ProxySG & Advanced Secure Gateway

Expand all | Collapse all

an error occurred while performing an icap operation server error: unknown

  • 1.  an error occurred while performing an icap operation server error: unknown

    Posted 01-14-2020 01:50 PM

    Hi,

    We are using 2 ASG appliances with content filtering. They are placed in DC and DR (operate independently). Yesterday we observed that all the PDF files and xcel files getting blocked (in both DC and DR proxy). Error appears on the web is "an error occurred while performing an icap operation server error: unknown"

    In trace we observed that "EXCEPTION(icap_error): Request could not be handled" 

    But later in the day issue was not there. But we haven't done any configration or policy change? What is the possible reason for this? And how to rectify this?

    Thanks in advance!

    KR



  • 2.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-14-2020 06:24 PM
    Hi, Can you share policy trace file


  • 3.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-15-2020 01:25 AM

    Hi,

     

    By seeing the error  in policy trace Service was overloaded. The ICAP server has exceeded a maximum connection limit associated with this service; the ICAP client should not exceed this limit in the future.

    BR

    Aboonaim

    ----------

    If you are satisfied with an answer, please click "Accept Solution"

     



  • 4.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-15-2020 02:23 AM

    Hi,

    I too found this document https://support.symantec.com/us/en/article.TECH220598.html 

    What is the service refering here? ICAP file scan service?

    But issue is only with files? What is the cause for this and what shuld be the action taken?

    Thanks! 



  • 5.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-15-2020 02:26 AM

    Hi,

    Errors as per the trace

    • EXCEPTION(icap_error): Request could not be handled
    • client.response.code: 503
    •   Details: Server error: Unknown
        Summary: icap-error-code: antivirus_load_failed, icap-error-details: Server error: Unknown

    Also when this transaction get successful I can see "origin server next-hop IP address=x.x.x.x" . But in this trace I can't see this IP as well.

     



  • 6.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-15-2020 03:21 AM
    Hi, SGOS 6.7.3.3, 6.7.3.4 and 6.7.3.5 had a bug where the maximum internal ICAP connections were set to 25 after a restore. If you are running one of this versions you should change that value as described in https://support.symantec.com/en_US/article.ALERT25... You can also see the current and maximum connections for each ICAP service at the AURL proxy:8082/OPP/Statistics


  • 7.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-15-2020 03:48 AM

    Hi,

    Above url regarding the bug is not wokring. Seems like it is not complete. Can u pls send the complete log

    Thanks in advance

    KR



  • 8.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-15-2020 03:50 AM


  • 9.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 01-15-2020 04:00 AM


  • 10.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 06-19-2020 05:06 AM
    Hi all,

    not sure if I just encountered the same issue as you, but this could help:

    Cylance model updates are not working anymore (not authorized). If your CAS currently has no Cylance patterns available, scanning of PDF and other files will fail with the error message mentioned above:

    Browser message:
    ICAP Error (icap_error)
    An error occured whle performing an ICAP operation: Server error: Unknown
    There could be a network problem, the ICAP service may be misconfigured, or the ICAP server may have reported an error.


    Policy trace:
    EXCEPTION(icap_error): Request could not be handled


    Solution: Disable the Cylance scan engine (and activate Symantec AML)


    Hope this helps,
    Matthias


  • 11.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 06-19-2020 05:34 PM
    Hi is there a reason why Cylance isnt updated ? is it not supported anymore? Did you check with support?

    I also have a standalone CAS and it also doesn't update the Cylance, gives the error that not authorized.

    ------------------------------
    Symantec Enthusiast
    ------------------------------



  • 12.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 06-20-2020 02:53 PM
    Hi Matthias

    is there any official statement from symantec support regarding this? I n our CA solution the cylance predictive analysis engine is active but the update status is forbidden. the engine was last update in 2020-03-01.

    Regards,

    sohail



  • 13.  RE: an error occurred while performing an icap operation server error: unknown

    Posted 06-22-2020 02:32 AM
    Hi Sohail,

    no, unfortunately there is no official statement from Broadcom but I got the message from technical support that Cylance will be removed from CAS in one of the upcoming releases. I was advised to disable Cylance and switch to Symantec AML.

    Best regards, Matthias