Event Code 2905 is being observed in the Enforce console
search cancel

Event Code 2905 is being observed in the Enforce console

book

Article ID: 175130

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Error: Exact data profile creation failed &/or user group synchronization is giving errors 

Event Code 2905 or 2927 is being observed in the "System > Servers and Detectors > Events" section of the Enforce console. 

Code 2927   User Group "{0.EN_US}" synchronization failed

The following User Group directories have been removed/renamed in the Directory Server and could not be synchronized: {1.EN_US}. Please update the "{2.EN_US}" User Group page to reflect such changes.

Code 2905   Exact data profile creation failed

Data file for exact data profile "{0.EN_US}" was not created. Please look in the enforce server logs for more information.

The Localhost log on the Enforce console shows, "Unable to retrieve the following directory group entry"

 

Environment

Symantec Data Loss Prevention Enforce

Cause

1. Both of these codes can be triggered by an Active Directory object that was either removed, renamed, or moved to a different location, but is still being referenced by a User Group

Note: Assure this is not a misfired Active Directory connection and the object was indeed removed, renamed or moved to a different hierarchy in AD before modifying in DLP.

 

Resolution

Resolution 1: Update the User / Group

  1. Go to Manage > Policies > User Groups in the Enforce console
  2. Click on the User Group that is mentioned in the error message
  3. Look in the "Added Groups" section of the page for a listing of the group directory object that was mentioned in the error, highlight it, and click the "remove" button
  4. Click the "Save" button at the top of the page
  5. Go to System > Settings > Directory Connections and click on the Directory Connection name
  6. Go to the "Index Settings" tab and make sure that an indexing schedule is setup (or set one up to run in a few minutes) and click the "Save" button
  7. Wait for the indexing to complete

Another option is to create a duplicate Directory Connection with a different name, modify the User Groups to use the new Directory Connection, delete the original Directory Connection, then rename to new Directory Connection to the old name. 

Resolution 2:

Change/update the port to the Global Catalogue which stores all AD objects in the forest. The default port is 3269

 

Powered by Wolken Software