Troubleshoot Agents not reporting into the Enforce Console
search cancel

Troubleshoot Agents not reporting into the Enforce Console

book

Article ID: 188464

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

Endpoint Agents are not Reporting into the Enforce Console

Environment

Any

Cause

The most common cause of this issue is that the Endpoint Agent is pointed to the wrong Endpoint Server.
- Configuration
- Services not running
- Network issues

Resolution

For thorough troubleshooting I recommend starting with the first step and going through each step in order to ensure that all steps are checked.

1. Check for basic network connectivity.
  • PING <ipaddress>
  • Ping the Endpoint Server from the Enforce Server to confirm they can see each other.
  • Ping the Endpoint Server from the Agent to confirm they can see each other.
  • If the ping command fails, then you have a basic networking issue and the two machines are unable to see each other.

  • TELNET <ipaddress> <port>
  • Telnet from the Enforce Server to the Endpoint Server over port 8100
  • Telnet from the Endpoint Agent to the Endpoint Server over port 10443
  • If the ping works, but the telnet fails that tells us that we can communicate with the machine, but the specific port is not open. This likely means there is either a firewall blocking the port, or the service is not running.

2. Check that all servers and services are showing up and running.
  • Enforce Server
  • Log into the Enforce Server
  • Confirm that all of the Enforce Services are up and running
    • SymantecDLPDetectionServerController
    • SymantecDLPIncidentPersister
    • SymantecDLPManager
    • SymantecDLPNotifier
  • The DetectionServerController service is the one we are most interested in as this controls communication between the Enforce Server and all of the Detection Servers, but all services should be up and running normally.

  • Endpoint Server
  • Log into the Endpoint Server
  • Confirm that the DetectionServerService is up and running.
  • Log into the Enforce Console
  • Go to the System Overview Page
  • Confirm that your Endpoint Server is reporting in and showing running.
  • Open the Endpoint Server Details page
  • Again, confirm everything looks like it is running.
  • And take note of what you have listed as the "Host", this should be an IP address or a Hostname

  • Endpoint Agent
  • Log into the Endpoint Agent
  • Confirm that the EDPA and WDP services are running.

3. Confirm the Endpoint Agent is pointed to the correct Endpoint Server.
  • Log into the Endpoint Agent
  • Copy the "vontu_sqlite3.exe" tool into the "Endpoint Agent" installation directory
    • Agent Tools can be found in the "Tools" directory from the Agent Package originally downloaded from Symantec.
    • Please also note that if you have to make changes to the Endpoint Server information, you will also need to copy the "service_shutdown.exe" tool.
  • Open an Administrative CMD prompt
  • CD to the Endpoint Agent installation location where the tools and .ead files are located.
  • Open the "cg.ead" file using vontu_sqlite3.exe
    • vontu_sqlite3 -db=cg.ead
    • You will be prompted for your Tools password
  • Query the cg.ead file for the server information.
    • SELECT * FROM configuration WHERE name="ServerCommunicator" AND setting="SERVER_HOST_AND_PORT_LIST";
    • We are interested in the IP Address and Port listed, in the above screenshot "192.0.2.2:10443"
    • This tells us what server it is pointed to and what port it is using (default port is 10443).
    • We should compare the IP Address or Hostname to what was seen in Step#2 above from the Endpoint Server, these should match exactly in most scenarios.
    • If these values do not match, then update your agent configuration with the below command...
    • UPDATE configuration SET value="<EndpointServer>:<Port>" WHERE name="ServerCommunicator" AND setting="SERVER_HOST_AND_PORT_LIST";
      • EXAMPLE:UPDATE configuration SET value="192.0.2.2:10443" WHERE name="ServerCommunicator" AND setting="SERVER_HOST_AND_PORT_LIST";
      • After making changes to the Endpoint Server you MUST restart the Agent Services before the changes will take effect.

If you are still having problems at this point, you should open a ticket with Technical Support. When you do so please provide all of the above information for the agent along with a full set of logs from your Endpoint Agent, Endpoint Server and Enforce Server so the Technical Support Engineer can quickly and easily assist you with determining what is going on.

Additional Information

For more common issues see https://knowledge.broadcom.com/external/article?legacyId=TECH248155