search cancel

Unable to log into DLP Enforce console

book

Article ID: 215267

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Symantec DLP Incident Persister and Symantec DLP Detection Server Controller services stop after 5 minutes.

This prevents access to the Enforce console.

Cause

Incident Persister Log points towards error:

ORA-12514, TNS: listener does not currently know of service requested in connect descriptor

The SERVICE_NAME in TNSnames.ora does not match the SERVICE_NAME in the Enforce JDBC.properties file

Environment

Release : 15.x

Component : Enforce

Resolution

1. Ensure Enforce services are stopped

2.  Go to C:\SymantecDLP15.x\EnforceServer\15.x\Protect\config\JDBC.properties file and open in notepad

3. Ensure the service_name matches the TNSnames.ora file and edit the service name section in this line of the JDBC.properties file: [email protected](description=(address=(host=server.com)(protocol=tcp)(port=1521))(connect_data=(service_name=protect_server.com)))

4. Save the JDBC.properties file

5. Restart Enforce services

6. Ensure Incident Persister and Symantec DLP Detection Server Controller services stay running.

7. Ensure Incident Persister logs are be written to after Enforce services restart

8. Login to Enforce console.

9. If the above steps does not resolve the issue, then check the listener services by running "lsnrctl services"(without quotes) using admin command prompt on Oracle server.

10. Check the output and see if the protect(DLP DB) instance is listed or not.
Sample output is given below:

C:\Users\administrator.testdomain\Desktop>lsnrctl services

LSNRCTL for 64-bit Windows: Version 12.2.0.1.0 - Production on 27-AUG-2021 11:04:09

Copyright (c) 1991, 2016, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=enforce.testdomain.local)(PORT=1521)))
Services Summary...
Service "CLRExtProc" has 1 instance(s).
  Instance "CLRExtProc", status UNKNOWN, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:0 refused:0
         LOCAL SERVER
Service "protect" has 1 instance(s).
  Instance "protect", status READY, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:40 refused:0 state:ready
         LOCAL SERVER
Service "protectXDB" has 1 instance(s).
  Instance "protect", status READY, has 1 handler(s) for this service...
    Handler(s):
      "D000" established:0 refused:0 current:0 max:1022 state:ready
         DISPATCHER <machine: ENFORCE, pid: 5576>
         (ADDRESS=(PROTOCOL=tcp)(HOST=enforce.testdomain.local)(PORT=49753))
The command completed successfully


11. If "Service "protect" has 1 instance(s)" is not found in above output then restart the Oracle Protect and Listener services from services.msc console:
OracleOraDB12Home1TNSListener
OracleServicePROTECT

12. Stop and start the DLP services as per the order mentioned in below article:
https://knowledge.broadcom.com/external/article/159970/restart-dlp-enforce-services-in-the-corr.html

13. Run the lsnrctl services command again to confirm that it lists: Service "protect" has 1 instance(s)

14. Access the Enforce console and it should load successfully.