EndpointServer subservice is stuck in Starting state on a DLP Endpoint Prevent detection server
search cancel

EndpointServer subservice is stuck in Starting state on a DLP Endpoint Prevent detection server

book

Article ID: 386042

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite

Issue/Introduction

After a recycle of DLP services on an Endpoint Prevent detection server, the EndpointServer (also named Aggregator) subservice is seen in the Enforce console as stuck in the Starting state. All other subservices are able to complete startup.

Aggregator logs will show the following or similar startup exception:

com.vontu.aggregator.Aggregator main
SEVERE: Aggregator failed to start.
java.lang.NullPointerException
    at com.vontu.incidenthandler.endpointincident.EndpointIncidentWriter.initialize(EndpointIncidentWriter.java:98)
    at com.vontu.incidenthandler.endpointincident.EndpointIncidentWriter.makeEndpointIncidentWriter(EndpointIncidentWriter.java:64)
    at com.vontu.aggregator.Aggregator.initializeReplicatorCommLayerBootstrap(Aggregator.java:481)
    at com.vontu.aggregator.Aggregator.<init>(Aggregator.java:382)
    at com.vontu.aggregator.Aggregator.initializeAggregator(Aggregator.java:301)
    at com.vontu.aggregator.Aggregator.main(Aggregator.java:217)

Cause

This may be caused by an issue with Aggregator's temporary folder aggregator_temp_incident_data, which is normally created under the temp path on the detection server. On a detector, the path is defined by the following variable which you can find in the Protect.properties configuration folder:

# path for the blobs and zip directory.
vontu.temp.dir = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/16.1.00000/temp

In some environments, this can be a non-default, customized path. 

An example issue with the folder may be that it is corrupted and inaccessible. This can be verified by trying to access the folder manually in File Explorer under Windows. You may see an error similar to the below when trying to access the folder:

Resolution

Recreate the folder manually by deleting it from the disk and then creating it again. Assign Full Control permissions to the folder to the Windows account which is running the DLP services, which is important as the DLP service needs to be able to successfully read from and write to the directory.

Then recycle the DLP service on the Endpoint Prevent detector and check whether EndpointServer subservice is now able to start. 

Powered by Wolken Software