Scenario 1: Unable to ativate the DSA from Deep Security Manager (DSM) console
Possible Causes:
- Communication direction is set to Agent/Appliance Initiated.
If you want to activate DSA from the DSM console, the communication direction should be set to Bidirectional.To check the communication direction settings:From the DSM console, go to the Policy tab. Click Policy on the left pane and then select a policy. Cick Settings > Computer > Bidirectional.
- The DSM cannot contact DSA on port
By default, port 4118 is not open on the security group (firewall) of AWS. To activate from the DSM console, the DS agent must be able to communicate on port 4118.To allow 4118 on the security group of AWS:
- Open the AWS web console.
- Go to Network and Security.
- Select Security Group.
- Under TCP Port (Service), check if 4118 is listed. If not, select Create a rule oadd.
To verify, you can telnet to the machine to verify communication on port 4118.
- The DSA Service is disabled.
The DSA activation will fail if the DSA service is disabled.To verify, go to the Window Services console and ensure that all DSA services are enabled.
Scenario 2: Unable to activate the DSA agent from the command line utility
To activate DSA from the command utility, you need to generate a script from the DSM console.
For more information on how to generate a script for DS agent installation, refer to the following topic: Deploying agents in AWS.
Possible causes:
- The communication direction is set to Manager Initiated.
To resolve the issue, set the communication direction to Agent/appliance –initiated or Bidirectional.
- The setting Allow Agent-initiated activation is not enabled.
From the DSM console, go to Administration > System settings > Agents. Tick the box Allow Agent activation—for any computers.