Data Loss Prevention

 View Only

  • 1.  12.0 Enforce showing Endpoint devices as offline

    Posted Oct 11, 2013 11:04 AM

    I'm seeing an issue with 12.0 showing DLP devices offline, but they are actually online and able to send events.  

     

    We have 64 currently showing "OK" and the others (713) are showing under "Critical" with "Lost Connection".  I have my machine that shows as offline, but when I go do a test post to create an event, it shows right up.

     

    When I do a "netstat -aon | find "8000" on a CMD it shows a connection to the Endpoint server over 8000.  I haven't rebooted the Enforce server yet, I'll have to contact our db team to make sure our database is in standby first.  But I don't think I should have to reboot the Enforce server if this is something that's going to continually happen.

     

    Any ideas?



  • 2.  RE: 12.0 Enforce showing Endpoint devices as offline

    Posted Oct 24, 2013 01:07 PM

    Zach,

     

    If you can confirm 1 of the Endpoint workstations is online and can ping it and the Endpoint services are running could you try to go into the Agent Overview. Find one of the critical agents that shows offline or issue and select the check box for that agent. Then go to the top Actions and select restart. Wait a minute or so and then check the agent logs on the server to see if it updated.

     



  • 3.  RE: 12.0 Enforce showing Endpoint devices as offline

    Posted Jan 17, 2014 08:54 AM

    Never saw that I received a response on this.  On one computer having this issue I have confirmed the files are located in the install directory as well as checked the services on the computer and those are running.  The user is showing a last connection time of 12/20/2013.  When I check the box next to their computer name and go to restart I receive an error.

     

    One or more selected agents are not reporting and may not be able to receive troubleshooting tasks.  Please try again later.

     

     

    Any ideas other than just a reinstall?



  • 4.  RE: 12.0 Enforce showing Endpoint devices as offline

    Trusted Advisor
    Posted Jan 17, 2014 03:22 PM

    Zach,

    Do the following things and if should clear up the issue, if it does not then open a support ticket.

    1. On the Enforce Server, restart the Monitor Controller. You can do this from the UI.
    2. Then I would reboot the Endpoint Server. It will then reestablish the connections with the Endpoints and it should be clean.
    3. The other issues might be related to some firewall issues on either the Endpoints or the Server itself. So try to see if there are any FW settingsd that might be killing the connections.
    4. Do a netstat on the Endooint Server and see if it has many open connections
    5. Also how far away are the Endpoints from teh Endpoint Server? There might be a timeout issue with it.
    6. Also make sure the server specs for the Endpoint Server are high enough.

     

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak