Discover server failing to scan Share Point 2016

book

Article ID: 171812

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover

Issue/Introduction

Symantec Data Loss Prevention (DLP)
Share Point 2016 scanning is failing.
The scan status shows starting and then quickly returns to ready.

"Encountered error while opening_unknown error
Site and its children will be skipped.
This can be caused by an internal sharepoint error."

And:

"failed to open content root. Failed to scan." (referring to the Share Point site URL)

Cause

This started after disabling SMBv1.
SMBv1 was disabled on the network due to security concerns.

Environment

DLP 14.6, no MP, on Windows 2008 server
Discover servers are on RHEL Linux 7.x.
Share Point 2016

Resolution

DLP uses SMBv1.

For Linux based Discover servers we provide the SMB to run the scans and quarantine.
Our current versions of DLP use SMBv1.
A fix to allow Linux Discover servers to use SMBv2 and SMBv3 is currently scheduled for inclusion in DLP 15.5.

For Windows based Discover servers we leverage Windows for scanning and Windows works fine with SMBv2 or SMBv3..
So scanning of the Share Point servers will work.
But, quarantining uses our software, and we require SMBv1.
There is a hot fix available for DLP 15.0 MP1 that enables Windows Discover servers to quarantine Share Point files using SMBv2 or SMBv3.
Contact Support for the hot fix.
This hot fix should be included in the 15.1 version.