簡介
本文描述如何在虛擬安全網關中啟用智慧許可證時修復升級清單身份驗證錯誤。
必要條件
需求
思科建議您瞭解以下主題:
- 智慧許可證的工作原理
- 安全電子郵件閘道(SEG)管理
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- 12.0版或更高版本上的安全電子郵件網關(SEG)AsyncOS
- 12.0版或更高版本上的安全管理裝置
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
問題
電子郵件安全裝置已啟用智慧許可證,並且具有有效的許可證。嘗試升級時,系統會顯示以下錯誤:
"下載升級清單失敗:無法通過清單伺服器進行身份驗證。"
解決方案
1.驗證updateconfig下是否配置了正確的清單伺服器。
對於虛擬安全電子郵件網關,正確的清單伺服器是埠443上的update-manifests.sco.cisco.com。
確保在防火牆規則中允許此操作。
要檢視CLI上的更新配置,請運行命令updateconfig,然後運行隱藏命令dynamichost:
esa> updateconfig
Service (images): Update URL:
----------------------------------------------------------------------------------------------------------------------
Feature Key updates
DLP Engine Updates Cisco IronPort Servers
PXE Engine Updates Cisco IronPort Servers
Sophos Anti-Virus definitions Cisco IronPort Servers
IronPort Anti-Spam rules Cisco IronPort Servers
Outbreak Filters rules Cisco IronPort Servers
Timezone rules Cisco IronPort Servers
Enrollment Client Updates (used to fetch certificates for URL Filtering) Cisco IronPort Servers
Support Request updates Cisco IronPort Servers
Content Scanner Updates Cisco IronPort Servers
Geo Countries Updates Cisco IronPort Servers
External Threat Feeds updates Cisco IronPort Servers
How-Tos Updates Cisco IronPort Servers
Notifications component Updates Cisco IronPort Servers
Smart License Agent Updates Cisco IronPort Servers
Mailbox Remediation Updates Cisco IronPort Servers
Talos Updates Cisco IronPort Servers
Easy Demo service Updates Cisco IronPort Servers
Cisco IronPort AsyncOS upgrades Cisco IronPort Servers
Service (list): Update URL:
----------------------------------------------------------------------------------------------------------------------
DLP Engine Updates Cisco IronPort Servers
PXE Engine Updates Cisco IronPort Servers
Sophos Anti-Virus definitions Cisco IronPort Servers
IronPort Anti-Spam rules Cisco IronPort Servers
Outbreak Filters rules Cisco IronPort Servers
Timezone rules Cisco IronPort Servers
Enrollment Client Updates (used to fetch certificates for URL Filtering) Cisco IronPort Servers
Support Request updates Cisco IronPort Servers
Content Scanner Updates Cisco IronPort Servers
Geo Countries Updates Cisco IronPort Servers
External Threat Feeds updates Cisco IronPort Servers
How-Tos Updates Cisco IronPort Servers
Notifications component Updates Cisco IronPort Servers
Smart License Agent Updates Cisco IronPort Servers
Mailbox Remediation Updates Cisco IronPort Servers
Talos Updates Cisco IronPort Servers
Easy Demo service Updates Cisco IronPort Servers
Service (list): Update URL:
----------------------------------------------------------------------------------------------------------------------
Cisco IronPort AsyncOS upgrades Cisco IronPort Servers
Update interval: 5m
Alert Interval for Disabled Automatic Engine Updates: 30d
Proxy server: http://64.X.X.X:8080
The proxy server will be used for the following services:
- Feature Key updates
- DLP Engine Updates
- PXE Engine Updates
- Sophos Anti-Virus definitions
- IronPort Anti-Spam rules
- Outbreak Filters rules
- Virus Threat Level updates
- Timezone rules
- Enrollment Client Updates (used to fetch certificates for URL Filtering)
- Support Request updates
- Content Scanner Updates
- Geo Countries Updates
- External Threat Feeds updates
- How-Tos Updates
- Notifications component Updates
- Smart License Agent Updates
- Mailbox Remediation Updates
- Talos Updates
- Easy Demo service Updates
- Cisco IronPort AsyncOS upgrades
- URL Filtering Service
- Shortened URL Support
- Advanced Phishing Protection Support
- Cisco Threat Response
- Cisco Secure Awareness
HTTPS Proxy server: http://64.102.255.40:8080
The HTTPS proxy server will be used for the following services:
- Feature Key updates
- DLP Engine Updates
- PXE Engine Updates
- Sophos Anti-Virus definitions
- IronPort Anti-Spam rules
- Outbreak Filters rules
- Timezone rules
- Enrollment Client Updates (used to fetch certificates for URL Filtering)
- Support Request updates
- Content Scanner Updates
- Geo Countries Updates
- External Threat Feeds updates
- How-Tos Updates
- Notifications component Updates
- Smart License Agent Updates
- Mailbox Remediation Updates
- Talos Updates
- Easy Demo service Updates
- Cisco IronPort AsyncOS upgrades
- SenderBase Network Participation sharing
- URL Filtering Service
- Shortened URL Support
- Cisco Threat Response
Choose the operation you want to perform:
- SETUP - Edit update configuration.
