When adding a new Detection Server, the detection server status is showing "unknown" in Enforce.
Check to see if there is an ssl keystore file located on the Enforce server in the following location:
If it contains a file that looks like this;
enforce.<timestamp>.sslKeyStore, then an SSL keystore file was generated using the sslkeytool.
Check to see if there is a similar looking file on another Detection server in your environment. It will start with 'monitor' instead of 'enforce'. Note if the enforce file is on the detection server then the error will continue. The file will be in the following location on the detection server:
<DLP installed folder>\protect\keystore\
You may see the following error in the
Jul 21, 2009 9:47:36 AM com.vontu.communication.transport.ConnectWrapperOperation preSelect
INFO: connectOp preselect failed
Jul 21, 2009 9:47:36 AM com.vontu.communication.transport.ChannelManager processOperationResult
INFO: Operation com.vontu.communication.transport.ConnectWrapperOperation:1248184056174:discover:xx.xx.xx.xx:[email protected] failed with exception: com.vontu.communication.transport.exception.TransportException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem Jul 21, 2009 9:47:36 AM com.vontu.communication.transport.ChannelManager handleOperationFailure
This issue can also occur if there are multiple .sslKeyStore files found in the directory for Enforce. If both the Enforce and Monitor .sslKeyStore files are mistakenly placed in the Enforce keystore directory, you will see the following messages in MonitorController log.
Jan 25, 2023 11:11:38 AM com.vontu.communication.transport.KeyStoreFileHelper getSslKeyStoreFile
SEVERE: More then one *.sslKeyStore files found in keystore
Jan 25, 2023 11:11:38 AM com.vontu.logging.LocalLogWriter write
WARNING: Using built-in certificate. Using built-in certificate to secure the communication between Enforce and Detection Servers.
Misconfigured .sslKeyStore files
If you can find the SSL keystore file on another detection server that was previously deployed, then simply copy the file to the new Detection server. You can find the keystore File in the following location: \programdata\Symantec\DataLossPrevention\DetectionServer\15.x
Stop all of the DLP services on the Detection Server not showing properly and rename the old keystore file. Then go to one of the working Detection Servers and copy the keystore file over. Place it in the same folder the old one was located in.
Start up the DLP services on the Detection server, and it should now populate in the console properly.
If you do not have any other Detection servers, then you will need to run the SSLKEYTOOL and generate new keystore files. Check the Symantec Installation Guide for detailed information regarding the sslkeytool utility. To generate a keystore file:
Optionally, you can create the files in a different directory by adding the argument -dir=directory after the genkey option.
The sslkeytool utility generates two keystore files. These files must be placed in the proper directory on each server. One file stays on the Enforce Server, and the other file is copied to all of the other servers. You must place the keystore files as follows:
<DLP install folder>\Protect\keystore(Windows) or
If the message seen in MonitorController indicates that multiple *.sslKeyStore files were found, ensure that Enforce only has the one .sslKeyStore file named enforce.<timestamp>.sslKeyStore. No other files with the .sslKeyStore extension can exist in this directory.