Facing multiple issue in the newly deployed DNIF

Hello,

We have deployed the new DNIF on our environment.
We have 3 VM’s with the below Components:

  1. Core and Console

  2. Datatnode.

  3. Adapter.

  4. We are facing an issue with SMTP configuration:
    Getting Mail delivery failed error while
    Attached the screenshot for reference:


    configuring the SMTP.

We have gone through the steps mentioned in this forum topic but issue still persists:

  1. We are integrating the below Log Sources:
    Cisco ASA, Sophos XG, Microsoft AD, Office 365 and Crowdstrike.

We have successfully integrated the Cisco ASA and Sophos XG firewall but we are not able to see the logs collected on the Console.
We are facing the Server Down Issue while running the search block and while troubleshooting the core component all the services were running and we have notable events appearing continuously.

Attached the screenshots:


Also, do we need to have a Pico Connector as mandatory?

Hoping to hear back from you soon.

Best Regards,
Mohammed Abrar

Hello Mohammed Abrar,

Thank you for writing to us.

  1. SMTP
    The below document should be helpful to troubleshoot the SMTP issue.
    Troubleshooting SMTP - Knowledge Base

  2. As per the earlier thread raised by you the minimum requirements are not met because of this you are receiving the server down message while searching the data.
    Server Down Error

  3. Pico Connector is not mandatory, you can directly forward the data on the adapter.
    Getting Data into DNIF

Regards,
Mark

Hi Mark,

Thanks for the response.
Is there any method to create the new users without SMTP Configuration?

Regards,
Mohammed Abrar

Hi,

We tried to troubleshoot with the link provided, still issue persists.

Able to connect to the smpt.office365.com through telnet on port 25 and 587 from DNIF Core.


Also we are getting error while running the python script for SMTP check: “python3 smtp_check.py”.
image

Hoping to hear back from you soon.

Best Regards,
Abrar

Hello Abrar,

Please check that you are executing the smtp_check.py file from the correct location because most of the time we received this error when file is not present in the correct location.

Regards,
Mark

Hello Mark,

Thanks for suggestion, can you help me on the location to run this python script?

We have also upgraded the Specifications of the components to meet the minimum requirement and done the reinstallation of DNIF but still the server down issue persists.

Best Regards

Hello Mohammed Abrar,

  1. This document should help you to troubleshoot the search issues.
    Troubleshooting Search - Knowledge Base.

  2. Restart Compute-leader service for server down issue. Refer Query Server Down - Troubleshooting Notable Events for more information.

Regards ,
Luffy

Hello Luffy,

Gone through the troubleshooting steps but still the issue persists.
Can you let me know from which location "I need to run the SMTPCheck python script?"

Regards

Hi Abrar,

In regards to the python3 error - while executing the python script, it seems your .py file is at a different location/directory than the /DNIF directory from where you are executing the script in terminal.

Kindly ensure you navigate to the directory where this file(.py file) exists and then you execute the script.

1 Like

Hi Simon,

Can you help me with the directory to run the smtpcheck.py script?
is this script resides in any particular directory? cannot find the .py directory.

@Abrar -It is the same directory in which you have downloaded the script.

1 Like

@Blackbird2Raven, thanks for the response.

I tried running the script, but getting the configuration failed error.
i have doubts about the values which should be given in the fields:

  1. sys Admin
  2. From Field (i tried with both the console IP and my email address) .

Attached screenshot

Best Regards

Hi @Abrar - From the error it seems there is something wrong either with your credentials or the connectivity. Are you sure you are using the right credentials?

Here are few checks that can be helpful:

  1. Validate if correct user name, password, domain and port is used. (You can consult your IT team or related SME in your team)
  2. Ensure the request/responses over port 25 or any other custom port which you might be using, is not blocked by any network device between the Core&LC node and your SMTP server.
  3. Revisit the SMTP section on Console, populate the fields with proper SMTP config and click Save, to apply configuration.

In case of any error encountered, please share a snapshot of the browser network activity once you press the “Save” button. This will help us review breakpoints in route.

Here is a video to help you with the process of investigating network activity.

1 Like

@Blackbird2Raven - Thanks for the response.

We have again checked steps 1 & 2 but we are still getting the same error. Please find the screenshot of the network activity below.

Regards.

@Sourav - “500 error response” is seen in the developer console from email server it seems…can you check with your email admin for the cause and let us know?

Just to be sure…was this checked? Can you share some evidence to validate? You can easily check this by seeing the request/response headers as mentioned in video guide to confirm source and destination:

Hey @Sourav - I think the default “From address” is being blocked by your SMTP server, as there is an error “‘501 5.1.7 invalid address’” seen in the output of SMTP helper script along with 500 error received from email server as response. Check the below article for more details on the cause of such error:

As a solution, can you try mentioning your office email address within the “From address” field and hit “Save” to retest?
image(1441)

@Blackbird2Raven @John.Elron - Tried all the steps suggested by you and the issue is fixed now. Thanks so much for your help.

Also, we are facing few more issues but will post that in a new thread.

Regards.

2 Likes