Hi Namish,
Thanks for your advice.
Based on the diagnostic logs, below are the difference I could see.
From problem site:
INFO "2022-11-28 13:44:21.347 GMT+1100" "[VipDiagnostic:testProxyConnectivity] Successfully connected to service Url through proxy."
AUDIT "2022-11-28 13:44:21.612 GMT+1100" "[VipDiagnostic] Test - Proxy Connectivity: [ Success ]"
AUDIT "2022-11-28 13:44:21.612 GMT+1100" "[VipDiagnostic] Proxy IP Address: 10.125.28.40 [ Info ]"
AUDIT "2022-11-28 13:44:21.612 GMT+1100" "[VipDiagnostic] Test - Server Time Check of
https://userservices.vip.symantec.com "
INFO "2022-11-28 13:44:21.987 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Executing request GET /vipuserservices/monitor HTTP/1.1 to
https://userservices.vip.symantec.com:443 via
http://proxy.ntsh.local:8000"INFO "2022-11-28 13:44:22.737 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Statusline: HTTP/1.1 200 "
ERROR "2022-11-28 13:44:22.737 GMT+1100" "[VipDiagnostic:testServerTimeCheck] ParseException occured while parsing date. Error: Unparseable date: "Mon, 28 Nov 2022 02:44:22 GMT""
AUDIT "2022-11-28 13:44:22.925 GMT+1100" "[VipDiagnostic] Test - Server Time Check: [ Failed ]"
AUDIT "2022-11-28 13:44:22.925 GMT+1100" "[VipDiagnostic] Test - Syslog Servers Connectivity"
INFO "2022-11-28 13:44:22.925 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Number of syslog servers configured: 1"
INFO "2022-11-28 13:44:22.925 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Syslog facility: local0"
INFO "2022-11-28 13:44:22.925 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Verifying Syslog server with host: 10.23.28.15, port: 514"
WARN "2022-11-28 13:44:32.767 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Syslog host is unreachable."
AUDIT "2022-11-28 13:44:32.876 GMT+1100" "[VipDiagnostic] Test - Syslog Servers Connectivity: [ Failed ]"
AUDIT "2022-11-28 13:44:32.876 GMT+1100" "[VipDiagnostic] Test - Live Update Server Connectivity"
INFO "2022-11-28 13:44:32.876 GMT+1100" "[VipDiagnostic:testLiveUpdateConnectivity] Executing request GET / HTTP/1.1 to
http://liveupdate.symantecliveupdate.com:80 via
http://proxy.ntsh.local:8000"INFO "2022-11-28 13:44:47.916 GMT+1100" "[VipDiagnostic:testLiveUpdateConnectivity] Statusline: HTTP/1.1 504 Gateway Timeout"
ERROR "2022-11-28 13:44:47.916 GMT+1100" "[VipDiagnostic:testLiveUpdateConnectivity] Failed to connect to
http://liveupdate.symantecliveupdate.com:80"Working site:
INFO "2022-11-28 13:39:31.346 GMT+1100" "[VipDiagnostic:testProxyConnectivity] Successfully connected to service Url through proxy."
AUDIT "2022-11-28 13:39:31.562 GMT+1100" "[VipDiagnostic] Test - Proxy Connectivity: [ Success ]"
AUDIT "2022-11-28 13:39:31.562 GMT+1100" "[VipDiagnostic] Proxy IP Address: 10.24.28.32 [ Info ]"
AUDIT "2022-11-28 13:39:31.562 GMT+1100" "[VipDiagnostic] Test - Server Time Check of
https://userservices.vip.symantec.com "
INFO "2022-11-28 13:39:42.035 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Executing request GET /vipuserservices/monitor HTTP/1.1 to
https://userservices.vip.symantec.com:443 via
http://proxy.ntsh.local:8000"INFO "2022-11-28 13:39:42.848 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Statusline: HTTP/1.1 200 "
AUDIT "2022-11-28 13:39:42.858 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Successfully fetched server time from
https://userservices.vip.symantec.com . serverTime: 1669603182000"
INFO "2022-11-28 13:39:42.858 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Local time ahead of server time"
AUDIT "2022-11-28 13:39:42.858 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Time difference between serverTime and localTime is 0 seconds"
INFO "2022-11-28 13:39:42.858 GMT+1100" "[VipDiagnostic:testServerTimeCheck] Server time and local time are in sync."
