Cisco CSC Module Error – Activation Warning

KB ID 0000392 

Problem

You try to connect to your Cisco CSC module, and see the following error.

Error: Activation Warning CSC is not activated. Please run setup wizard under Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup to perform setup process. Click OK button to to to Trend Micro Content Security Setup wizard.

Naturally if you’ve never setup the CSC you are going to see this, but what if it suddenly starts doing this?

Solution

1. Connect to the ASA that the CSC module is in.

2. Issue the following command,

[box]sh modu 1 det[/box]

3. This ones unresponsive, it probably just need restarting, to do that issue the following command.

[box]hw-module module 1 reset[/box]

4. They can take a little while to come up (apply the cup of coffee rule). Then to see if it’s back up again use the same command you used earlier.

[box]sh mod 1 det[/box]

That didn’t work! Sometimes CSC modules do fail!, I had one client go through three in a year, If doing the above or running through the setup wizard (you did write down the licence numbers that came with the CSC didn’t you?) doesn’t work then you need to log a call to TAC.

 

Related Articles, References, Credits, or External Links

Cisco CSC Module stop it scanning its own update traffic

Outlook Error 0x800CCC0F – Using POP3 To Exchange – Behind a Cisco CSC (Trend InterScan) Module

KB ID 0000642 

Problem

I upgraded a clients firewall and CSC software a couple of weeks ago, and ever since “some” users saw the following errors,

Error 0x800CCC0F

Task ‘{email address} – Sending’ reports error (0x800CCC0F): #The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).’

Eventually it would time out altogether with the following error,

Error 0x800CCC0B

Task ‘{email address} – Sending’ reported error (0x800CCC0B): ‘Unknown Error 0x800CCC0B’

Solution

All I could discern from Googling the error, was that the AV (In this case the Trend Micro InterScan for Cisco CSC SSM), in the Cisco CSC Module) was probably the culprit.

I tried stopping the POP3 Service on the CSC that did NOT fix the error.

I confirmed that the CSC module was the root cause of the problem, by disabling the entire module with the following command on the Cisco ASA firewall;

[box]hw-module module 1 shutdown[/box]

Warning: If you do this, your CSC settings must be set to “csc fail-open” or web and email traffic will stop! Once you have confirmed this IS the problem you can re-enable the module with the following command.

[box]hw-module module 1 reset[/box]

I tried from my office and it worked fine, I could not replicate the error, I tried from various servers and Citrix box’s from other clients who kindly let me test from their network. Still I could not replicate the error! I went home and that was the first time I could see the same error their users were seeing. Sadly this led me on a wild goose chase, (I use Outlook 2007 at home and Outlook 2010 everywhere else so I (wrongly) assumed that was the problem).

Breakthrough!

As I could now replicate the error, I could at least do some testing, I attempted a send/receive and looked at the CSC Logging.

Note: To view CSC Logging, connect to the ASDM > Monitoring > Logging > Trend Micro Content Security > Continue > Enter the password > OK > View.

Every time it failed, I saw my public IP being logged with a RejectWithErrorCide-550 and RBL-Fail,QIL-NA. At last something I could work with.

This error indicates a problem with the Email Reputation system, I logged into the CSC web management console > and located this.

Then I disabled the ‘SMTP Anti-spam (Email Reputation)’, and everything started to work.

Conclusion

I understand the need for this system, but the nature of POP3 email clients, dictates they can connect in from anywhere, usually from a home ISP account on a DHCP address. I know from experience that major ISP’s IP ranges get put in RBL block lists (I checked by popping my IP in here, and sure enough it was blocked).

If you are going to use POP3 then you need to leave this system disabled, but to be honest, if you have Exchange, simply swap over to Outlook Anywhere and stop using POP3.

Related Articles, References, Credits, or External Links

Special thanks to Jenny Ames for her patience while I fought with this over a number of days.