Data Loss Prevention

 View Only
Back to discussions
Expand all | Collapse all

Symantec DLP 12: error 1101, Aggregator failed to start

  • 1.  Symantec DLP 12: error 1101, Aggregator failed to start

    Posted Oct 16, 2013 04:20 AM

    Hello

    I have Symantec Data Loss Prevention 12 installed in a singe-tier mode. Endpoint detection server is installed separately on physical server. Endpoint server fails to start will error 1101 (Aggregator failed to start). Any ideas on how to fix this?

     Aggregator.JPG



  • 2.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Trusted Advisor
    Posted Oct 16, 2013 06:04 AM

    Hello,

     

     I never tested 12.0, but is it normal your endpoint server IP is local loop (127.0.0.1) or is it a bug in 12.0 not showing the right IP address ?

     

     Regards



  • 3.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Posted Oct 16, 2013 08:26 AM

    First to the server is physically connected PC - everything worked.Then, the server is moved to a different location, change the IP address and spent setting oracle, NM works, but the endpoint does not start



  • 4.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Trusted Advisor
    Posted Oct 16, 2013 09:06 AM

    which server did you moved enforce or endpoint server ?

    Is there any more information in aggregator.log file ?



  • 5.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Posted Oct 16, 2013 09:21 AM

    Stephane, sorry. It is not two-tier as I stated by mistake. The installation is single-tier, so 127.0.0.1 is ok for Endpoint server. Thank you that you have noticed that.



  • 6.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Posted Oct 16, 2013 10:31 AM
      |   view attached

    "which server did you moved enforce or endpoint server ?" - enforce.

    some information from Aggregator0.txt in attachments

     

    Attachment(s)

    txt
    aggregator0.txt   34 KB 1 version


  • 7.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Trusted Advisor
    Posted Oct 16, 2013 11:17 AM

    i am not a endpoint specialist, but it seems your endpoint server is unable to bind to your new enforce IP. especially if before moving enforce, it was installed on same server, it tries to still bind on old IP to enforce which was local IP  (lot of bind error message in log file).

     did you update endpoint server with new enforce IP or try to redefine your endpoint server in enforce (deleting this one and adding same one but with new IP/FQDN) ?

     did you test conectivity (using telnet for example) between each server to check if there is not a firewall blocking it ?



  • 8.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Posted Oct 16, 2013 11:58 AM

     

    "did you update endpoint server with new enforce IP or try to redefine your endpoint server in enforce (deleting this one and adding same one but with new IP/FQDN) ?" - yes, it's the first thing I did - delete old endpoin and installed a new endpoint server. Then I did it whith old endpoint agent which is virtual machine.

    "did you test conectivity (using telnet for example) between each server to check if there is not a firewall blocking it ?"  -  sure, the firewall was off.



  • 9.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Trusted Advisor
    Posted Oct 17, 2013 02:06 AM

    Does ECU detect some connectivity issue betwwen enforce and detection servers ?



  • 10.  RE: Symantec DLP 12: error 1101, Aggregator failed to start

    Posted Dec 16, 2013 02:30 PM

    I just had this same issue on Linux 12.0.1 system. I resolved it by putting the hostname of the system in /etc/hosts

    Since yours is Windows, I'm not sure what you could do to fix that one other than putting an entry in the host file with your server's name and 127.0.0.1

    Aaron