Data Loss Prevention (DLP) Network Discover SharePoint scan target fails, and logs show "CANNOT_CONNECT" and "connection timed out."
FileReader logs:
SEVERE: discover.statusMessage.CANNOT_CONNECT
com.symantec.dlp.sharepoint.connector.exception.SharePointBaseException: discover.statusMessage.CANNOT_CONNECT
Caused by: javax.xml.ws.WebServiceException: Could not send Message.
Caused by: java.net.ConnectException: ConnectException invoking https://{customer URL}/_vti_bin/SymantecDLP/DLPSPConnectorServices.asmx: Connection timed out: connect
Caused by: java.net.ConnectException: Connection timed out: connect
These errors may be caused by the Internet Explorer Enhanced Security Configuration being enabled on the SharePoint servers. the Internet Explorer Enhanced Security Configuration is causing the Discover server to supply additional authentication information before it connects to the SharePoint solution connector, which the Discover is not coded to supply, thus causing the SharePoint connection to timeout waiting for a response from the Discover server.
To confirm whether or not the Internet Explorer Enhanced Security Configuration is enabled, you can check (and modify to disable if necessary) the registry keys:
Another way to confirm Internet Enhanced Security Configuration on the Discover server is enabled, open Internet Options, click on the Security Tab and click on Internet, then Local Intranet.
If the Enhanced Security Confirmation is enabled, a pop-up window will open indicating the "Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration.
This security setting must be disabled in order for the SharePoint scans to successfully run and complete.