Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

DLP Agent on Windows Server 2008 R2 64bit

Created: 09 Oct 2012 • Updated: 10 Oct 2012 | 11 comments
UFO's picture
This issue has been solved. See solution.

Need advice on how to install DLP agent on Windows Server 2008 R2 64-bit. The problem is that manual installation with simple running msi file doesn't prompt for Enforce server settings. Thus even though all appropriate agent services are running, Enforce central console doesn't show the endponit agent. If I choose to install in silent mode with enforce server settings set up in the .bat file result doesn't change - services are running but I cannot see agent running from DLP admin console.

Is there a way to verify installation of DLP agent on endpoint? 

Comments 11 CommentsJump to latest comment

DLP Solutions's picture

Since this is on a Server, you may want to look at the Firewall settings. Also look at the install logs to see if there are any errors.

Please make sure to mark this as a solution

to your problem, when possible.

 

UFO's picture

Yes I did disabled antivirus software and firewall for testing purposes. I have checked all files that should have been installed and they're all did well. Both Endpoint Agent and Watchdog services were started.

Will look at logs...

STS: DLP

pete_4u2002's picture

if the DLP endpoint installed will have service named "EDPA" & "WDP", you can verify in services.msc.

 

also check the Article ID: 54753

If the Endpoint agent is not installed or services are not started then the results for netstat will return no results.

If your Endpoint server IP address is, 192.168.2.52  You can perform the following telnet test from a endpoint agent that is not checking in.

open a Command window:

telnet 192.168.2.52 8000

<If the port is open, this command should take you to a blank screen, if it is blocked you will receive a connection refused message>

Another good test you can perform from the Endpoint Agent is a netstat test which will show you what ports are connected/established or listening.
The endpoint server should be listening on port 8000 (0.0.0.0:8000 LISTENING),  The endpoint agent, if connected will show ESTABLISHED on port 8000

Example From Endpoint server:  

<Endpoint Server> C:\>netstat -aon | find "8000"
  TCP    0.0.0.0:8000                0.0.0.0:0                         LISTENING       2192
  TCP    192.168.2.52:8000      192.168.2.53:1433      ESTABLISHED     2192
  TCP    192.168.2.52:8000      192.168.2.54:49306     ESTABLISHED     2192
  TCP    192.168.2.52:8000      192.168.2.55:49160     ESTABLISHED     2192

<The endpoint server example above shows that the server is listening on port 8000, and that 3 Endpoint Agents are ESTABLISHED (192.168.2.53,54,55)>

You can perform the same test from the Endpoint Agent. Here are the type results you "should" see if the agent is connected.

<Endpoint Agent> C:\>netstat -aon | find "8000"
  TCP    192.168.2.53:1433      192.168.2.52:8000      ESTABLISHED     2016

 

 

 

UFO's picture

 EDPA & WDP installed and running. netstat gives result. No PIDs mentioning those 2 services.

STS: DLP

DLP Solutions's picture

I have an agent running on my Windows 2008 R2 server with no issues. You sure it was the 64bit version? Where in the UI are you looking for the agent? Did you install the agent using the provided batch file, or your own?

Uninstall it and try doing it without the ARPSYTEMINSTALL option.. then it will show up in the control panel.

msiexec /i AgentInstall64.msi /q INSTALLDIR="C:\Program Files\Manufacturer\Endpoint Agent\" ENDPOINTSERVER="hostname" KEY="" UNINSTALLPASSWORDKEY="" SERVICENAME="EDPA" WATCHDOGNAME="WDP"

Please make sure to mark this as a solution

to your problem, when possible.

 

SOLUTION
UFO's picture

64 bit - sure. I am not sure about ENDPOINTSERVER="hostname"... Probably it should be port name there too

BTW is it possible to set up DLP agent on the same server that is running the platform?

STS: DLP

DLP Solutions's picture

Also try and restart the Monitor Contorller.. and the services on the Endpoint Server too.

Please make sure to mark this as a solution

to your problem, when possible.

 

pete_4u2002's picture

is the detection server showing running in the console?

UFO's picture

Enforce and Detection servers are both running.

 

UPDATE: have found the solution. On the DLP web console there are settings for Enforce server and there are Agent Listening options including host and port settings. Default settings are:

Host: 0.0.0.0 (which means that it listens agents on all IP addresses)

Port is 8100

I have changed host from 0.0.0.0 to actual IP address of the enforce server, then uninstalled DLP agent on the endpoint machine. Then performed silent install with real IP and port values and agent installed successfully.

STS: DLP

DLP Solutions's picture

Are there any agents connected to the Endpoint server? The Firewall on the endpoint server might be causing the issue.

Please make sure to mark this as a solution

to your problem, when possible.