- VALIDATE_CERTIFICATES - Validate update server certificates
- TRUSTED_CERTIFICATES - Manage trusted certificates for updates
[]> dynamichost
Enter new manifest hostname:port
[update-manifests.sco.cisco.com:443]>update-manifests.sco.cisco.com:443
2.許可證驗證。
許可證授權狀態必須為合規狀態:
esa> showlicense_smart
[]> SUMMARY
Feature Name License Authorization Status
----------------------------------------------------------------------------------------------------
Email Security Appliance Anti-Spam License In Compliance
Email Security Appliance Outbreak Filters In Compliance
Email Security Appliance Graymail Safe-unsubscribe Not requested
Email Security Appliance Advanced Malware Protection Reputation In Compliance
Email Security Appliance Image Analyzer Not requested
Mail Handling In Compliance
Email Security Appliance Sophos Anti-Malware In Compliance
Email Security Appliance PXE Encryption In Compliance
Email Security Appliance Advanced Malware Protection In Compliance
Email Security Appliance McAfee Anti-Malware Not requested
Email Security Appliance Intelligent Multi-Scan Not requested
Email Security Appliance External Threat Feeds In Compliance
Email Security Appliance Bounce Verification In Compliance
Email Security Appliance Data Loss Prevention In Compliance
運行命令showlicense以確儲存在有效的VLAN。
結束日期不能過期。
esa> showlicense
Virtual License
===============
vln VLNESA74NNNNN
begin_date dd/mm/yyyy
end_date dd/mm/yyyy
company Cisco Systems, Inc.
seats 1
country MX
serial XXXX
email XXXXXXX
issue 4dXXXXXXXXXXXXXXX
license_version 1.1
如果獲得License has Expired輸出,請從Global Licensing獲取新的XML檔案,其中包含新的過期日期和有效證書。從CLI命令loadlicense上傳。
esa>showlicense
License has Expired
Error with License.
Please try to re-initialize the system with a new license, or contact customer support for help.
3.升級安全電子郵件網關。
運行upgrade命令並選擇所需的映像。
esa> upgrade
Are you sure you want to proceed with upgrade? [N]> y
Choose the operation you want to perform:
- DOWNLOADINSTALL - Downloads and installs the upgrade image (needs reboot).
- DOWNLOAD - Downloads the upgrade image.
[]> download
Upgrades available.
1. AsyncOS 14.2.3 build 027 upgrade For Email, 2023-08-13. This release is a Maintenance Deployment Refresh
2. AsyncOS 14.2.3 build 031 upgrade For Email, 2023-11-02,This release is a Maintenance Deployment Refresh
3. AsyncOS 15.0.0 build 104 upgrade For Email, 2023-08-10, This is a General Deployment release
4. AsyncOS 15.0.1 build 030 upgrade For Email, 2023-11-22, This release is a Maintenance Deployment
[4]> 3
Download of AsyncOS 15.0.0 build 104 upgrade For Email, 2023-08-10, This is a General Deployment release has started in background.
升級必須成功。如果您遇到其他問題,請聯絡Cisco TAC。
相關資訊
意見