-
Symantec Articles
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
Netskope Articles
- Articles coming soon
-
CloudKnox Articles
- Articles coming soon
-
O365
- Articles coming soon
-
DLP Programmes
-
How To Guides
Created On
byJosh Kee
3.5 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 100% | |
2 Stars | 0% | |
1 Stars | 0% |
You are here:
< Back
For thorough troubleshooting Its recommend starting with the first step and going through each step in order to ensure that all steps are checked.
1. Check for basic network connectivity.
- PING <ipaddress>
- Ping the Endpoint Server from the Enforce Server to confirm they can see each other.
- Ping the Endpoint Server from the Agent to confirm they can see each other.
- If the ping command fails, then you have a basic networking issue and the two machines are unable to see each other.
- TELNET <ipaddress> <port>
- Telnet from the Enforce Server to the Endpoint Server over port 8100
- Telnet from the Endpoint Agent to the Endpoint Server over port 10443
- If the ping works, but the telnet fails that tells us that we can communicate with the machine, but the specific port is not open. This likely means there is either a firewall blocking the port, or the service is not running.
2. Check that all servers and services are showing up and running.
- Enforce Server
- Log into the Enforce Server
- Confirm that all of the Enforce Services are up and running
- SymantecDLPDetectionServerController
- SymantecDLPIncidentPersister
- SymantecDLPManager
- SymantecDLPNotifier
- The DetectionServerController service is the one we are most interested in as this controls communication between the Enforce Server and all of the Detection Servers, but all services should be up and running normally.
- Endpoint Server
- Log into the Endpoint Server
- Confirm that the DetectionServerService is up and running.
- Log into the Enforce Console
- Go to the System Overview Page
- Confirm that your Endpoint Server is reporting in and showing running.
- Open the Endpoint Server Details page
- Again, confirm everything looks like it is running.
- And take note of what you have listed as the “Host”, this should be an IP address or a Hostname
- Endpoint Agent
- Log into the Endpoint Agent
- Confirm that the EDPA and WDP services are running.
3. Confirm the Endpoint Agent is pointed to the correct Endpoint Server.
- Log into the Endpoint Agent
- Copy the “vontu_sqlite3.exe” tool into the “Endpoint Agent” installation directory
- Agent Tools can be found in the “Tools” directory from the Agent Package originally downloaded from Symantec.
- Please also note that if you have to make changes to the Endpoint Server information, you will also need to copy the “service_shutdown.exe” tool.
- Open an Administrative CMD prompt
- CD to the Endpoint Agent installation location where the tools and .ead files are located.
- Open the “cg.ead” file using vontu_sqlite3.exe
- vontu_sqlite3 -db=cg.ead
- You will be prompted for your Tools password
- Query the cg.ead file for the server information.
- SELECT * FROM configuration WHERE name=”ServerCommunicator” AND setting=”SERVER_HOST_AND_PORT_LIST”;
- We are interested in the IP Address and Port listed, in the above screenshot “192.168.127.10:10443“
- This tells us what server it is pointed to and what port it is using (default port is 10443).
- We should compare the IP Address or Hostname to what was seen in Step#2 above from the Endpoint Server, these should match exactly in most scenarios.
- If these values do not match, then update your agent configuration with the below command…
- UPDATE configuration SET value=”<EndpointServer>:<Port>” WHERE name=”ServerCommunicator” AND setting=”SERVER_HOST_AND_PORT_LIST”;
- EXAMPLE:UPDATE configuration SET value=”192.168.127.10:10443” WHERE name=”ServerCommunicator” AND setting=”SERVER_HOST_AND_PORT_LIST”;
- After making changes to the Endpoint Server you MUST restart the Agent Services before the changes will take effect.
If you are still having problems at this point, you should open a ticket with Technical Support. When you do so please provide all of the above information for the agent along with a full set of logs from your Endpoint Agent, Endpoint Server and Enforce Server so the Technical Support Engineer can quickly and easily assist you with determining what is going on.
Was this article helpful?
3.5 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 100% | |
2 Stars | 0% | |
1 Stars | 0% |