Data Loss Prevention

Hi All,

DLP clients are not communicating to DLP server

can any one give the solution for this error

 

Regards,

Mohan

HI,

Check this download

https://www-secure.symantec.com/connect/downloads/required-tools-troubleshoot-dlp-endpoint-agents-v11

what is the erro, while installing did you point the client to be contacting the DLP detection server? is there firewall between these 2 components?

 

Hi Mohan,

Please test the below to confirm issue and verify Endpoint Agent to Endpoint Server communication is over port 8000 by default.  This port can be changed in the UI, under the Endpoint Server configuration page:

 

If your Endpoint server IP address is, 192.168.2.52  You can perform the following telnet test from a endpoint agent that is not checking in.

open a Command window:

telnet 192.168.2.52 8000

<If the port is open, this command should take you to a blank screen, if it is blocked you will receive a connection refused message>

 

Another good test you can perform from the Endpoint Agent is a netstat test which will show you what ports are connected/established or listening.

The endpoint server should be listening on port 8000 (0.0.0.0:8000 LISTENING),  The endpoint agent, if connected will show ESTABLISHED on port 8000

Example From Endpoint server:  

<Endpoint Server> C:\>netstat -aon | find "8000"
  TCP    0.0.0.0:8000                0.0.0.0:0                         LISTENING       2192
  TCP    192.168.2.52:8000      192.168.2.53:1433      ESTABLISHED     2192
  TCP    192.168.2.52:8000      192.168.2.54:49306     ESTABLISHED     2192
  TCP    192.168.2.52:8000      192.168.2.55:49160     ESTABLISHED     2192

<The endpoint server example above shows that the server is listening on port 8000, and that 3 Endpoint Agents are ESTABLISHED (192.168.2.53,54,55)>

You can perform the same test from the Endpoint Agent. Here are the type results you "should" see if the agent is connected.

<Endpoint Agent> C:\>netstat -aon | find "8000"
  TCP    192.168.2.53:1433      192.168.2.52:8000      ESTABLISHED     2016

Also refer the below links to download and test

https://www-secure.symantec.com/connect/downloads/required-tools-troubleshoot-dlp-endpoint-agents-v11

 

I'm having this problem too. Anybody found a solution for thiss??? Helppp!!

hi,

 

thanks for this i'll follow this procedure. 

what happened if there is no 8000 port is open?

how could i be able to open this port to the endpoint? if the endpoint server is already set to 8000?

i already turn off windows firewall of server and for the test client.

the port needs to be open if firewall blocks, as you stated you have turned off firewall on host, is there any firewall on gateway?

hi pete,

thanks, i will check on this.

 

 

 

hi,

 

may i ask also. how can i see the logs between client to server? i mean, if i install agent with or without error, where could i found the logs?

 

 

thank you,

marj

If there is no 8000 port opened on the endpoint machine, then, you need to check whether the DLP agent is successfully installed by check the process and services of DLP agent.

Please chcek the Endpoint servers Host/IP(static) is added in DLP agents or not and also check the port 8000 is open or not bidirection from endpoint servers to agents.

hi yang_zhang,

 

 i already check the services for the agent and it does exist their.

hi K S Sharma,

when i used netstat there is no port was established "8000".

please help me on this i'm just new here in DLP.

 

 

thank you,

marj

did you try telnet?

hi pete,

yes, i already did the telnet. but i think cant connect to the port 8000

is there any firewall in between? if yes, you need to allow the traffic.

 

hi,

there is no firewall between. no "8000" port using netstat.

 

please advise

Marj

is the server listening on port 8000 or someother port?

 

