HOW TO: Fix communication between Cloud Workload Protection For Storage and cloud console enrolled prior to 15th January 2020
search cancel

HOW TO: Fix communication between Cloud Workload Protection For Storage and cloud console enrolled prior to 15th January 2020


Article ID: 185706


Updated On:


Cloud Workload Protection for Storage


Cloud Workload Protection for Storage and Cloud Workload Protection for Storage–DLP installations use a URL to poll and receive communication from the cloud console over https. This URL is identified by a parameter “spoc-uri” in CAFStorage.ini file. The value of the spoc URL has changed to a newer value on 15th January 2020.  As a result, product installed or upgraded prior to 15th January 2020 needs an update to this URL in CAFStorage.ini file.


This change is not applicable to fresh installations or upgrades performed after 15th January 2020 as these will automatically get the new URL and should not have any impact.


The older spoc URL may cease to work on 8th April 2020 at which point the product may not be able to receive and apply policy information from console or respond to any other command from console.


The following two options are available to update the URL:

Option 1 - Run file on Controller Unit (CU). No downtime is required.

Option 2 - Upgrade to latest version (needs downtime during upgrade)


Option 1: Steps to file on controller unit (CU)

    1. Download the “” file attached to this KB.
    2. After unzipping the file, log in to CU and copy the script file (sh file) on to the CU instance.
    3. Navigate to CAF installation directory:

            Linux: -  /opt/Symantec/cafagent/bin

    4. Open the CAFStorage.ini file and check for the spoc-uri parameter.

            If the parameter already has value, no further steps are needed.

    5.  If the value is different then execute the script from command prompt as follows:

            Linux: - /<spoc_script_location>/

            Where “spoc_script_location” is the location where spoc script is located.


    6.  Once the script execution has completed check the ini file for the updated spoc URL as specified in step 4 above.


  • Logs for the scripts are generated at following locations:   Linux: - /var/log/spoc_url_upgrade.log


Note: - Explicit CAF service restart is not required after executing the script as the script performs this function.


Option 2: Steps for “Upgrade to latest version”. You may find details in product documentation.


  1. On the CWP for Storage console, go to Settings > Downloads.
  2. Click Download to download the CloudFormation template on the local computer.
  3. Log on to the AWS console.
  4. Go to Services > CloudFormation.
  5. Select the stack that you want to upgrade and click Actions > Update Stack.
  6. On the Select Template page, click Choose File to select the template file that you have downloaded in step 2
  7. Specify Stack Details and acknowledge


For CWPS-Azure Blob

Please follow the steps given in the link below:

Attachments get_app