CWP for Storage instance fails to enroll and the stack rolls back
search cancel

CWP for Storage instance fails to enroll and the stack rolls back

book

Article ID: 277010

calendar_today

Updated On:

Products

Cloud Workload Protection for Storage

Issue/Introduction

Enrollment fails and the stack rolls back. The resulting logs contain keywords such as the following:

enroll failed
Enrollment failed; rolling back stack
The table specified does not exist.
WARNING: 
There are no credentials provided in your command and environment, we will query for account key for your storage account.
It is recommended to provide --connection-string, --account-key or --sas-token in your command as credentials.
You also can add `--auth-mode login` in your command to use Azure Active Directory (Azure AD) for authorization if your login account is assigned required RBAC roles.
For more information about RBAC roles in storage, visit https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli.

Cause

Multiple possible causes:

- network communications cannot reach Symantec public servers, or

- overly tight permissions on RBAC roles

Resolution

To test network access to Symantec public servers

within the VM, type: 

curl -kv http://liveupdate.symantec.com
curl -kv https://usea1.r3.securitycloud.symantec.com
curl -kv https://scwp.securitycloud.symantec.com
curl -kv https://spoc-pool-gtm.norton.com
curl -kv https://us.spoc.securitycloud.symantec.com:443

If any of these tests show failures to resolve hostname or failures to connect, check configuration of network for the related Azure or AWS environment.

If the network permits access to these public Symantec servers, then examine RBAC starting with the Microsoft KB https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli