Endpoint Prevent server reports status "Unknown" after upgrading to DLP 16.0
search cancel

Endpoint Prevent server reports status "Unknown" after upgrading to DLP 16.0


Article ID: 256274


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


After upgrading the DLP Endpoint Prevent server to DLP 16.0 it stops reporting and it's status stays on "Unknown". Restarting the services on both the Enforce and the Endpoint Prevent server does not resolve the issue.


DLP 16.0


MonitorController log shows the following error/s:

WARNING: Endpoint Channel mapper failed to auto provision the keystore for 'Detector Primo/Secundo' monitor. Error: Failed to auto provision the Detector Primo/Secundo-109-258 keystore for component EPS. Error:Failed to create keystore


The problem is the the forward slash "/" in the Endpoint Prevent server name. In DLP 16.0 whenever a jks keystore is created/autoprovisioned for an Endpoint Prevent server it will create the file with a name as specified in the name of the server. Since the name of the server contains a slash it will be wrongly interpreted by Windows as a directory structure separator. 


The below is a workaround to address the issue ad-hoc to restore Endpoint Prevent server to normal operation. The core issue is planned to be resolved in the next version release.


1. Remove the affected Endpoint Prevent server from the Enforce Console.

2. Add the same server back but remove the slash from the name.

3. The server should start communicating with the Enforce server without any further actions. Endpoint agents started reporting normally through the renamed server without further issues.


Note: Renaming the server through the Console GUI will not resolve the issue as it only changes the display name but it's the unique identifier, which is the server's name at the time of adding, will remain the same.