Step 1: Ping the Detection Server

Ping the Detection Server from the Enforce Server to confirm basic communication between the servers.

1. Open CMD on the Enforce Server
2. Run a ping command
   
   ping
   
   
   
   
   • Success: This means the servers can see each other and at least communicate on a basic level.
   • Failure: This means that the servers are unable to see each other at all and there is a basic networking issue causing your problem.
     
     For example, if your firewall was blocking all traffic to the server, your ping may fail.
     
     Note: ICMP is turned off by default in all newer versions of Windows.
     
     
     
     

Step 2: Telnet into the Detection Server

Telnet into the Detection Server from the Enforce Server over Port 8100 (this is the default port).

1. Open CMD on the Enforce Server
2. Run a telnet command
   
   telnet
   
   
   
   Note: A successful "telnet" connection will result in a blank screen (type "exit" to quit telnet).
   
   
   • Success: This means that the port is open and we can successfully communicate on both the IP and Port specified. This also confirms that the service is up and running, as port 8100 would not be listening if it were not running.
   • Failure: This means that the port is not open, and it's likely that the service on the Detection Server is not running.

Step 3: Confirm the "Symantec DLP Detection Server" service is running

Confirm that the "DLP Detection Server" service is actually running on the Detection Server.

Step 4: Confirm "serverBindName" is set to your Detection Server IP address

• Settings File: C:\Program Files\Symantec\DataLossPrevention\DetectionServer\15.X.X\Protect\config\Communication.properties or C:\Program Files\Symantec\DataLossPrevention\DetectionServer\16.X.X\Protect\config\Communication.properties
• Setting: serverBindName =
  
  
  
  

Step 5: Check logs to see if communication issues remain

If communication between the servers is working but the service is failing to start or is unable to report the correct status, gather the following logs in C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<version>\logs:

BoxMonitor0.log

The "BoxMonitor0.log" can be found in the "Debug" folder and is the primary log you will want to check for error messages. This will contain detailed error messages about why the service is failing to start, or why it is unable to communicate with the Enforce Server.

You can generally search for the terms "Error" or "Fail" in order to help you quickly and easily identify problems.

• Example: com.vontu.boxmonitor.BoxMonitorException: Monitor Error 4162
  • This error message, for example, is seen when the Bind Address is set incorrectly for the Detection Server. Please note that the Bind Address should point to the IP Address of the Detection Server (not the Enforce Server). It is possible to leave this value blank for troubleshooting purposes, but if you have multiple NIC cards this can cause other issues if you are only using a single NIC then leaving this blank should be fine.
• Example: javax.net.ssl.SSLHandshakeException: no cipher suites in common
  • This error was thrown because the "SSLcipherSuites" did not match between the Enforce and Detection Servers.
• Example: com.vontu.communication.transport.exception.TransportException: remote endpoint closed connection.
  • ​If you see this error, create a keystore/certificate for the new Detection Server.
  • Alternatively you can copy the keystore from an existing, working detection server. Note that in 15.X+/16.X the keystore folders default location is now in C:\ProgramData. For example, in 15.5, the path is: C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.X\keystore or C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\16.X.X\keystore

SSL errors

If you are seeing SSL-related errors, check that the "SSLcipherSuites" settings on your Detection Server and Enforce Server match.

• Enforce Server: C:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.X\Protect\config\MonitorController.properties or C:\Program Files\Symantec\Data Loss Prevention\Enforce Server\16.X\Protect\config\MonitorController.properties
• Detection Server: C:\Program Files\Symantec\Data Loss Prevention\Detection Server\15.X\Protect\config\Communication.properties or C:\Program Files\Symantec\Data Loss Prevention\Detection Server\16.X\Protect\config\Communication.properties
• Setting: SSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA (this is the default value).

Step 6 - Restart DLP services

Changes are not applied until the DLP services are restarted. If you make any changes or continue having problems, restart the following services to ensure everything is fully up and running.

• Detection Server: Symantec DLP Detection Server
• Enforce Server: Symantec DLP Detection Server Controller

Note: It may take the services several minutes to fully come back up, even if they are already showing a "Started" state.

Step 7 - Restart Enforce

Restarting Enforce from within the Enforce console will restart the SymantecDLPDetectionServerController service and re-establish communication with the Detection Server.

Click System > Servers > Overview > Enforce > Restart.