The DLP 14.x Upgrader fails to push the Detection server upgrade packages to the detection servers, which then hangs up the enforce upgrader

book

Article ID: 169662

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

The DLP Enforce Detection server upgrade hangs when deploying the detection server upgrader packages. The Upgrade can potentially be stuck on this process for hours, or sometimes days if left running.

Cause

This is caused by the Enforce Server upgrade connection timing out after 30 minutes, which then causes the failed detection server package push.

Note: When pushing out to a large number of detection servers, or if some are in remote or differing geographical locations,  it can often take additional time to push the 600 or 700MB package to all Detection servers.

Environment

Windows or Linux  DLP Enforce Systems.

Resolution

1.  Go on to the Enforce  server and navigate into the Tomcat Structure.  Windows  Drive:\SymantecDLP\Protect\tomcat\webapps\ProtectManager\WEB-INF\web.xml   Linux: /opt/SymantecDLP/Protect/tomcat/webapps/ProtectManager/WEB-INF/web.xml  file:       Go into or modify the web.xml  file     section

2. <session-config>        <session-timeout>30</session-timeout>    </session-config>

     change the default  >30<  minute setting to   120  which is  2 hours  time.  This should be sufficient to  push the detection server package to all detection servers.        

3. Save settings  and recycle the  VontuManager service on enforce.
4. Launch the upgrader again,   and the packages should now be pushed out within the 2 hour time and the upgrader should proceed.