Scheduled Scan was missed on the servers. Upon checking the diagnostic log, it shows the following:
Caused by: com.thirdbrigade.manager.core.protocol.httpsclient.exceptions.HttpsConnectException: Connect failed. at com.thirdbrigade.manager.core.protocol.httpsclient.exceptions.HttpsException.convertExceptionToHttpsException(Unknown Source) ... 27 more Caused by: java.net.ConnectException: Connection refused: connect
To resolve the issue:
- Check if the Scheduled Scan is running on a virtual machine (VM) protected by Deep Security Virtual Appliance (DSVA). If the VM is activated during vMotion, the Scheduled Scan may be interrupted.
- Disable the automatic migration of DSVA to different ESXi hosts in DRS-enabled ESXi environments. Otherwise, it can cause communication issues that may interrupt Scheduled Scan.
- Verify the status of the Anti-Malware feature on ESXi host, DSVA, and agentless host. Take note if any of them is showing "No" or "Not capable" status.
- Extend the timeout settings.
- Go to the DSVA protecting the affected agentless host.
- Press ALT + F2 and log in with the username and password. The default credentials are "dsva/dsva".
- Navigate to /var/opt/ds_agent/am directory.
- Create the ds_am.ini file with the following information:
- Save the file.
- Restart the ds_am service using these commands:
# sudo stop ds_am
# sudo start ds_am
- Make sure the VMware vShield Endpoint Thin Agent is running in the protected virtual machine.
- Open the Run dialog box in the virtual machine.
- Type the "msinfo32" command.
- Navigate to Software Environment > System Drivers > System Information applet.
- Verify that the VM drivers are running.
- Run the command "sq query vsepflt". If the result shows that vsepflt does not exist, make sure that the vShield Endpoint Agent is installed and the vsepflt driver is running on the VM.
If the procedure above does not resolve the issue:
- Identify the agentless host where the issue is happening.
- Collect the following:
- Diagnostic Package from the agentless host (renamed as "dsa-diag.zip" file)
- Diagnostic Package from DSM (renamed as "dsm-diag.zip" file)
- Diagnostic Package from the DSVA that is protecting the agentless host (renamed as "dsva-diag.zip" file)
- Copy of the following files from DSVA:
- /var/log/messages* (all)
- /var/log/dmseg* (all)
- Date and time when the Scheduled Scan failed