search cancel

Protection Engine scans fail with socket error: getpeername: ENOTCONN

book

Article ID: 200145

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

Symantec Protection Engine (SPE) scan fails and logs show "Error Message = socket error: getpeername: ENOTCONN". Log entry looks similar to the following:

Jul 12 18:46:22 HOSTNAME symcscan[5932]: The Symantec Protection Engine has encountered a critical error|Date/time of event = 2020-07-12 18:46:22|Event Severity Level = Error|Error Message = socket error: getpeername: ENOTCONN|Symantec Protection Engine IP address = X.X.X.X|Symantec Protection Engine Port number = 1344|Uptime (in seconds) = 2065593|Date/time of event(with millisec) = 2020-07-12 18:46:22:851|Symantec Protection Engine Host Name = HOSTNAME

Cause

The connection to SPE was closed before SPE returned a verdict, resulting in this error when it tries to respond to the connector.

Resolution

In most cases, this is caused by a RST packet sent by a load balancer between the connector and SPE. Gather a packet capture while reproducing the error. You likely will need to gather captures on the scanner and the connector. If the load balancer or connector is sending RST packets, work with the respective vendors to troubleshoot the issue. If the connection is closed by the scanner, ensure that the host machine has the most recent OS updates applied. If the scanner continues to close connections, contact support.