DLP Fails to Obtain MIP Labels from Azure
search cancel

DLP Fails to Obtain MIP Labels from Azure

book

Article ID: 226166

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention

Issue/Introduction

 DLP fails to obtain MIP labels from Azure.

MIP profile successfully created but it never actually obtains the data classification labels from Azure RM so they are always blank when trying to create an MIP policy.

When creating a MIP profile it appears to immediately check that it can connect to Azure RM using the tenantID etc and at that point in time and sometime in the next 4 hours it should try to download the MIP labels. 

Attempting to create a MIP Response Rule, the Label menu is empty.

Environment

Release : 15.8, 16.x

Cause

You can find a log file on the enforce server which may be of use from:

D:\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\bin\mip_data\mip\logs\

You will see a log file mip_sdk.miplog.

In the following example an attempt is made to connect to https://dataservice.protection.outlook.com/* and failed,

Info 2021-09-15 00:00:00.884 http_director_impl.cpp:123 java (6696) "Sending HTTP request: ID: {<ID #>}, Type: GET, Url: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies?supportedMaxVersion=1.0.48.0, Body Size: 0, Headers['ClientInfo'] = 'mip_ver=1.7.133;os_name=win;os_ver=6-3-9600;runtime=msvc-1916;arch=x64', Headers['Content-Type'] = 'application/xml;charset=utf-8', Headers['Authorization'] = 'UOID:<UOID#>;Tenant:<tenant ID>;Audience:https://*r.o365syncservice.com;Roles:UnifiedPolicy.Tenant.Read;'" mipns::HttpDirectorImpl::DoSendHttp 7696

Look for an error message.

Error 2021-09-15 00:00:00.947 http_director_impl.cpp:249 java (6696) "HTTP operation failed Failed with: [OperationCancelledError: 'HTTP operation cancelled']" mipns::HttpDirectorImpl::OnHttpOperationFailed 7696

Or Reviewing the Enforce LocalHost log, the following errors may be seen.

18 Mar 2022 13:30:54,817- Thread: 106 SEVERE [com.vontu.manager.ui.LogToServerController] loggedInUser:[<username>], url:[/ProtectManager/UpdateAddCommand.do], browserInformation:[Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; wbx 1.0.0; wbxapp 1.0.0; Zoom 3.6.0; rv:11.0) like Gecko], browserLocale:[en-US], userLocale:[en_US]
Javascript error at line 244: Syntax error

18 Mar 2022 13:30:54,832- Thread: 104 SEVERE [com.vontu.manager.ui.LogToServerController] loggedInUser:[<username>], url:[/ProtectManager/UpdateAddCommand.do], browserInformation:[Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; wbx 1.0.0; wbxapp 1.0.0; Zoom 3.6.0; rv:11.0) like Gecko], browserLocale:[en-US], userLocale:[en_US]
Javascript error at line 1837: Unable to get property 'initAIPDropDowns' of undefined or null reference

18 Mar 2022 13:30:54,859- Thread: 110 SEVERE [com.vontu.manager.ui.LogToServerController] loggedInUser:[<username>], url:[/ProtectManager/UpdateAddCommand.do], browserInformation:[Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; wbx 1.0.0; wbxapp 1.0.0; Zoom 3.6.0; rv:11.0) like Gecko], browserLocale:[en-US], userLocale:[en_US]
Javascript error at line 1: Unable to get property 'sendMessage' of undefined or null reference

Resolution

Double check if there are any internal blockage to any of three possible url's,

And, make sure these are whitelisted for port 443 with either firewall or proxy severs.

If Javascript errors are seen in the localhost log, try to clear the browser cache or use a different browser. In one case, Chrome Version 99.0.4844.84 failed to see the labels, but Microsoft Edge Version 100.0.1185.36 successfully populated the label menu.

Powered by Wolken Software