After installing the Deep Security agent (DSA), the node status automatically changes to "Communication Problem".
A communications problem has been detected on the computer.
Agent/Appliance Event(s):
Time: December 01, 2010 11:22:01
Level: Warning
Event ID: 4012
Event: Heartbeat Failed
Description: Unable to contact all available Deep Security Managers for heartbeat. Will attempt again at next heartbeat interval.
From the DSA to the Deep Security Manager (DSM), telnet on port 4120 is working fine. At the same time, from DSM to DSA, telnet on port 4118 is working fine.
When you check the problem host's Event Log inside, the Deep Security Diagnostic Package shows the following error message:
Time: December 01, 2010 11:22:01 Level: Error Event ID: 3006 Event: Operating System Call Error Description: Error on call to 'getaddrinfo' for 'servername.domain.com': Temporary failure in name resolution Time: December 01, 2010 11:22:01 Level: Warning Event ID: 4012 Event: Heartbeat Failed Description: Unable to contact all available Deep Security Managers for heartbeat. Will attempt again at next heartbeat interval.
After a few minutes, the host machine reported "Description: Security configuration updated."
When the DSA fails to communicate with the DSM, it eventually recovers on its own. However, the failed event is still sent to DSM and the DSM will flag a critical or warning alert on this machine.
You need to check why the host is having problems resolving the DSM FQDN. If possible, add the DSM FQDN to the \etc\hosts file in the Linux machine to resolve the issue.
If you are using an agent installed on the manager to act as Deep Security Relay, there should be no communication issue. However, you must ensure that the related ports on the local machine are all opened. Otherwise, the error will still pop-up.