Unable to connect to ICA data source
search cancel

Unable to connect to ICA data source

book

Article ID: 251842

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Information Centric Analytics

Issue/Introduction

After adding Symantec Information Centric Analytics (ICA) as a data source via the Enforce console in order to pull user risk scores from ICA, the connection fails and logs the following errors:

09 Oct 2022 11:00:00,042- Thread: 3443 INFO [com.vontu.enforce.domainlayer.datauser.source.SyncStatusEventHandler] Started user sync task for datauser named:<user> ID:1
09 Oct 2022 11:00:00,046- Thread: 3443 INFO [com.vontu.enforce.domainlayer.datauser.source.DataUserUpdateManager] Began syncing from Data source "http://<ica-host>/" (Source Name=<ica-host>).
09 Oct 2022 11:00:00,153- Thread: 3443 WARNING [com.vontu.enforce.domainlayer.datauser.source.ica.IcaUsersRetrieverService] Could not fetch ICA users from the ICA server configured. Deails:401 Invalid username or password.: [no body]
09 Oct 2022 11:00:00,153- Thread: 3443 INFO [com.vontu.enforce.domainlayer.datauser.source.ica.IcaSourceUserProvider] Skipped 0 users during ICA import. ICA user id must be available to create a user record. 
09 Oct 2022 11:00:00,153- Thread: 3443 SEVERE [com.vontu.enforce.domainlayer.datauser.source.DataUserSyncTask] User Synchronization failed:401 Invalid username or password.: [no body]
09 Oct 2022 11:00:00,155- Thread: 3443 INFO [com.vontu.enforce.domainlayer.datauser.source.SyncStatusEventHandler] Completed with failure user sync task for datauser named:<user> ID:1
09 Oct 2022 11:00:00,160- Thread: 3443 SEVERE [com.symantec.dlp.enforcedomainservices.events.system.SystemEventLogger] User import failed.. User import from data source <ica-host> has failed.
...
09 Oct 2022 11:45:30,735- Thread: 3443 WARNING [com.vontu.enforce.domainlayer.datauser.source.ica.IcaUsersRetrieverService] Could not fetch ICA users from the ICA server configured. Deails:I/O error on GET request for "https://<ica_host>/restapi/userentity": Connect to <ica-host>:443 [<ica-host>/<ip-address>] failed: Connection timed out: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to <ica-host>:443 [<ica-host>/<ip-address>] failed: Connection timed out: connect
09 Oct 2022 11:45:30,735- Thread: 3443 INFO [com.vontu.enforce.domainlayer.datauser.source.ica.IcaSourceUserProvider] Skipped 0 users during ICA import. ICA user id must be available to create a user record. 
09 Oct 2022 11:45:30,735- Thread: 3443 SEVERE [com.vontu.enforce.domainlayer.datauser.source.DataUserSyncTask] User Synchronization failed:I/O error on GET request for "https://<ica_host>/restapi/userentity": Connect to <ica_host>:443 [<ica_host>/<ip_address>] failed: Connection timed out: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to <ica_host>:443 [<ica_host>/<ip_address>] failed: Connection timed out: connect

Environment

Release : 16.0

Resolution

To pull user risk scores from ICA into DLP 16.0, the ICA data source must be at version 6.6 or greater and the connection must use an ICA REST API user account. Instructions for creating an API user in ICA are provided in the ICA Administrator's Guide:

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/information-centric-analytics/6-5-4/Administrator_Guide_1/REST-API.html