Event Code 1302 - Error starting File Reader. Failed to create server socket on address:port - 0.0.0.0:1344. No incidents will be detected.
Article ID: 250812
Updated On:
Products
Data Loss Prevention Network Monitor and Prevent for Web
Data Loss Prevention Enterprise Suite
Data Loss Prevention Core Package
Data Loss Prevention
Data Loss Prevention Network Web
Issue/Introduction
The FileReader is failing to start and shows as Running Selected in the Enforce console server Overview page:
The DLP Events log shows the Event Code 1302 for the Network Prevent for Web servers:
In the FileReader0.log we have the following events:
File: FileReader0.logDate: 19/09/2024 12:13:17Class: com.vontu.messaging.FileReaderSetupMethod: initializeLevel: SEVEREMessage: (DETECTION.3) Failed to initialize Detectioncom.vontu.messaging.induction.InductorException: Failed to create a server socket on address:port - 0.0.0.0:1344. at com.vontu.icap.IcapInductorConfigurator.start(IcapInductorConfigurator.java:204) at com.vontu.icap.IcapInductor.start(IcapInductor.java:244) at com.vontu.messaging.induction.InductorPool.start(InductorPool.java:172) at com.vontu.messaging.FileReader.start(FileReader.java:482) at com.vontu.messaging.FileReaderSetup.initialize(FileReaderSetup.java:110) at com.vontu.messaging.FileReader.main(FileReader.java:324)Caused by: java.lang.NullPointerException at com.vontu.icap.IcapInductorConfigurator.start(IcapInductorConfigurator.java:184) ... 5 moreFile: FileReader0.logDate: 19/09/2024 12:13:17Class: com.vontu.logging.LocalLogWriterMethod: writeLevel: SEVEREMessage: File Reader failed to start. Error starting File Reader. Failed to create a server socket on address:port - 0.0.0.0:1344. No incidents will be detected.Environment
DLP versions 15.8 MP3, 16.0.x
Cause
This error and issue has been observed in the following scenarios:
- Stunnel was previously enabled on the prior version 15.8 MP1 before upgrading to 15.8 MP3.
- The keystore file was either corrupted or tampered with by another application such as an Antivirus application.
- The keystore password was not set correctly or updated in the Enforce console. In this case will see the follow entry in the FileReader log indicating the password verification failed:
File: FileReader0.logDate: 19/09/2024 12:22:20Class: com.vontu.icap.SocketCreationHelperMethod: getServerSocketLevel: WARNINGMessage: There was error creating the socket connection. Error: Keystore was tampered with, or password was incorrectjava.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71) at java.security.KeyStore.load(KeyStore.java:1445) at com.vontu.icap.SocketCreationHelper.getSslContext(SocketCreationHelper.java:183) at com.vontu.icap.SocketCreationHelper.getServerSocket(SocketCreationHelper.java:102) at com.vontu.icap.IcapInductorConfigurator.start(IcapInductorConfigurator.java:178) at com.vontu.icap.IcapInductor.start(IcapInductor.java:244) at com.vontu.messaging.induction.InductorPool.start(InductorPool.java:172) at com.vontu.messaging.FileReader.start(FileReader.java:482) at com.vontu.messaging.FileReaderSetup.initialize(FileReaderSetup.java:110) at com.vontu.messaging.FileReader.main(FileReader.java:324)Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790) ... 12 moreResolution
- Turn off s-tunnel service (it is no longer supported).
- Ensure that you whitelist the DLP server product in any and all other security software on the host operating system to avoid corruption or conflict.
- Following the product documentation for your version recreate the keystore file with the correct password and update/add it in the Enforce console.
Additional Information
The FileReaderX.log can be found in the default location C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP-Version>\logs\debug
Useful links:
- Configuring a secure ICAP keystore for Network Prevent for Web (16.0.2 - techdocs.broadcom.com)
- How to setup Secure ICAP in Network Prevent for Web using Third Party Certificates (knowledge.broadcom.com)
- Servers with Antivirus and Symantec Data Loss Prevention (DLP) Server Software (knowledge.broadcom.com)
Feedback
Yes
No
Powered by
