System alerts generated in the Enforce console for an error with the connection to the DLP Endpoint server:

"Internal communications error. Please see Aggregator.log for errors. Search for the string TC - Unexpected Exception"

Ther aggregator provides detail information on the agent connection.

File: Endpoint_Server\logs\debug\Aggregator5.log
Date: 11/2/2017 6:40:50 PM
Class: com.symantec.dlp.communications.common.activitylogging.JavaLoggerImpl
Method: log
Level: SEVERE
Message:  
java.lang.IllegalStateException: SSLEngine already closed
    at org.jboss.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1074)
    at org.jboss.netty.handler.ssl.SslHandler.handleDownstream(SslHandler.java:623)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591)
    at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:784)
    at org.jboss.netty.channel.SimpleChannelHandler.writeRequested(SimpleChannelHandler.java:292)
    at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:254)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:582)
    at org.jboss.netty.channel.Channels.write(Channels.java:704)
    at org.jboss.netty.channel.Channels.write(Channels.java:671)
    at org.jboss.netty.channel.AbstractChannel.write(AbstractChannel.java:248)
    at com.symantec.dlp.communications.transportlayer.impl.NettyTransportConnection$WriteOutboundDataTask.run(NettyTransportConnection.java:1588)
    at com.symantec.dlp.communications.transportlayer.impl.PrioritizedTaskQueue.run(PrioritizedTaskQueue.java:74)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
TC - Unexpected exception  for connection number 1898, '<endpoint agent>' at 2017-11-02 06:40:50. Write failed.Connection statistics

Seen in DLP 14.6, 15.5, 15.7, 15.8

This happens because the connection to the agent was lost unexpectedly. The server didn't gracefully close the connection. We generate a system event upon unexpected connection closures.

The error is reproducible.  Killing the connection during communication between the endpoint agent and the endpoint server should reproduce the error.

This has also been found to be caused by <ServerCommunicator.CONNECT_POLLING_INTERVAL_SECONDS.int> set to 10 in the agent config.

This is possibly caused by a misconfiguration in the agent configuration.  Try creating a new agent config and leaving the advanced agent configuration as close to the default as possible. 

The nature of this error is not something that we can change (probably).  If this error persists after updating the agent config, then it will have to be an expected event for the environment.

Try setting the polling interval back to the default of 900.