hi these are the available ports

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>netstat |more

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.132.112.59:3389     10.132.117.108:61926   ESTABLISHED
  TCP    10.132.112.59:49155    ipdcvm-dc02:epmap      TIME_WAIT
  TCP    10.132.112.59:49156    ipdcvm-dc02:49166      TIME_WAIT
  TCP    10.132.112.59:49166    ipdcvm-dc02:49155      TIME_WAIT
  TCP    10.132.112.59:49216    ipdcvm-dc02:epmap      TIME_WAIT
  TCP    10.132.112.59:49217    ipdcvm-dc02:49155      TIME_WAIT
  TCP    10.132.112.59:49218    ipdcvm-dlp-nm:8100     ESTABLISHED
  TCP    10.132.112.59:49242    ipdcvm-dlp-nm:8100     ESTABLISHED
  TCP    10.132.112.59:49243    ipdcvm-dlp-nm:8100     ESTABLISHED
  TCP    10.132.112.59:49244    ipdcvm-dlp-nm:8100     ESTABLISHED
  TCP    10.132.112.59:49245    ipdcvm-dlp-nm:8100     ESTABLISHED
  TCP    10.132.112.59:49267    ipdcvm-dc02:epmap      TIME_WAIT
  TCP    10.132.112.59:49268    ipdcvm-dc02:49166      TIME_WAIT
  TCP    10.132.112.59:49281    ipdcvm-dc01:epmap      ESTABLISHED
  TCP    10.132.112.59:49282    ipdcvm-dc01:1025       ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49214   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49219   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49220   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49221   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49223   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49224   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49225   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49226   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49227   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49228   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49231   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49234   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49251   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49253   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49259   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49260   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49262   ESTABLISHED
  TCP    127.0.0.1:1521         IPDCVM-DLP-ENF:49263   ESTABLISHED
  TCP    127.0.0.1:31000        IPDCVM-DLP-ENF:32002   ESTABLISHED
  TCP    127.0.0.1:31001        IPDCVM-DLP-ENF:32000   ESTABLISHED
  TCP    127.0.0.1:31002        IPDCVM-DLP-ENF:32003   ESTABLISHED
  TCP    127.0.0.1:31003        IPDCVM-DLP-ENF:32001   ESTABLISHED
  TCP    127.0.0.1:31004        IPDCVM-DLP-ENF:32004   ESTABLISHED
  TCP    127.0.0.1:31005        IPDCVM-DLP-ENF:32005   ESTABLISHED
  TCP    127.0.0.1:32000        IPDCVM-DLP-ENF:31001   ESTABLISHED
  TCP    127.0.0.1:32001        IPDCVM-DLP-ENF:31003   ESTABLISHED
  TCP    127.0.0.1:32002        IPDCVM-DLP-ENF:31000   ESTABLISHED
  TCP    127.0.0.1:32003        IPDCVM-DLP-ENF:31002   ESTABLISHED
  TCP    127.0.0.1:32004        IPDCVM-DLP-ENF:31004   ESTABLISHED
  TCP    127.0.0.1:32005        IPDCVM-DLP-ENF:31005   ESTABLISHED
  TCP    127.0.0.1:49179        IPDCVM-DLP-ENF:49186   ESTABLISHED
  TCP    127.0.0.1:49179        IPDCVM-DLP-ENF:49284   ESTABLISHED
  TCP    127.0.0.1:49179        IPDCVM-DLP-ENF:49288   ESTABLISHED
  TCP    127.0.0.1:49180        IPDCVM-DLP-ENF:49181   ESTABLISHED
  TCP    127.0.0.1:49181        IPDCVM-DLP-ENF:49180   ESTABLISHED
  TCP    127.0.0.1:49186        IPDCVM-DLP-ENF:49179   ESTABLISHED
  TCP    127.0.0.1:49188        IPDCVM-DLP-ENF:49183   TIME_WAIT
  TCP    127.0.0.1:49189        IPDCVM-DLP-ENF:49182   TIME_WAIT
  TCP    127.0.0.1:49193        IPDCVM-DLP-ENF:49190   TIME_WAIT
  TCP    127.0.0.1:49194        IPDCVM-DLP-ENF:49195   ESTABLISHED
  TCP    127.0.0.1:49195        IPDCVM-DLP-ENF:49194   ESTABLISHED
  TCP    127.0.0.1:49214        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49219        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49220        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49221        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49223        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49224        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49225        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49226        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49227        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49228        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49231        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49234        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49248        IPDCVM-DLP-ENF:37328   TIME_WAIT
  TCP    127.0.0.1:49249        IPDCVM-DLP-ENF:49179   TIME_WAIT
  TCP    127.0.0.1:49250        IPDCVM-DLP-ENF:49247   TIME_WAIT
  TCP    127.0.0.1:49251        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49252        IPDCVM-DLP-ENF:37328   TIME_WAIT
  TCP    127.0.0.1:49253        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49259        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49260        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49262        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49263        IPDCVM-DLP-ENF:1521    ESTABLISHED
  TCP    127.0.0.1:49265        IPDCVM-DLP-ENF:49179   TIME_WAIT
  TCP    127.0.0.1:49266        IPDCVM-DLP-ENF:49179   TIME_WAIT
  TCP    127.0.0.1:49269        IPDCVM-DLP-ENF:49179   TIME_WAIT
  TCP    127.0.0.1:49278        IPDCVM-DLP-ENF:49179   TIME_WAIT
  TCP    127.0.0.1:49279        IPDCVM-DLP-ENF:49179   TIME_WAIT
  TCP    127.0.0.1:49284        IPDCVM-DLP-ENF:49179   ESTABLISHED
  TCP    127.0.0.1:49288        IPDCVM-DLP-ENF:49179   ESTABLISHED
  TCP    [::1]:443              IPDCVM-DLP-ENF:49276   ESTABLISHED
  TCP    [::1]:443              IPDCVM-DLP-ENF:49277   ESTABLISHED
  TCP    [::1]:443              IPDCVM-DLP-ENF:49280   ESTABLISHED
  TCP    [::1]:443              IPDCVM-DLP-ENF:49285   ESTABLISHED
  TCP    [::1]:443              IPDCVM-DLP-ENF:49286   ESTABLISHED
  TCP    [::1]:443              IPDCVM-DLP-ENF:49287   ESTABLISHED
  TCP    [::1]:49276            IPDCVM-DLP-ENF:https   ESTABLISHED
  TCP    [::1]:49277            IPDCVM-DLP-ENF:https   ESTABLISHED
  TCP    [::1]:49280            IPDCVM-DLP-ENF:https   ESTABLISHED
  TCP    [::1]:49285            IPDCVM-DLP-ENF:https   ESTABLISHED
  TCP    [::1]:49286            IPDCVM-DLP-ENF:https   ESTABLISHED
  TCP    [::1]:49287            IPDCVM-DLP-ENF:https   ESTABLISHED
  TCP    [fe80::a4ed:2da2:ddea:8b85%14]:1521  IPDCVM-DLP-ENF:49199   ESTABLISHED
  TCP    [fe80::a4ed:2da2:ddea:8b85%14]:49199  IPDCVM-DLP-ENF:1521    ESTABLISHE
D

