The Symantec Security Information manager (SSIM) is no longer receiving events from the Symantec Endpoint Protection (SEP) manager and events display errors
search cancel

The Symantec Security Information manager (SSIM) is no longer receiving events from the Symantec Endpoint Protection (SEP) manager and events display errors

book

Article ID: 177736

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

The SEP collector is no longer sending events from the SEP manager, however you still receive events stating "Cannot create connection to database".

Symptoms
You may see either or both of the messages below being received from the SEP collector:

- Cannot create connection to database(URL: jdbc:sqlserver://<ip address>:<port> ;DatabaseName=sem5). Reason: The TCP/IP connection to the host has failed. java.net.SocketTimeoutExecption: connect timed out
- Cannot create connection to database(URL: jdbc:sqlserver://<ip address>:<port> ;DatabaseName=sem5). Reason: The TCP/IP connection to the host has failed. java.net.ConnectExecption: connection refused

 

Cause

The above symptoms indicate the collector and sensor are both working. The sensor is unable to make a network connection due to a communication failure outside the control of the sensor.

Resolution

This issue can have multiple causes/solutions depending upon the underlying nature of the problem.

LiveUpdate the Collector
A recent LiveUpdate solved some database connectivity issues with the SEP collector while the database was doing maintenance. See this document for more information about the update, see this document for information about how to update SSIM collectors.

SQL server port number issues
Verify the SQL server port that is being used.

    • By default SQL server uses port 1433 but is configurable.
      • Verify the port that is being used and update the Database URL with the correct port.
    • Microsoft SQL Server 2005 has the capability to use Dynamic ports.
      • If the database instance is using Dynamic ports, make sure the collector is setup with MS SQL Server JDBC Drivers version 1.2 and remove the port from the Database URL.


Firewall Blocking the port
Verify you can telnet from the agent to the SQL server on the correct port.
telnet <SQL Server IP/hostname> <port> 

    • If after confirming the port the database is setup with and the computer is listening on that port but telnet fails to connect, a firewall may be blocking that port.
      • Make sure the port is open on both a local firewall (on that computer) and any network firewalls the traffic must travel through.
      • Also make sure there are no routing issues causing the traffic to never reach the Database, or cause the return traffic to fail to reach the SSIM.




 


Powered by Wolken Software