Troubleshoot Agents not reporting into the Enforce Console
book
Article ID: 188464
calendar_today
Updated On:
Products
Data Loss Prevention Endpoint DiscoverData Loss Prevention Endpoint PreventData Loss Prevention EnforceData Loss Prevention
Issue/Introduction
Endpoint Agents are not Reporting into the Enforce Console
Environment
Any
Cause
The most common cause of this issue is that the Endpoint Agent is pointed to the wrong Endpoint Server. - Configuration - Services not running - Network issues
Resolution
For thorough troubleshooting I recommend starting with the first step and going through each step in order to ensure that all steps are checked.
1. Check for basic network connectivity.
PING <ipaddress>
Ping the Endpoint Server from the Enforce Server to confirm they can see each other.
Ping the Endpoint Server from the Agent to confirm they can see each other.
If the ping command fails, then you have a basic networking issue and the two machines are unable to see each other.
TELNET <ipaddress> <port>
Telnet from the Enforce Server to the Endpoint Server over port 8100
Telnet from the Endpoint Agent to the Endpoint Server over port 10443
If the ping works, but the telnet fails that tells us that we can communicate with the machine, but the specific port is not open. This likely means there is either a firewall blocking the port, or the service is not running.
2. Check that all servers and services are showing up and running.
Enforce Server
Log into the Enforce Server
Confirm that all of the Enforce Services are up and running
SymantecDLPDetectionServerController
SymantecDLPIncidentPersister
SymantecDLPManager
SymantecDLPNotifier
The DetectionServerController service is the one we are most interested in as this controls communication between the Enforce Server and all of the Detection Servers, but all services should be up and running normally.
Endpoint Server
Log into the Endpoint Server
Confirm that the DetectionServerService is up and running.
Log into the Enforce Console
Go to the System Overview Page
Confirm that your Endpoint Server is reporting in and showing running.
Open the Endpoint Server Details page
Again, confirm everything looks like it is running.
And take note of what you have listed as the "Host", this should be an IP address or a Hostname
Endpoint Agent
Log into the Endpoint Agent
Confirm that the EDPA and WDP services are running.
3. Confirm the Endpoint Agent is pointed to the correct Endpoint Server.
Log into the Endpoint Agent
Copy the "vontu_sqlite3.exe" tool into the "Endpoint Agent" installation directory
Agent Tools can be found in the "Tools" directory from the Agent Package originally downloaded from Symantec.
Please also note that if you have to make changes to the Endpoint Server information, you will also need to copy the "service_shutdown.exe" tool.
Open an Administrative CMD prompt
CD to the Endpoint Agent installation location where the tools and .ead files are located.
Open the "cg.ead" file using vontu_sqlite3.exe
vontu_sqlite3 -db=cg.ead
You will be prompted for your Tools password
Query the cg.ead file for the server information.
SELECT * FROM configuration WHERE name="ServerCommunicator" AND setting="SERVER_HOST_AND_PORT_LIST";
We are interested in the IP Address and Port listed, in the above screenshot "192.0.2.2:10443"
This tells us what server it is pointed to and what port it is using (default port is 10443).
We should compare the IP Address or Hostname to what was seen in Step#2 above from the Endpoint Server, these should match exactly in most scenarios.
If these values do not match, then update your agent configuration with the below command...
UPDATE configuration SET value="<EndpointServer>:<Port>" WHERE name="ServerCommunicator" AND setting="SERVER_HOST_AND_PORT_LIST";
EXAMPLE:UPDATE configuration SET value="192.0.2.2:10443" WHERE name="ServerCommunicator" AND setting="SERVER_HOST_AND_PORT_LIST";
After making changes to the Endpoint Server you MUST restart the Agent Services before the changes will take effect.
If you are still having problems at this point, you should open a ticket with Technical Support. When you do so please provide all of the above information for the agent along with a full set of logs from your Endpoint Agent, Endpoint Server and Enforce Server so the Technical Support Engineer can quickly and easily assist you with determining what is going on.