No endpoint listening on DLP writeback operation
search cancel

No endpoint listening on DLP writeback operation


Article ID: 273325


Updated On:


Information Centric Analytics


Event remediation actions taken in the Information Centric Analytics (ICA) console for Data In Motion (DIM) incidents from Symantec Data Loss Prevention (DLP) are not updated in the Enforce console. The RiskFabric server log (w3wp_RiskFabric.<yyyyMMdd>.log) captures errors similar to the following:

Error getting DLP Incident: Error calling incidentDetail for source incident [<n>] - exception: There was no endpoint listening at https://<Enforce hostname>/ProtectManager/services/v2011/incidents that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.


Release : 6.x

Component : Symantec DLP Integration Pack


This can be caused by any of the following conditions:

  • Incorrect Enforce server name provided in the Symantec DLP integration
  • SOAP API specified in the Symantec DLP integration when connecting to a DLP 16.x installation
  • Firewall or network policy blocking communications between the ICA application server and the DLP Enforce server


To resolve this error, confirm the correct Enforce server name or IP address is specified in the Symantec DLP integration; ensure the correct API type is in use (DLP 15.x uses SOAP, 16.x uses REST); and ensure communications between the ICA and Enforce servers are not blocked by firewall rules or policies.