Multiple Scans of the File Server shows "Unknown Error"
search cancel

Multiple Scans of the File Server shows "Unknown Error"

book

Article ID: 222257

calendar_today

Updated On:

Products

Data Loss Prevention Discover Suite

Issue/Introduction

After upgrade to DLP 15.8, Discover Scan of File Servers fails with unknown error.

Environment

Release : 15.8

Component : Network Discover

Cause

This can be caused by protocol mismatching.  The target server supports a protocol that the discover server does not.  DLP Logs may show errors similar to the following

 

Aug 20, 2021 9:52:26 PM com.vontu.discover.crawler.framework.RepositoryCrawler createSortedContentRootProviders
SEVERE: Unknown Error.
com.vontu.discover.repository.RepositoryException: Unknown Error.
 at com.vontu.filesystemcrawler.ExceptionConverterImpl.createRepositoryException(ExceptionConverterImpl.java:169)
 at com.vontu.filesystemcrawler.ExceptionConverterImpl.convertSmbException(ExceptionConverterImpl.java:252)
 at com.vontu.filesystemcrawler.share.ShareProviderExceptionHandler.convertSmbException(ShareProviderExceptionHandler.java:67)
 at com.vontu.filesystemcrawler.share.JcifsShareProvider.getShares(JcifsShareProvider.java:119)
 at com.vontu.filesystemcrawler.FileSystemContentRootProvider.createContentRootIterator(FileSystemContentRootProvider.java:100)
 at com.vontu.filesystemcrawler.FileSystemContentRootProvider.<init>(FileSystemContentRootProvider.java:78)
 at com.vontu.filesystemcrawler.FileSystemContentRootProvider.<init>(FileSystemContentRootProvider.java:62)
 at com.vontu.filesystemcrawler.FileSystemContentRootProviderFactory.create(FileSystemContentRootProviderFactory.java:53)
 at com.vontu.discover.crawler.framework.RepositoryCrawler.createSortedContentRootProviders(RepositoryCrawler.java:787)
 at com.vontu.discover.crawler.framework.RepositoryCrawler.crawl(RepositoryCrawler.java:673)
 at com.vontu.discover.crawler.framework.RepositoryCrawler$CrawlerThread.run(RepositoryCrawler.java:486)

 at jcifs.smb.SmbTransportImpl.ensureConnected(SmbTransportImpl.java:656)
 at jcifs.smb.SmbTransportPoolImpl.getSmbTransport(SmbTransportPoolImpl.java:214)
 at jcifs.smb.SmbTransportPoolImpl.getSmbTransport(SmbTransportPoolImpl.java:1)
 at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:560)
 at jcifs.smb.SmbTreeConnection.connectHost(SmbTreeConnection.java:484)
 at jcifs.smb.SmbEnumerationUtil.doShareEnum(SmbEnumerationUtil.java:149)
 at jcifs.smb.SmbEnumerationUtil.doEnum(SmbEnumerationUtil.java:222)
 at jcifs.smb.SmbEnumerationUtil.listFiles(SmbEnumerationUtil.java:283)
 at jcifs.smb.SmbFile.listFiles(SmbFile.java:1253)
 at com.vontu.filesystemcrawler.share.JcifsShareProvider.getSmbFiles(JcifsShareProvider.java:156)
 at com.vontu.filesystemcrawler.share.JcifsShareProvider.getShares(JcifsShareProvider.java:138)
 at com.vontu.filesystemcrawler.share.JcifsShareProvider.getShares(JcifsShareProvider.java:101)
 ... 7 more
Caused by: jcifs.util.transport.TransportException: java.io.IOException: transport closed in negotiate
 at jcifs.util.transport.Transport.run(Transport.java:759)
 at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: transport closed in negotiate
 at jcifs.smb.SmbTransportImpl.negotiatePeek(SmbTransportImpl.java:580)
 at jcifs.smb.SmbTransportImpl.negotiate2(SmbTransportImpl.java:622)
 at jcifs.smb.SmbTransportImpl.negotiate(SmbTransportImpl.java:524)
 at jcifs.smb.SmbTransportImpl.doConnect(SmbTransportImpl.java:673)
 at jcifs.util.transport.Transport.run(Transport.java:732)
 ... 1 more

Possible to see this 'unknown error' in the discover_operational log:

 

12/Mar/22:19:00:07:389-0800 [SEVERE] (DISCOVER.111) Could not identify error condition: System error 1312 has occurred.

A specified logon session does not exist. It may already have been terminated.

Resolution

The simplest solution is to use JCIFS to perform your discover scans.  Because the Network Discover scan is configured to scan the top level servers, and not specific shares, jcifs library is used to enumerate the shares.

To prevent issues with NFS shares being scanned from Windows based Network Discover servers, set the following property on the Discover Servers.

  • \Program Files\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\config
    File: JCIFS.properties
    Property: jcifs.smb.client.useSMB2Negotiation
    Value: true

  • \Program Files\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\config
      • File: crawler.properties
      • filesystemcrawler.use.jcifs = true

Recycle detection server for changes to take effect.

 
Powered by Wolken Software