DLP Email Prevent and Microsoft Information Protection Decrypt Fail
search cancel

DLP Email Prevent and Microsoft Information Protection Decrypt Fail

book

Article ID: 251432

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Email and Web

Issue/Introduction

DLP fails to perform detection when Microsoft Information Protection files are sent via email.

And, you notice these entries in the FileReader logs from your detection server,

File: Email_Prevent_4\logs\debug\ContentExtractionHost_FileReader.log.5
Date: 7/7/2022 5:09:24 PM
Level: ERROR
Source: MicrosoftInformationProtectionPlugin @  ..\..\..\..\MIPUtil\MIPUtil\RequestHandler.cpp (188)
PID: 7732
Thread: 5796
Message:  curl_easy_perform() failed: SSL connect error (35) - attempt: 4 retries left: 0 

File: Email_Prevent_4\logs\debug\ContentExtractionHost_FileReader.log.5
Date: 7/7/2022 5:09:24 PM
Level: TRACE
Source: MicrosoftInformationProtectionPlugin @  ..\..\..\..\MIPUtil\MIPUtil\RequestHandler.cpp (319)
PID: 7732
Thread: 5796
Message:  Curl: == Info: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.aadrm.com:443  

Environment

Release : 15.8

 

Cause

You are forwarding email from the DLP Network Prevent for Email detection server onto a Proxy server.  The TLS negotiation is failing when the plugin is using (industry-standard communication library) libcurl to get a token from api.aadrm.com.  The proxy is interfering with the connection during TLS negotiation.  

Resolution

The issue is outside of DLP and must be corrected by your Proxy server admin.

Powered by Wolken Software