How to rebuild the thumbprints for Email Security

10/28/2024 1,560 People found this article helpful 489,114 Views

Description

How to rebuild the thumbprints for Email Security (to address the Thumbprint is Stale Alert or fix a corrupted thumbprint/ MySQL database).

Resolution

This article is to address the Thumbprint is Stale Alert. This alert can take place due to corruption of the thumbprint database or some update files relating to the thumbprint databases.

NOTE: This Article does not apply to email security software/appliance version 7.4.0 to 7.4.5 so if you are running any version between 7.4.0 - 8.x.x then please upgrade the firmware to 10.x.x as anything older then 9.x.x is not supported. Follow steps mentioned for respective firmware to rebuild thumbprint database.

For windows servers: Versions 9.x.x – 10.x.x
Note: The following commands are only available in 9.x.x and higher. Please upgrade to at least 10.x.x to run these commands.

Stop the Email Security Services using the shortcut in Start | Programs | SonicWall Email Security | Stop all services shortcut.
From a command prompt run the following command:
C:\Program Files (x86)\SonicWallES\mlfworkr.exe" -cleanupmariadbdata

NOTE: If mlfworkr.exe is not found in Program Files (x86), look for it in Program Files
Delete the collab directory. Location: C:\Program Files (x86)\SonicWallES\PluginDefault\collab
As the Email Security can be run only on the 64-bit Windows, the path starts by default with "C:\Program Files (x86)".
Start the Email Security Services using the shortcut in Start | Programs | SonicWall Email Security | Start all services shortcut.
Check after a few moments to see that a new collab folder is created.

Please Note that this command will rebuild all MySQL databases, Thumbprints and Reports Database.

For appliances: Versions 9.x.x – 10.x.x

Log into the CLI using Putty.
Install “putty”- a telnet client from the Internet ( you can download it from Internet )
Open putty and put in the IP address of Email security device and port “22”
Login as : “snwlcli”
Login: admin
Password : (admin password that you use for logging in the WebUI)
On the CLI prompt type the following commands
SNWLCLI:>stop appservices ( it will take few minutes to stop services and come back to the prompt)
SNWLCLI:>MySQL -dodbrecovery ( This command can take 5- 10 minutes and come back to the prompt)
SNWLCLI :> cleanupdcdatabase. (The last command will ask for a confirmation to reboot.)

Once reboot is completed the Thumbprint databases and Reports database will initiate the rebuild.
It will take about 30-45 minutes to finish the download and processing of the thumbprints and insert into the MySQL databases.

NOTE: Older model Appliances (ES200 - ES500) can take much longer to process the updates. If you receive Thumbprint stale alerts still while rebuilding, please restart services and monitor the Thumbprint info page.
Please note that if you are receiving MySQL down alerts you will need to perform the complete rebuild as outlined above.

Selective Rebuilds
For windows server command line: Versions 9.0.x – 10.x.x
Support does not recommend running the ALL command In the CLI.
Please use the full rebuild commands above instead.

mlfworkr -rebuildcollabdb < AT | CT | DT | HT | IM | IP | NM | PH | TT | VR | XB | geoip | pdata | sdata | all >
Download new copies of thumbprint databases from the data center
(This command will effectively rebuild all thumbprint databases. If you wish to rebuild specific thumbprint databases based on the specific letter, simply specify the relative letter.)

The same command is used for appliances and their related build as above.
If in question type help rebuildcollabdb in the CLI to see the syntax for usage

rebuildcollabdb < AT | CT | DT | HT | IM | IP | NM | PH | TT | VR | XB | geoip | pdata | sdata | all >
Download new copies of thumbprint databases from the data center

How to rebuild Thumbprint databases from the UI (all versions).

Log into the UI and then change the end of the URL to Diag.html
Example: https://10.61.249.2/index.html > Change to https://10.61.249.2/diag.html
Click the Thumbprint Info link.
You will now see the Thumbprints page where you can click a link to force a download of a specific database.