How to rebuild the thumbprints for Email Security

03/26/2020 1502 16201

DESCRIPTION:

How to rebuild the thumbprints for Email Security (to address the Thumbprint is Stale Alert or fix a corrupted thumbprint/ MySQL database).

RESOLUTION:

This article is to address the Thumbprint is Stale Alert. This alert can take place due to corruption of the thumbprint database or some update files relating to the thumbprint databases.

NOTE: This Article does not apply to email security software/appliance version 7.4.0 to 7.4.5 so if you are running any version between 7.4.0 - 7.4.5 then please upgrade the firmware to 7.4.6 or higher and then follow steps mentioned for respective firmware.

 For windows servers: Versions 7.2.x - 7.3.6
(To fully rebuild all Thumbprint databases from scratch)

1. Stop the Email Security Services using the shortcut in Start | Programs | SonicWall Email Security | Stop all services shortcut.
2. Delete the collab directory. Location: C:\Program Files\SonicwallES\Plugin\default\collab
3. Note: do not rename folders in the Email Security Directories.
4. Start the Email Security Services using the shortcut in Start > Programs > Sonically Email Security > Start all services shortcut.
5. Check to see that the cola directory has been recreated. It may take a few moments for all services to start.

For appliances: Versions 7.2x – 7.3.6
(To fully rebuild all Thumbprint databases from scratch)

1. Install “putty”- a telnet client from the Internet ( you can download it from Internet )
2. Open putty and put in the VIP address of Email security device and port “22”
3. Login as :  “snwlcli”
4. Login: admin
5. Password : (admin password that you use for logging in the Web)
6. On the Cli prompt type the following commands

  Once connected to the appliance'S clip, to recreate the thumbprint database, issue the following at the CLI prompt:
        Example:       
        SNWLCLI>cleanupdcdatabase
        Please note: This will require a reboot of the server, so do not execute this unless you can afford a reboot during that time.
 
For windows servers: Versions 7.4.6 – 9.0.x
Note: The following commands are only available in 7.4.6 and higher. Please upgrade to at least 7.4.6 to run these commands.

1. Stop the Email Security Services using the shortcut in Start | Programs | SonicWall Email Security | Stop all services shortcut.
2. From a command prompt run the following command:
   C:\Program Files (x86)\SonicWallES\mlfworkr.exe" -cleanupmariadbdata

   NOTE: If mlfworkr.exe is not found in Program Files (x86), look for it in Program Files

3. Delete the collab directory. Location:  C:\Program Files (x86)\SonicWallES\PluginDefault\collab
   As the Email Security can be run only on the 64-bit Windows, the path starts by default with "C:\Program Files (x86)".
4. Start the Email Security Services using the shortcut in Start | Programs | SonicWall Email Security | Start all services shortcut.
5. Check after a few moments to see that a new collab folder is created.

Please Note that this command will rebuild all mysql databases, Thumbprints and Reports Database.

For appliances: Versions 7.4.6 – 9.x.x

1. Log into the CLI using Putty.
2. Install “putty”- a telnet client from the internet ( you can download it from internet )
3. Open putty and put in the IP address of Email security device and port “22”
4. Login as :  “snwlcli”
5. Login: admin
6. Password : (admin password that you use for logging in the WebUI)
7. On the CLI prompt type the following commands
8. SNWLCLI:>stop appservices ( it will take few minutes to stop services and come back to the prompt)
9. SNWLCLI:>mysql -dodbrecovery ( This command can take 5- 10 minutes and come back to the prompt)
10. SNWLCLI :> cleanupdcdatabase. (The last command will ask for a confirmation to reboot.)

Once reboot is completed the Thumbprint databases and Reports database will initiate the rebuild. 
It will take about 30-45 minutes to finish the download and processing of the thumbprints and insert into the MySQL databases.

Note: Older model Appliances (ES200 - ES500) can take much longer to process the updates. If you receive Thumbprint stale alerts still while rebuilding, please restart services and monitor the Thumbprint info page.

Please note that if you are receiving MySQL down alerts you will need to perform the complete rebuild as outlined above.

Selective Rebuilds
For windows server command line: Versions 7.2.x - 7.3.6

(To rebuild thumbprint databases per letter): Selective Rebuild

1. Open a command line window on the affected server.
2. Navigate to the install directory of Email Security. (Example: C:\Program Files\SonicwallES)
3. Execute the following: mlfworkr -rebuildcollabdb -all
4. (This command will effectively rebuild all thumbprint databases. If you wish to rebuild specific thumbprint databases based on the specific letter, simply specify the relative letter. Example:  -rebuildcollabdb <c|e|g|h|i|p|t|all> Rebuild one (or all) collab db from archived tpd files).

(To rebuild thumbprint databases per letter):
   1. Once connected to the appliance's cli, to rebuild the thumbprint database by letter, issue the following at the CLI prompt.
        Syntax is as follows:  -rebuildcollabdb <c|e|g|h|i|p|t|all>
        Example:
        SNWLCLI> rebuildcollabdb all
(To recreate thumbprints from scratch, this may be the case in the event that rebuildcollabdb does not resolve the alert issue)

Selective Rebuilds
For windows server command line: Versions 7.4.6 – 9.0.x
Support does not recommend running the ALL command In the CLI.
Please use the full rebuild commands above instead.
 
mlfworkr -rebuildcollabdb < AT | CT | DT | HT | IM | IP | NM | PH | TT | VR | XB | geoip | pdata | sdata | all >
Download new copies of thumbprint databases from the data center
(This command will effectively rebuild all thumbprint databases. If you wish to rebuild specific thumbprint databases based on the specific letter, simply specify the relative letter.)
 
The same command is used for appliances and their related build as above.
If in question type help rebuildcollabdb in the CLI to see the syntax for usage
 
rebuildcollabdb < AT | CT | DT | HT | IM | IP | NM | PH | TT | VR | XB | geoip | pdata | sdata | all >
Download new copies of thumbprint databases from the data center
 
How to rebuild Thumbprint databases from the UI (all versions).
Log into the UI and then change the end of the URL to Diag.html
example:  https://10.61.249.2/index.html > Change to https://10.61.249.2/diag.html
Click the Thumbprint Info link.

You will now see the Thumbprints page where you can click a link to force a download of a specific database.