Error messages

If the appliance is not configured correctly, it tries to identify the problem and sends a temporary or permanent failure message.

The text in parentheses in the error message provides additional information about the problem. Some error messages relay the response from the Smart Host so the McAfee DLP Prevent response contains the IP address, which is indicated by x.x.x.x.

For example, 442 192.168.0.1 : Connection refused indicates that the Smart Host with the address 192.168.0.1 did not accept the SMTP connection.

Table 1: Temporary failure messages
Text Cause Recommended action
451 (The system has not been registered with an ePO server) The initial setup was not completed. Register the appliance with a McAfee ePO server using the Graphical Configuration Wizard option in the appliance console.
451 (No DNS servers have been configured) The configuration applied from McAfee ePO did not specify any DNS servers. Configure at least one DNS server in the General category of the Common Appliance policy.
451 (No Smart Host has been configured) The configuration applied from McAfee ePO did not specify a Smart Host. Configure a Smart Host in the McAfee DLP Prevent Email Settings policy category.
451 (Policy OPG file not found in configured location) The configuration applied from McAfee ePO was incomplete.
  • Ensure that the Data Loss Prevention extension is installed.
  • Configure a Data Loss Prevention policy.
  • Contact your technical support representative. The configuration OPG file must be applied with the policy OPG file.
451 (Configuration OPG file not found in configured location) The configuration applied from McAfee ePO was incomplete.
  • Ensure that the Data Loss Prevention extension is installed.
  • Configure a Data Loss Prevention policy.
  • Contact your technical support representative. The configuration OPG file must be applied with the policy OPG file.
451 (LDAP server configuration missing) This error occurs when both these conditions are met:
  • McAfee DLP Prevent contains a rule that specifies a sender as a member of an LDAP user group.
  • McAfee DLP Prevent is not configured to receive group information from the LDAP server that contains that user group.
Check that the LDAP server is selected in the Users and Groups policy category.
451 (Error resolving sender based policy) A policy contains LDAP sender conditions, but cannot get the information from the LDAP server because:
  • McAfee DLP Prevent and the LDAP server have not synchronized.
  • The LDAP server is not responding.
Check that the LDAP server is available.
451 (FIPS test failed) The cryptographic self-tests required for FIPS compliance failed Contact your technical support representative.
451 (Unable to verify data against the registered document server) The registered documents server is unavailable. Check your configuration to confirm that the server is available, and the details you entered are correct.
442 x.x.x.x: Connection refused McAfee DLP Prevent could not connect to the Smart Host to send the message, or the connection to Smart Host was dropped during a conversation. Check that the Smart Host can receive email.
Table 2: Permanent failure messages
Error Cause Action
550 Host / domain is not permitted McAfee DLP Prevent refused the connection from the source MTA. Check that the MTA is in the list of permitted hosts in the McAfee DLP Prevent Email Settings policy category.
550 x.x.x.x: Denied by policy. TLS conversation required The Smart Host did not accept a STARTTLS command but McAfee DLP Prevent is configured to always send email over a TLS connection. Check the TLS configuration on the host.
Table 3: ICAP error messages
Error Cause Action
500 (Unable to verify data against the registered document server) The registered documents server is unavailable. Check your configuration to confirm that the server is available, and the details you entered are correct.
500 (LDAP server configuration missing) This error occurs when both these conditions are met:
  • McAfee DLP Prevent contains a rule that specifies an end-user as a member of an LDAP user group.
  • McAfee DLP Prevent is not configured to receive group information from the LDAP server that contains that user group.
Check that the LDAP server is selected in the Users and Groups policy category.
500 (Error resolving end-user based policy) A policy contains LDAP sender conditions, but cannot get the information from the LDAP server because:
  • McAfee DLP Prevent and the LDAP server have not synchronized.
  • The LDAP server is not responding.
Check that the LDAP server is available.