RiskFabric console crashes during writeback to DLP
search cancel

RiskFabric console crashes during writeback to DLP

book

Article ID: 269568

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

The Information Centric Analytics (ICA) console repeatedly crashes after remediating one or more DIM incidents. Errors similar to the following are logged in the RiskFabric server log:

[89:ERROR] LogUtils.LogActivity() An exception was thrown by _UpdateIncidents while processing remediation set DIMRemediationSetID=<n> for DLP Writeback on LinkedServer <n>. Abort all processing for all LinkedServers.
System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://<hostname>/ProtectManager/services/v2011/incidents that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it <IP-address>

A corresponding .NET Runtime error is logged in Windows' Application log:

Application: w3wp.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at RiskFabric.Web.Library.Utils.LogUtils.GetHostAndIP(System.String ByRef, System.String ByRef) at RiskFabric.Web.Library.Utils.LogUtils.LogActivity(System.String, System.String, Boolean, System.Exception, System.Nullable`1<Int64>) at RiskFabric.Web.Library.DIM.DLP.DlpIncidentRemediation.DLPIncidentRemediationProcess() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart()

Environment

Release : 6.6

Cause

This is caused by an unhandled exception that is triggered when the Symantec Data Loss Prevention (DLP) Enforce server to which ICA is attempting writeback is offline or otherwise unavailable.

Resolution

Apply HF1 to ICA version 6.6.0 or upgrade to 6.6 MP1 (6.6.1.0).

Powered by Wolken Software