DLP Agent on Windows Server 2008 R2 64bit
Created: 09 Oct 2012 | Updated: 10 Oct 2012 | 11 comments
This issue has been solved. See solution.
Need advice on how to install DLP agent on Windows Server 2008 R2 64-bit. The problem is that manual installation with simple running msi file doesn't prompt for Enforce server settings. Thus even though all appropriate agent services are running, Enforce central console doesn't show the endponit agent. If I choose to install in silent mode with enforce server settings set up in the .bat file result doesn't change - services are running but I cannot see agent running from DLP admin console.
Is there a way to verify installation of DLP agent on endpoint?
Discussion Filed Under:
Comments 11 Comments • Jump to latest comment
Since this is on a Server, you may want to look at the Firewall settings. Also look at the install logs to see if there are any errors.
Please make sure to mark this comment as a solution to your problem, when possible.
Yes I did disabled antivirus software and firewall for testing purposes. I have checked all files that should have been installed and they're all did well. Both Endpoint Agent and Watchdog services were started.
Will look at logs...
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
if the DLP endpoint installed will have service named "EDPA" & "WDP", you can verify in services.msc.
also check the Article ID: 54753
If the Endpoint agent is not installed or services are not started then the results for netstat will return no results.
If your Endpoint server IP address is, 192.168.2.52 You can perform the following telnet test from a endpoint agent that is not checking in.
open a Command window:
telnet 192.168.2.52 8000
<If the port is open, this command should take you to a blank screen, if it is blocked you will receive a connection refused message>
Another good test you can perform from the Endpoint Agent is a netstat test which will show you what ports are connected/established or listening.
The endpoint server should be listening on port 8000 (0.0.0.0:8000 LISTENING), The endpoint agent, if connected will show ESTABLISHED on port 8000
Example From Endpoint server:
<Endpoint Server> C:\>netstat -aon | find "8000"
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 2192
TCP 192.168.2.52:8000 192.168.2.53:1433 ESTABLISHED 2192
TCP 192.168.2.52:8000 192.168.2.54:49306 ESTABLISHED 2192
TCP 192.168.2.52:8000 192.168.2.55:49160 ESTABLISHED 2192
<The endpoint server example above shows that the server is listening on port 8000, and that 3 Endpoint Agents are ESTABLISHED (192.168.2.53,54,55)>
You can perform the same test from the Endpoint Agent. Here are the type results you "should" see if the agent is connected.
<Endpoint Agent> C:\>netstat -aon | find "8000"
TCP 192.168.2.53:1433 192.168.2.52:8000 ESTABLISHED 2016
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
EDPA & WDP installed and running. netstat gives result. No PIDs mentioning those 2 services.
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
I have an agent running on my Windows 2008 R2 server with no issues. You sure it was the 64bit version? Where in the UI are you looking for the agent? Did you install the agent using the provided batch file, or your own?
Uninstall it and try doing it without the ARPSYTEMINSTALL option.. then it will show up in the control panel.
msiexec /i AgentInstall64.msi /q INSTALLDIR="C:\Program Files\Manufacturer\Endpoint Agent\" ENDPOINTSERVER="hostname" KEY="" UNINSTALLPASSWORDKEY="" SERVICENAME="EDPA" WATCHDOGNAME="WDP"
Please make sure to mark this comment as a solution to your problem, when possible.
64 bit - sure. I am not sure about ENDPOINTSERVER="hostname"... Probably it should be port name there too
BTW is it possible to set up DLP agent on the same server that is running the platform?
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
on supported platform you can install agent.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Also try and restart the Monitor Contorller.. and the services on the Endpoint Server too.
Please make sure to mark this comment as a solution to your problem, when possible.
is the detection server showing running in the console?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Enforce and Detection servers are both running.
UPDATE: have found the solution. On the DLP web console there are settings for Enforce server and there are Agent Listening options including host and port settings. Default settings are:
Host: 0.0.0.0 (which means that it listens agents on all IP addresses)
Port is 8100
I have changed host from 0.0.0.0 to actual IP address of the enforce server, then uninstalled DLP agent on the endpoint machine. Then performed silent install with real IP and port values and agent installed successfully.
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
Are there any agents connected to the Endpoint server? The Firewall on the endpoint server might be causing the issue.
Please make sure to mark this comment as a solution to your problem, when possible.
Would you like to reply?
Login or Register to post your comment.