C:\Users\Administrator>
C:\Users\Administrator>
C:\Users\Administrator>
C:\Users\Administrator>
C:\Users\Administrator>
C:\Users\Administrator>
C:\Users\Administrator>

I'm also looking for a solution.  I have the Endpoint server setup with an agent connecting already.  We have one agent when I do a telnet to the Endpoint server over 800 will successfully work.  But when I do a netstat -aon | find "8000" it doesn't list anything.

 

I'm not sure what the issue is.

INFO: cancelling pending read operation: com.vontu.communication.transport.ReadOperation:1388480701912:testpc3:null Dec 31, 2013 2:35:01 PM com.vontu.communication.transport.ChannelManager handleOperationSuccess WARNING: Replaced connection for: testpc3 and the remote IP for the old connection is: /10.20.1.29. There might be another client connecting to this channel. Dec 31, 2013 2:35:01 PM com.vontu.communication.dataflow.TransportManager connectionDown INFO: Connection down for address: testpc3, OPERATION_ERROR Dec 31, 2013 2:35:01 PM com.vontu.communication.dataflow.TransportManager connectionUp INFO: Connection up for address: testpc3 Dec 31, 2013 2:35:01 PM com.vontu.communication.dataflow.ShippingTask run WARNING: ShippingTask(testpc3, Structured Data Publication, Publish, 4687110): The connection to address <testpc3> failed while in state <WAITING_FOR_RECEIPT>! Dec 31, 2013 2:35:01 PM com.vontu.communication.dataflow.StructuredSubscriptionReceiver$PublishReport onError INFO: A publish action to address <testpc3> failed: The connection to address <testpc3> failed while in state <WAITING_FOR_RECEIPT>! Dec 31, 2013 2:35:01 PM com.vontu.communication.transport.TCPAcceptOperation select INFO: accepted connection from: 10.20.2.41:4139 Error found on Aggregator0.log in Detection Server...This is the error file, where conection lost and again getting regained.. what is that to be done ? help me out?

is your issue client not communicating with the detection server.

gets communication but lost automatically after some times....... conection is not stable between detection server and agent....

 

do you have 2 enforce server?

 

We dont have 2 detection server but we configred Hyper-V on detection Base server,Whether it makes some problem????....

i was asking about the enforce server..

please refer the system requirement guide for the compatibility.

Only one Enforce Server.........

may be check the connectivity using wireshark or any tool.

Hi,

 

Also refer the below links to download and test

https://www-secure.symantec.com/connect/downloads/...

 

page not found on this URL. i wanna know how di i resolved the issue, i also encounter this issue,.

 

 

plesae advise, thanks guys

hi,

no port "8000" has been established using netstat