System alerts generated in the Enforce console for an error with the connection to the DLP Endpoint server:

"Internal communications error. Please see Aggregator.log for errors. Search for the string TC - Unexpected Exception"

Ther aggregator provides detail information on the agent connection.

File: Endpoint_Server\logs\debug\Aggregator5.log
Date: 11/2/2017 6:40:50 PM
Class: com.symantec.dlp.communications.common.activitylogging.JavaLoggerImpl
Method: log
Level: SEVERE
Message:  
java.lang.IllegalStateException: SSLEngine already closed
    at org.jboss.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1074)
    at org.jboss.netty.handler.ssl.SslHandler.handleDownstream(SslHandler.java:623)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591)
    at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:784)
    at org.jboss.netty.channel.SimpleChannelHandler.writeRequested(SimpleChannelHandler.java:292)
    at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:254)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:582)
    at org.jboss.netty.channel.Channels.write(Channels.java:704)
    at org.jboss.netty.channel.Channels.write(Channels.java:671)
    at org.jboss.netty.channel.AbstractChannel.write(AbstractChannel.java:248)
    at com.symantec.dlp.communications.transportlayer.impl.NettyTransportConnection$WriteOutboundDataTask.run(NettyTransportConnection.java:1588)
    at com.symantec.dlp.communications.transportlayer.impl.PrioritizedTaskQueue.run(PrioritizedTaskQueue.java:74)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
TC - Unexpected exception  for connection number 1898, '<endpoint agent>' at 2017-11-02 06:40:50. Write failed.Connection statistics

Seen in DLP 14.6, 15.5, 15.7, 15.8

This happens because the connection to the agent was lost unexpectedly. The server didn't gracefully close the connection. We generate a system event upon unexpected connection closures.

The error is reproducible.  Killing the connection during communication between the endpoint agent and the endpoint server should reproduce the error.

This has also been found to be caused by <ServerCommunicator.CONNECT_POLLING_INTERVAL_SECONDS.int> set to 10 in the agent config.

This is possibly caused by a misconfiguration in the agent configuration.  Try creating a new agent config and leaving the advanced agent configuration as close to the default as possible. 

The nature of this error is not something that we can change (probably).  If this error persists after updating the agent config, then it will have to be an expected event for the environment.

Try setting the polling interval back to the default of 900.

Abrupt network disconnects can be attributed to environmental issues like:

• Remote Host Disconnection: A network glitch or remote service outage that causes the peer to close the connection abruptly.
• Firewall/Load Balancer Timeouts: A firewall or load balancer terminating idle or long‐lived connections.
• NAT/Proxy Reset: A network address translation device or proxy device dropping or resetting a connection due to session expiry.
• Network Congestion or Interruption: Severe network latency or packet loss that forces a timeout and disconnection.
• External Infrastructure Maintenance: Scheduled maintenance or an unexpected outage on intermediate network equipment (like routers or switches) that forces connections to be cut.

Any of the above can cause a 3900 error to occur.

As long as the agent mentioned in the error is still connecting to the server to update configuration / policies and is reporting incidents then this can be ignored.