search cancel

Symantec Data Center Security (DCS) SVA's go offline

book

Article ID: 163831

calendar_today

Updated On:

Products

Data Center Security Server

Issue/Introduction

Your virtual environment is protected by DCS using the Symantec Threat Protection services (SVA) and they have gone offline for some reason. From the Support Package downloaded from the SVA or from console access to the SVA:

In var/log/messages:
Oct 10 19:52:48 localhost kernel: EXT4-fs (dm-0): INFO: recovery required on readonly filesystem

In avservice.log:
[|] 2016-10-12 17:58:19 GMT | 1292:0 | Warning | avservice.EPSecGuestFile | Unreadable file[C:\Windows\Fonts\StaticCache.dat]. EPSecStatus: EPSEC_ERROR_EVENT_TERMINATED [-]
[|] 2016-10-12 17:58:19 GMT | 1292:0 | Warning | avservice.EPSecGuestFile | Unreadable file[C:\ProgramData\VMware\VMware Blast\Blast-Worker.log]. EPSecStatus: EPSEC_ERROR_EVENT_TERMINATED [-]
[|] 2016-10-12 18:00:49 GMT | 1292:0 | Warning | avservice.EPSecGuestFile | Unreadable file[C:\ProgramData\VMware\VMware Blast\Blast-Worker.log]. EPSecStatus: EPSEC_ERROR_EVENT_TERMINATED [-]

Cause

This has been seen when the datastore becomes unavailable on the ESXi host.

Resolution

Resolve the underlying ESXi issue with the datastore and restart the SVA appliance.
If the SVA does not function after restarting you must remove the SVA then redeploy to that ESXi host.