AUDIT "2022-11-28 13:39:42.905 GMT+1100" "[VipDiagnostic] Test - Server Time Check: [ Success ]"
AUDIT "2022-11-28 13:39:42.905 GMT+1100" "[VipDiagnostic] Test - Syslog Servers Connectivity"
INFO "2022-11-28 13:39:42.905 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Number of syslog servers configured: 1"
INFO "2022-11-28 13:39:42.905 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Syslog facility: local0"
INFO "2022-11-28 13:39:42.905 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Verifying Syslog server with host: 10.24.28.15, port: 515"
INFO "2022-11-28 13:39:42.905 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Syslog host is reachable."
INFO "2022-11-28 13:39:42.905 GMT+1100" "[VipDiagnostic:testSyslogConnectivity] Syslog connection successful."
AUDIT "2022-11-28 13:39:43.206 GMT+1100" "[VipDiagnostic] Test - Syslog Servers Connectivity: [ Success ]"
AUDIT "2022-11-28 13:39:43.206 GMT+1100" "[VipDiagnostic] Test - Live Update Server Connectivity"
INFO "2022-11-28 13:39:43.206 GMT+1100" "[VipDiagnostic:testLiveUpdateConnectivity] Executing request GET / HTTP/1.1 to
http://liveupdate.symantecliveupdate.com:80 via
http://proxy.ntsh.local:8000"INFO "2022-11-28 13:39:58.260 GMT+1100" "[VipDiagnostic:testLiveUpdateConnectivity] Statusline: HTTP/1.1 504 Gateway Timeout"
ERROR "2022-11-28 13:39:58.260 GMT+1100" "[VipDiagnostic:testLiveUpdateConnectivity] Failed to connect to
http://liveupdate.symantecliveupdate.com:80"No issue for SSP to send a token via email in the working site. I did advise customer to **** VIP url but customer refuse to do so since they didn't **** any url on the working site.
Thank you,
Atifah
Original Message:
Sent: Nov 23, 2022 08:46 AM
From: Namish Tiwari
Subject: Unable to send token via email using SSP
Can you follow the below KB article and provide the vipdiagnostic logs, Server time check fails when Gateway machine can not connect with the VIP Cloud to fetch the server time. This log will help to troubleshoot the issue.
Troubleshooting and diagnosing VIP Enterprise Gateway connectivity issues with VIPdiagnostics
| Broadcom |
remove preview |
 |
| Troubleshooting and diagnosing VIP Enterprise Gateway connectivity issues with VIPdiagnostics |
| The vipdiagnostic utility is a troubleshooting and diagnostic utility included with VIP Enterprise Gateway 9.8.x and later. On the Enterprise Gateway server, open an elevated (admin) command prompt. Browse to the Tools folder (example: C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\tools). Observe the results: Status results are displayed as N/A, Success, Info, Warning, Error, or Failed . |
| View this on Broadcom > |
|
|
Sometimes if you export the settings to another Gateway we have to reset the Health check service and this KB article can be referenced for that, please follow that and let us know the results.
https://knowledge.broadcom.com/external/article?articleId=242286
-Namish
Original Message:
Sent: Nov 23, 2022 05:25 AM
From: Atifah Abdul Latif
Subject: Unable to send token via email using SSP
Hi Supports,
Customers have 2 sites. One of the sites have no issue to use SSP to send a token via email. However, another site not able to send the token via email.
Upon checking their diagnostic logs from both sites, we notice that the server time check was failed for the problematic site, and it was success for the working site. Hence, we have advised them to **** the URL based on this KB. However, customer have mention they did not **** any URL for the working site and there is no issue to send the token using SSP.
May I know, is that possible if we didn't **** the URL or met the default pre-requisites of ports and protocol, the SSP can be function well?
We did run telnet userservices.vip.symantec.com 443 on both sites and it return as failed.
Regards,
Atifah