Error: "Cannot connect to host or IP address." in process or scanengine log of Symantec Protection for SharePoint Servers 5.1.x

book

Article ID: 177983

calendar_today

Updated On:

Products

Scan Engine Protection for SharePoint Servers

Issue/Introduction

At random intervals, the process or scanengine log of Symantec Protection for SharePoint Servers (SPSS) 5.1.x shows the error "Cannot connect to host or IP address." These errors appear more frequently during periods of load or when running a manual scan with SPSS 5.1.x.

Symptoms
 

  • An error similar to the following may appear in the scanengine log of SPSS:
    2009-10-07 08:27:34, "5a2e8669-574e-43a9-b455-cacf33a1e479","192.168.1.2",1344,"Offline","Warning","Checking","Symantec Scan Engine check result: Cannot connect to host or IP address..."
  • An error simnilar to the following may appear in the process log of SPSS:
    2009-10-07 15:30:07,"Error","Process","http://example.com/Sites/DashboardLite/Security/Template Sample - Web Application Threat Model.doc",".doc","Scan","Scheduler","Error","None",248832,0,"An error was detected during the scanning process. Error: Scan Engine: 500 System.Exception: PCSAG.ICAPLib.ICAPException: Cannot connect to host or IP address.
    at PCSAG.ICAPLib.ICAPRequest.a(Uri A_0)
    at PCSAG.ICAPLib.ICAPRequest.a(Int64 A_0, Stream A_1) File:
    http://example.com/Sites/DashboardLite/Security/Template Sample - Web Application Threat Model.doc ---> PCSAG.ICAPLib.ICAPException: Cannot connect to host or IP address.
    at PCSAG.ICAPLib.ICAPRequest.a(Uri A_0)
    at PCSAG.ICAPLib.ICAPRequest.a(Int64 A_0, Stream A_1)
    --- End of inner exception stack trace ---. Please contact your administrator to verify this message.",0,"",""
  • A netstat -an reveals a large number of connections in either a TIME_WAIT or LAST_ACK state.



 

Resolution


To reduce or eliminate these errors

  1. Tune TCP stack settings within the Windows registry
  2. Configure Scan Engine's ConnectionBacklog setting
  3. Restart the Symantec Scan Engine service to make ConnectionBacklog setting effective




To tune TCP stack settings within the Windows registry

  1. Open the Windows registry
  2. Navigate to \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
  3. If the DWORD value MaxUserPort does not exist, create it.
  4. Set MaxUserPort to a decimal value of 60000.
  5. If the DWORD value TcpTimedWaitDelay does not exist, create it.
  6. Set TcpTimedWaitDelay to a decimal value of 30.



To configure Scan Engine's ConnectionBacklog setting at the Windows cmd prompt

  1. To change directory to the Scan Engine folder, type:
    cd C:\Program Files\Symantec\Scan Engine\
     
  2. To set the Connection Backlog setting within Scan Engine, type:
    java -jar xmlmodifier.jar -s //protocol/ICAP/ConnectionBacklog/@value "128" configuration.xml