DLP cloud detector in "Disconnected" status
search cancel

DLP cloud detector in "Disconnected" status

book

Article ID: 197864

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Package Data Loss Prevention

Issue/Introduction

The Data Loss Prevention (DLP) Enforce Server shows that one or more DLP cloud detectors are disconnected.

Environment

  • DLP Cloud Service for Email
  • DLP Cloud Detection Service (for ICAP, or for REST)
  • DLP Cloud Detector (aka Cloud Connector)

Cause

Various issues related to the use of an Enrollment Bundle, or to the status of the Cloud Service at any time.

Resolution

This workflow offers suggestions to help you move through the problem.

Table of Contents

New install

Without any pre-existing DLP Cloud Detectors installed/enrolled prior, check for the following error codes:

Not a new install

A DLP Cloud Detector was previously connected, but now is not. Please see which of the following issues may apply.

  1. Firstly, ensure you do not need to upgrade, as versions 15.7 and prior are all End of Service. See list of current and EOS releases here
  2. Secondly, by design, the Cloud Service will “disconnect” every 24 hours. See Error: "2716 Cloud detector disconnected" periodically in DLP Enforce (broadcom.com).
  3. Thirdly, also by design, Cloud Certificates expire 3 years after enrollment.
  4. "Cloud Service is not available because of an account issue":
  5. If recycling the DetectionServerController resolves the issue but it recurs infrequently, it could be the Enforce Server connection to the Oracle Database is at fault. Please confirm the following recommendation if the Oracle database connection is severred without first stopping the Enforce Server services: Recovering from Symantec Data Loss Prevention database connectivity issues (broadcom.com)
  6. [Rare]: "The bundle refers to a Gateway different than the one that has already been configured." Happens if you have a Detector provisioned in the EU region and have subsequently added a second Detector that was setup in the US region (or vice versa): Please contact Support for assistance on this issue.
  7. If you have upgraded the Enforce "ServerJRE" to 1.8.0.211 or higher – and all Cloud Detectors have gone into a disconnected state: Please contact Support for assistance on this issue.

Additional Information

The following circumstance can occur in either old or new installs (i.e., Disaster Recovery scenarios).

If you are enrolling a Cloud Detector in an Enforce Server that is a clone of another one that previously had a Cloud Detector enrolled, this error can also occur:

  • Cloud Service is not available because of an account issue

This issue can occur even if the original Enforce Server had its Cloud Detectors deleted prior to being cloned.

Please contact Support for assistance on this issue.