How to troubleshoot "Connection to Symantec: Failed!" status after running 'status_check' from the CLI
search cancel

How to troubleshoot "Connection to Symantec: Failed!" status after running 'status_check' from the CLI

book

Article ID: 209689

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

After running "status_check" from the CLI, the following "Failed!" message displays:

 

 

 

Cause

The domain name 'www.symantec.com' is not resolved or reachable. 

 

Resolution

To troubleshoot connectivity with www.symantec.com

  1. At the EDR CLI, type: 
    nslookup www.symantec.com

  2. If the nslookup command includes output such as "NXDOMAIN" or "Name server not reachable", troubleshoot DNS before continuing.
  3. To check connectivity to www.symantec.com, at the EDR CLI, type:
    tcp_check -t www.symantec.com 443

  4. If tcp_check is not able to connect to www.symantec.com, troubleshoot connectivity with your local networking and firewall teams.
  5. If tcp_check is able to connect via tcp, the trouble may be TLS connectivity. To check TLS, type:
    tcp_check -s www.symantec.com 443

Note: If EDR is version 4.8 or higher the port number must be preceded by "-p"

tcp_check -t www.symantec.com -p 443

Additional Information

The bootstrap CLI command can change the IPv4 address, netmask, nameservers, default gateway, and additional routes if the local networking or firewall teams identify changes are needed to address the nameserver(s) or correctly route traffic. For more information, see Symantec EDR Help: 

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-6/about-v96380626-d38e6/running-bootstrap-to-configure-the-appliance-v101321450-d38e10341.html

 

 

Powered by Wolken Software