“connection reset” error message SharePoint scan
search cancel

“connection reset” error message SharePoint scan


Article ID: 164359


Updated On:


Data Loss Prevention Network Discover


Data Loss Prevention (DLP) Network Discover scan of SharePoint target fails with "unable to connect" errors seen in the Scan Detail.


FileReader logs show errors similar to:

Nov 15, 2016 10:39:23 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://schemas.microsoft.com/sharepoint/soap/}ListsSoapService#{http://schemas.microsoft.com/sharepoint/soap/}GetListItems has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.

Caused by: java.net.SocketException: SocketException invoking {SharePoint target site URL}: Connection reset

Caused by: java.net.SocketException: Connection reset

Nov 15, 2016 10:39:23 AM com.symantec.dlp.sharepoint.connector.exception.SharePointExceptionHandler throwException
SEVERE: discover.statusMessage.SOCKET_EXCEPTION
com.symantec.dlp.sharepoint.connector.exception.SharePointBaseException: discover.statusMessage.SOCKET_EXCEPTION

Nov 15, 2016 10:39:23 AM com.symantec.dlp.sharepoint.connector.soap.SharePointSOAPWSInvoker getListItemsWS
INFO: Profile - WebServiceCall|getListItemsWS|Security Control, Breaches & Processing Exception Incident Reports|18971
Nov 15, 2016 10:39:23 AM com.symantec.dlp.discover.sharepoint.crawler.SharepointItemIterator next
SEVERE: Error while getting next item. Error Code : Unknown error. This can be due to some Sharepoint internal issue. Site & its childern will be skipped. Scan will continue.
Nov 15, 2016 10:39:23 AM com.vontu.discover.crawler.framework.ErrorManager handleFailedItem
WARNING: Failed to scan.
com.vontu.discover.repository.ItemException: Failed to scan.

Caused by: com.symantec.dlp.sharepoint.connector.exception.SharePointBaseException: discover.statusMessage.SOCKET_EXCEPTION


SharePoint 2010, Sharepoint 2013, IIS 8


  1. The connection reset is caused by a timeout from the Discover server to the SharePoint target, and the connection reset causes a SOCKET_EXCEPTION error, resulting in no connection to the SharePoint site to be scanned.
  2. The SharePoint server is configured to require Server Name Indication (SNI) in the IIS bindings and no default site is configured


Solution 1

  • Increasing the SharePoint connector timeout value  (Discover.Sharepoint.SocketTimeout) from the default value of 60000 to 120000 should resolve this issue.  After making this change, recycle the VontuMonitor service on the detection server to update the settings.
  • If the Connection Reset error remains, check cause 2, or it may be necessary to increase the setting until the issue no longer occurs

Solution 2

  • In the IIS settings on the Sharepoint server, edit the site bindings and remove the checkmark from 'Require Server Name Indication' under the hostnames
  • For information on other possible solutions see the link below (WARNING - this will take you to a non-Symantec page):

Running Multiple SharePoint SSL Websites on Separate SSL Certificates Using Server Name Indication