ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Protection engine 8.x unable to enroll scanner or Scanner is not communicating with the Central Console

book

Article ID: 172637

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS Cloud Workload Protection for Storage

Issue/Introduction

Issues with being able to enroll Symantec Protection Engine(SPE) 8.0 with the Central Console. 

The SPE 8.0 is not successful uploading log information and status to Central Console

Failed to Enroll Scanner

Resolution

How to enable debug logging of the Common Agent Framework (CAF) service.

 

Windows:

  1. Take the backup of the cafagent.log and delete the same from the location “C:\Program Files\Symantec\Common Agent Framework\Log”.
  2. Go to the location “C:\Program Files\Symantec\Common Agent Framework
  3. Open a file “cafservicemain.properties”.
  4. Go to the end of file and change the logging level of the “logging.loggers.root.level”  parameter from information to debug like logging.loggers.root.level= debug
  5. Save the file.
  6. Run the enroll.bat to duplicate the issue.
  7. Gather and attach to the case, the cafagent.log file located in “C:\Program Files\Symantec\Common Agent Framework\Log” and SPE log located in "\Program Files\Symantec\scan engine\logs"

 

Linux:

  1. Take the backup of the cafagent.log and delete the same from the location “/var/log/sdcss-caflog/”.
  2. Go to the location “/opt/Symantec/cafagent/bin
  3. Open a file “cafservicemain.properties”.
  4. Go to the end of file and change the logging level of the “logging.loggers.root.level”  parameter from information to debug like logging.loggers.root.level= debug
  5. Save the file.
  6. Run the enroll.sh to duplicate the issue.
  7. Gather and attach to the case, the cafagent.log file located in “/var/log/sdcss-caflog/” and SPE logs located in "/opt/SYMCScan/logs".

Additional Information

Commonly seen errors:

  • The certificate chain was issued by an authority that is not trusted.
    Fixed in SPE 8.2.2. See 202820 - Protection Engine Enrollment fails due to an untrusted certificate

  • Unknown error 336134278
    Fixed in latest CFT for CWP for Storage. See 232336 - CWP Controller fails to enroll with CAF agent, "Unknown error 336134278"