SharePoint scan error message: “connection reset”
search cancel

SharePoint scan error message: “connection reset”

book

Article ID: 164359

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover Data Loss Prevention

Issue/Introduction

Data Loss Prevention (DLP) Network Discover scan of SharePoint target fails with "unable to connect" errors seen in the Scan Detail.

FileReader logs show errors similar to:

Nov 15, 2016 10:39:23 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging

WARNING: Interceptor for {http://schemas.microsoft.com/sharepoint/soap/}ListsSoapService#{http://schemas.microsoft.com/sharepoint/soap/}GetListItems has thrown exception, unwinding now

org.apache.cxf.interceptor.Fault: Could not send Message.

Caused by: java.net.SocketException: SocketException invoking {SharePoint target site URL}: Connection reset

Caused by: java.net.SocketException: Connection reset

Nov 15, 2016 10:39:23 AM com.symantec.dlp.sharepoint.connector.exception.SharePointExceptionHandler throwException

SEVERE: discover.statusMessage.SOCKET_EXCEPTION

com.symantec.dlp.sharepoint.connector.exception.SharePointBaseException: discover.statusMessage.SOCKET_EXCEPTION

Nov 15, 2016 10:39:23 AM com.symantec.dlp.sharepoint.connector.soap.SharePointSOAPWSInvoker getListItemsWS

INFO: Profile - WebServiceCall|getListItemsWS|Security Control, Breaches & Processing Exception Incident Reports|18971

Nov 15, 2016 10:39:23 AM com.symantec.dlp.discover.sharepoint.crawler.SharepointItemIterator next

SEVERE: Error while getting next item. Error Code : Unknown error. This can be due to some Sharepoint internal issue. Site & its childern will be skipped. Scan will continue.

Nov 15, 2016 10:39:23 AM com.vontu.discover.crawler.framework.ErrorManager handleFailedItem

WARNING: Failed to scan.

com.vontu.discover.repository.ItemException: Failed to scan.

Caused by: com.symantec.dlp.sharepoint.connector.exception.SharePointBaseException: discover.statusMessage.SOCKET_EXCEPTION

Environment

DLP 15.x, DLP 16.0

Cause

  1. The connection reset is caused by a timeout from the Discover server to the SharePoint target, and the connection reset causes a SOCKET_EXCEPTION error, resulting in no connection to the SharePoint site to be scanned.
  2. The SharePoint server is configured to require Server Name Indication (SNI) in the IIS bindings and no default site is configured

Resolution

Solution 1

  • Increasing the SharePoint connector timeout value  (Discover.Sharepoint.SocketTimeout) from the default value of 60000 to 120000 should resolve this issue.  After making this change, recycle the VontuMonitor service on the detection server to update the settings.
  • If the Connection Reset error remains, check cause 2, or it may be necessary to increase the setting until the issue no longer occurs

Solution 2

  • In the IIS settings on the Sharepoint server, edit the site bindings and remove the checkmark from 'Require Server Name Indication' under the hostnames
  • For information on other possible solutions see the link below (WARNING - this will take you to a non-Symantec page):

Running Multiple SharePoint SSL Websites on Separate SSL Certificates Using Server Name Indication

 

Powered by Wolken Software