Agents not connecting to restarted Endpoint Server hosted on Linux

book

Article ID: 160360

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

After you restart a Linux Endpoint Server, agents may not connect to the Endpoint Server. If this occurs, you can confirm the error in endpoint agent logs (edpa_ext0.log). This file will list libcurl error 60 related to Endpoint Server connection failure. You can also review the aggregator logs on the Endpoint Server which will display the following message: IOException while trying to initialize the transport layer.

Agents cannot reconnect to the Endpoint Server because Linux forbids non-root processes from binding to ports below 1024.

Resolution

To ensure that agents can connect to Endpoint Servers:

  1. Set port forwarding rules.
    The listener port should be set to higher than 10443 and port forwarding rules should be from 443 to 10443. The listener port should be set to higher than 1024 and port forwarding rules should be from 443 to 10443.

  2. Refer to the following link for more information on rules persisting across system reboots:
    https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html.