Why can’t Traps connect to the ESM Server?

Symptom
Traps cannot communicate with the ESM Server to retrieve the latest security policy and reports a status of
No connection to server!
.
Possible Causes
  • The server or endpoint specifications do not meet the installation and criteria prerequisites.
  • The Traps service is down on the endpoint.
  • The Endpoint Security Manager core service is down on the ESM Server.
  • The endpoint is not connected to the network.
  • Inbound traffic is not allowed on the port for the ESM Server (default is 2125).
  • The Windows Firewall is enabled on the ESM Server and prevents the server from communicating with the client.
  • The certificate on the endpoint does not match the certificate on the ESM Server (see How do I fix a Traps server certificate error?)
Solution
After each step in the following procedure, verify if Traps can connect to the ESM Server by selecting
Check-in now
. If Traps still can’t connect to the server proceed to each subsequent step until the issue is resolved.
  1. Verify that the server and endpoint both meet the prerequisites.
  2. Verify that the Traps service is running on the endpoint.
    1. Open the Services Manager:
      • Windows XP: From the Start Menu, select
        Control Panel
        Administrative Tools
        Services
        .
      • Windows Vista and later: From the Start Menu, select
        Control Panel
        System and Security
        Administrative Tools
        Services
        .
    2. Locate the Traps service (called CyveraService in older versions of Traps) and verify that the service status is
      Started
      .
    3. If the service status is
      Stopped
      , double-click the service, then select
      Start
      . Click
      Close
      .
  3. Verify that the Endpoint Security Manager core service is running on the ESM Server.
    1. Open the Services Manager:
      • Windows Server 2008: From the Start Menu, select
        Control Panel
        Administrative Tools
        Services
        .
      • Windows Server 2012: From the Start Menu, select
        Control Panel
        System and Security
        Administrative Tools
        Services
        .
    2. Locate the Endpoint Security Manager core service (called CyveraServer in older versions of the Endpoint Security Manager) and verify that the service status is
      Started
      (Windows Server 2008) or
      Running
      (Windows Server 2012).
    3. If the service status is
      Stopped
      or
      Paused
      , double-click the service, then select
      Start
      . Click
      Close
      .
  4. Verify that you can reach the ESM Server from the endpoint.
    From the endpoint, open a command prompt and ping the IP address or hostname of the ESM Server. If the ESM Server is unreachable, examine the network connectivity settings between the devices.
  5. Verify that you can reach the endpoint from the ESM Server.
    From the ESM Server, open a command prompt and ping the IP address or hostname of the endpoint. If the endpoint is unreachable, examine the network connectivity settings between the devices.
  6. Verify that the port for the ESM Server is open on the Windows Firewall (default is 2125).
    1. To check port access from the endpoint:
      1. Open a command prompt as an administrator.
      2. Enter the following command to telnet to port 2125 on the ESM Server:
        C:\>
        telnet <esmServerName> 2125
        where
        <esmServerName>
        is the hostname or IP address of the ESM Server.
    2. If you are unable to telnet to port 2125, create an inbound rule to open that port:
      1. Open the Windows Firewall advanced settings:
        • Windows Server 2008: From the Start Menu, select
          Control Panel
          Windows Firewall
          Advanced Settings
          .
        • Windows Server 2012: From the Start Menu, select
          Control Panel
          System and Security
          Windows Firewall
          Advanced Settings
          .
      2. Select
        Inbound Rules
        .
      3. Create a new rule to allow Traps to communicate with the Endpoint Security Manager on port 2125 by selecting the New Rule wizard and following the guided instructions.
    3. Verify that you can now telnet to port 2125 on the ESM Server from the endpoint.
  7. Temporarily disable Windows Firewall.
    1. Open the Change Action Center settings:
      • Windows Server 2008: From the Start Menu, select
        Control Panel
        . Double-click
        Action Center
        and select
        Change Action Center settings
        .
      • Windows Server 2012: From the Start Menu, select
        Control Panel
        System and Security
        . Double-click
        Action Center
        and select
        Change Action Center settings
        .
    2. Deselect the
      Network firewall
      option.
    3. Click
      OK
      .
  8. Verify that connectivity is restored between Traps and the ESM Server.
    From the Traps Console, click
    Check-in now
    . If the connectivity is established, the connection status appears as
    Successful
    .
  9. View the logs to see if Traps reports a specific error:
    • From the Traps Console, select
      Open Log File
      .
    • From the Traps Console, select
      Send Support File
      to send the logs to the ESM Server
    • Create an action rule to retrieve the logs from the endpoint (see Manage Data Collected by Traps).
  10. If the problem persists, contact Palo Alto Networks Support.

Related Documentation