"Error: Unable to connect to the Scan Engine." when using the Command Line Scanner
search cancel

"Error: Unable to connect to the Scan Engine." when using the Command Line Scanner


Article ID: 177659


Updated On:


Scan Engine


You are trying to use the Command Line Scanner directly on the Scan Engine server to scan a file. You instead receive a message saying it is unable to connect.



When logging the scan (with the parameter –log), the log will end with -2
Depending on some environmental variables, about 20 or more lines above the end of the log file the error appears. “Error: unable to connect to the Scan Engine”.




 There are multiple causes for this error:

  • The Symantec Scan Engine service is not started
  • The protocol is not configured correctly
  • The number of ephemeral TCP ports in Windows is exhausted and cannot service the number of concurrent connections. In this case Command Line Scanner will scan a number of items before the error is generated.
  • Network issues or restrictions could be blocking access from the server the Command Line Scanner is run from to the Scan Engine server. 





Verify that the scan engine service is started:

  1. From the Start Menu, choose Run...
  2. Type services.msc and choose OK
  3. Locate the service listed as Symantec Scan Engine.
  4. Verify that the service state shows running and it is set to Automatic
  5. You can also verify that you can access http://localhost:8008/swagger-ui.html in a web browser and see content.

Check the protocol settings:

  1. Log into the Protection Engine Console
  2. Click on the Configuration and choose Protocol
  3. Verify that ICAP is selected
  4. Make sure that is checked in Binding address

Increase the number of ephemeral TCP ports on the Windows computer where Command Line Scanner is installed:

=> Warning <=
Increasing the number of ephemeral TCP ports requires that a modification to the registry is done.  Symantec does not accept any responsibility for modifications to the registry.
Please make sure that you follow these steps carefully. It is highly recommended to backup the registry before you modify it.
For more information about how to back up and restore the registry, please read  the following Microsoft Knowledge Base How to back up and restore the registry in Windows

  1. Add the DWORD value MaxUserPort to the registry. A comprehensive description of how to do that can be found in this Microsoft article: http://support.microsoft.com/kb/196271 
  2. Set this DWORD value to a number higher than the default 5000 (decimal). Only increase the value in small steps, e.g. by 1000 or 2000.
  3. Reboot the computer
  4. The computer where the files reside that need to be scanned, may also need to have the number of ephemeral TCP ports increased.  For a Windows computer, please follow http://support.microsoft.com/kb/196271 . For non-Windows computers, please refer to the documentation that applies to that Operating System.

NOTE:  Symantec provides these links as a convenience only. The inclusion of such links does not imply that Symantec endorses , recommends, or accepts any responsibility for the content of such sites.