After installing the Deep Security agent (DSA), the node status automatically changes to "Communication Problem".
A communications problem has been detected on the computer.
Agent/Appliance Event(s):
Time: December 01, 2010 11:22:01
Level: Warning
Event ID: 4012
Event: Heartbeat Failed
Description: Unable to contact all available Deep Security Managers for heartbeat. Will attempt again at next heartbeat interval.
From the DSA to the Deep Security Manager (DSM), telnet on port 4120 is working fine. At the same time, from DSM to DSA, telnet on port 4118 is working fine.
When you check the problem host's Event Log inside, the Deep Security Diagnostic Package shows the following error message:
Time: December 01, 2010 11:22:01
Level: Error
Event ID: 3006
Event: Operating System Call Error
Description: Error on call to 'getaddrinfo' for 'servername.domain.com': Temporary failure in name resolution
The error is followed by this warning:
Time: December 01, 2010 11:22:01
Level: Warning
Event ID: 4012
Event: Heartbeat Failed
Description: Unable to contact all available Deep Security Managers for heartbeat. Will attempt again at next heartbeat interval.
After a few minutes, the host machine reported "Description: Security configuration updated."
When the DSA fails to communicate with the DSM, it eventually recovers on its own. However, the failed event is still sent to DSM and the DSM will flag a critical or warning alert on this machine.
You need to check why the host is having problems resolving the DSM FQDN. If possible, add the DSM FQDN to the \etc\hosts file in the Linux machine to resolve the issue.
