Detection Server appears to hang during startup and BoxMonitor does not launch child java processes such as FileReader, IncidentWriter, etc
search cancel

Detection Server appears to hang during startup and BoxMonitor does not launch child java processes such as FileReader, IncidentWriter, etc

book

Article ID: 211071

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

When starting the SymantecDLPDetectionServerService on a detection (Discover, Monitor, Endpoint, Prevent) server, you notice that only one java.exe instance is launched, and the BoxMonitor log stops logging after the following entries:

com.vontu.util.config.SystemProperties setSystemProperties
INFO: System Properties:
  EMDI.EnabledOnAgents=false
  EMDI.MaxEndpointProfileMemoryInMB=100
...
INFO: Initializing the localized operational log: com.vontu.boxmonitor.logs.BoxMonitorLogHandler

com.vontu.logging.operational.api.PropertyFileOperationalLogWriter <init>
INFO: Initializing the localized operational log: com.vontu.boxmonitor.logs.BoxMonitorLogHandler

com.vontu.boxmonitor.BoxMonitor start
INFO: (BOXMONITOR.1) BoxMonitor is starting

Environment

DLP 15.x

Cause

This can be caused by the BoxMonitor java.exe binding to the localhost (127.0.0.1) IP, rather than on the IP that the Enforce can communicate on, or binding to all IPs, e.g. - 0.0.0.0:8100

Typically this happens when the ServerBindName in ../protect/config/communications.properties is blank or commented out.

 

Resolution

The best practice is to use the FQDN of the detection server for the serverBindName in Communication.properties on the detection server, e.g.

ServerBindName = detection.DOMAIN.com

Powered by Wolken Software