Error: "Cloud Service is not available because of an account issue" after adding new DLP cloud detector - status remains "Disconnected"
search cancel

Error: "Cloud Service is not available because of an account issue" after adding new DLP cloud detector - status remains "Disconnected"

book

Article ID: 169814

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Package Data Loss Prevention

Issue/Introduction

After enrolling a new Cloud Detection Server (CDS) or Cloud Detector to Enforce, the following Enforce event is recorded:

Message
Code 2715
Summary Cloud Service is not available because of an account issue
Detail Error [FAIL_BINDING_ERROR] - Cloud Service is not available because of an account issue.

Cause

This can occur in a number of circumstances:

  • When adding a second Cloud Detection Server, either a Cloud Email Detector or a Cloud Detector for WSS/CASB, where a previous instance of another Cloud Detector is already enrolled.
  • After migration of the Detector from one Enforce to another Enforce (please note that such a move often requires assistance from Support to complete).

In some cases, both servers may show as "Connected".

In other cases, either the preexisting or the newer CDS ends up in a "Disconnected" state.

Recycling the SymantecDetectionServerController (aka the Enforce Server MonitorController) may not correct the issue, and the event code keeps recurring even if it does.

Resolution

Do not delete the Cloud Detection Server from Enforce, as it will not likely fix the issue!

Firstly, try recycling DetectionServerController re-establishes connectivity. If it does, and this recurs frequently, confirm you are on the latest Maintenance Pack for your supported release (e.g., 15.8 MP3, or 16.0+).

Secondly, check if the DetectionServerController needs more memory - as per Monitor Controller performance issues after adding new Detection Servers.

Finally, if those steps do not resolve it, you likely require assistance from Technical Support. Please open a support case and reference this article.

Additional Information

Here are more details about these error which may occur duing the enrollment process, some of which have different solutions:

  • In one case, this was due to a second Enrollment Bundle being added for the same CDS - and the DLP database recorded 2 entries for the same server.
  • In another case, this was due to a second Cloud Detector being provisioned for the same customer but under a different Account Name - this caused a mismatch on Cloud Service Gateway because servers provisioned for 2 different accounts were being connected to the same Enforce ID.
  • This can also occur if, during a Detector migration from one Enforce to another, the Detector was NOT deleted from the old Enforce prior to the unbind request - at which point, the Detector was simply re-connected (bound) to the original Enforce.

In general, do NOT delete Detectors until confirming the reason for the "extra" Detector account causing the error.

Article update:

  • "Summary Cloud Service unreachable due to an account issue" - this was actually the original text for the error reported in this article. It has since been updated. As per above, it usually occurs when the 2nd Detector being enrolled was provisioned in a different Account. Please open a case with technical support case to correct.
  • "The bundle refers to a Gateway different than the one that has already been configured" - this error is rare, and occurs when the Enforce Server was originally communicating with a different Cloud Service Gateway URL. It has a different solution altogether, one that also usually requires a case with Technical Support.