We are using 7.14 connector and we tried on boarding McAfee epo but getting below error, please check and let me know if any one faced same issue.
[The TCP/IP connection to the host ACPLKSRV011, port 9082 has failed. Error: "The driver received an unexpected pre-login response. Verify the connection properties and check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. This driver can be used only with SQL Server 2000 or later.".
Thanks in advance
Cyber Security Analyst
Request to paraphrase the issue and details of products you are reporting issue about? If possible, please share the screenshot of error message you are getting.
The product which we on boarding is follows:
McAfee e PO version: 5.3
Arc-sight Connector Version: 7.14
INFO | jvm 1 | 2020/05/18 01:14:12 | Tried version [dlp10.x/epo5.3]. ERROR: [The TCP/IP connection to the host ACPLKSRV011, port 9082 has failed. Error: "The driver received an unexpected pre-login response. Verify the connection properties and check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. This driver can be used only with SQL Server 2000 or later.". ClientConnectionId:ec8b4fae-8458-43c0-893e-1dbabc6cb7f6]
At this point the ePO server is not involved, im not an expert with the Arc-sight Connector but i assume it is attempting to communicate to the SQL DB and it fails with that error, if that’s the case then i can suggest testing the connection from that Device back to the DB, we do have an article that explain how to use the Microsoft test.udl file to test the connection from a windows machine:
but if the connection fails from the Arc-sight device then i can suggest to contact their support so they can review the mentioned error
As suggested we had tested connectivity locally and found port was the issue.
After changing the port in Arcsight parameter we are getting below error(Read timed out error).
Please check if you any solutions let me know.
Error which we are receiving currently:
Connector table parameters did not pass the verification with error [; nested exception is:
java.net.SocketTimeoutException: Read timed out] for connector [McAfee]. Do you still want to continue?
It sounds like still there is something interfering on the network, particularly because of the SocketTimeoutException message, maybe a wireshark trace will help identify why there is a time out, if nothing can be found I can suggest you to please contact Arcsight as they will understand better what is required and their error codes