Flex Response - Manual Quarantine - Release from Quarantine issue - Network layer error: transport closed in negotiate
search cancel

Flex Response - Manual Quarantine - Release from Quarantine issue - Network layer error: transport closed in negotiate

book

Article ID: 247879

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Enforce Data Loss Prevention Network Discover Data Loss Prevention Network Protect

Issue/Introduction

Server Flex Response plugins - Manual Quarantine - Release from Quarantine does not execute.

Errors seen in tomcat localhost logs:

05 Aug 2022 12:29:22,863- Thread: 133 INFO [com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineReporter] [Thread-25] Starting quarantine reporting for file \\ServerName\Share\Test.xlsx

05 Aug 2022 12:29:23,023- Thread: 116 FINE [com.vontu.login.valve.CharacterEncodingValve] Set servlet request's character encoding to: UTF-8
05 Aug 2022 12:29:23,213- Thread: 133 WARNING [jcifs.smb.SmbTreeConnection] Referral failed, trying next
Cause:
jcifs.smb.SmbException: Failed to connect: ServerName/ServerIPjcifs.smb.SmbException: Failed to connect: ServerName/ServerIP
 at jcifs.smb.SmbTransportImpl.ensureConnected(SmbTransportImpl.java:656)
 at jcifs.smb.SmbFile.exists(SmbFile.java:821)
 at jcifs.smb.SmbFile.isDirectory(SmbFile.java:1043)
 at com.symantec.dlpx.flexresponse.quarantine.shared.VontuFile$SmbFileStream.<init>(VontuFile.java:546)
 at com.symantec.dlpx.flexresponse.quarantine.shared.VontuFile.<init>(VontuFile.java:68)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)
Caused by: jcifs.util.transport.TransportException: java.io.IOException: transport closed in negotiate
 at jcifs.util.transport.Transport.run(Transport.java:759)
 ... 1 more
Caused by: java.io.IOException: transport closed in negotiate
 at jcifs.smb.SmbTransportImpl.negotiatePeek(SmbTransportImpl.java:580)
 at jcifs.util.transport.Transport.run(Transport.java:732)
 ... 1 more

jcifs.util.transport.TransportException: java.io.IOException: transport closed in negotiatejcifs.util.transport.TransportException: java.io.IOException: transport closed in negotiate
 at jcifs.util.transport.Transport.run(Transport.java:759)
 at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: transport closed in negotiate
 at jcifs.smb.SmbTransportImpl.negotiatePeek(SmbTransportImpl.java:580)
 at jcifs.util.transport.Transport.run(Transport.java:732)
 ... 1 more

java.io.IOException: transport closed in negotiatejava.io.IOException: transport closed in negotiate
 at jcifs.smb.SmbTransportImpl.negotiatePeek(SmbTransportImpl.java:580)
 
 at jcifs.util.transport.Transport.run(Transport.java:732)
 at java.lang.Thread.run(Thread.java:748)

05 Aug 2022 12:29:23,223- Thread: 133 INFO [com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineReporter] 
 "Could not release file from quarantine; got error: Could not access "\\ServerName\Share\Test.xlsx", Network layer error: transport closed in negotiate.
[Thread-25] Finished quarantine reporting for file \\ServerName\Share\Test.xlsx
05 Aug 2022 12:29:23,223- Thread: 133 SEVERE [com.vontu.incidentresponse.action.invoker.ActionInvoker] (RESPONSE_ACTION.12) FlexResponse Action [Release From Quarantine] failed with message: "Could not release file from quarantine; got error: Could not access "\\ServerName\Share\test.xlsx", Network layer error: transport closed in negotiate..

Environment

Component : Server Flex Response plugin

Cause

The issue is caused by the SMB share being hardened to use a specific SMB protocol which causes the SMB negotiation to fail with Enforce.

Resolution

Set jcifs.smb.client.useSMB2Negotiation=true in the jcifs.properties

Restart the SymantecDLPManagerService for the changes to take effect

Powered by Wolken Software