>
第三步:检验网络访问
对于下一代GUI,需要允许跟踪器和端口443。
运行命令trailblazerconfig status。
sma.local> trailblazerconfig status
trailblazer is not running
sma.local> trailblazerconfig enable
trailblazer is enabled.
第四步:访问下一代GUI
访问下一代网络界面。
如果问题仍然存在,请联系思科TAC。
相关信息