Hello All,
We are using 7.14 connector and we tried on boarding McAfee epo but getting below error, please check and let me know if any one faced same issue.
[The TCP/IP connection to the host ACPLKSRV011, port 9082 has failed. Error: "The driver received an unexpected pre-login response. Verify the connection properties and check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. This driver can be used only with SQL Server 2000 or later.".
Thanks in advance
Guruprasad
Cyber Security Analyst
Hello GuruprasadNijal
Thank you for your post.
Could you please clarify with product is the connector 7.14?
Request to paraphrase the issue and details of products you are reporting issue about? If possible, please share the screenshot of error message you are getting.
Hello Team,
The product which we on boarding is follows:
McAfee e PO version: 5.3
Arc-sight Connector Version: 7.14
Error:
INFO | jvm 1 | 2020/05/18 01:14:12 | Tried version [dlp10.x/epo5.3]. ERROR: [The TCP/IP connection to the host ACPLKSRV011, port 9082 has failed. Error: "The driver received an unexpected pre-login response. Verify the connection properties and check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. This driver can be used only with SQL Server 2000 or later.". ClientConnectionId:ec8b4fae-8458-43c0-893e-1dbabc6cb7f6]
Hello GuruprasadNijal
At this point the ePO server is not involved, im not an expert with the Arc-sight Connector but i assume it is attempting to communicate to the SQL DB and it fails with that error, if that’s the case then i can suggest testing the connection from that Device back to the DB, we do have an article that explain how to use the Microsoft test.udl file to test the connection from a windows machine:
https://kc.mcafee.com/corporate/index?page=content&id=KB70929
but if the connection fails from the Arc-sight device then i can suggest to contact their support so they can review the mentioned error
Hello Aguevara,
As suggested we had tested connectivity locally and found port was the issue.
After changing the port in Arcsight parameter we are getting below error(Read timed out error).
Please check if you any solutions let me know.
Error which we are receiving currently:
Connector table parameters did not pass the verification with error [; nested exception is:
java.net.SocketTimeoutException: Read timed out] for connector [McAfee]. Do you still want to continue?
Regards,
Guruprasad
Hello GuruprasadNijal
It sounds like still there is something interfering on the network, particularly because of the SocketTimeoutException message, maybe a wireshark trace will help identify why there is a time out, if nothing can be found I can suggest you to please contact Arcsight as they will understand better what is required and their error codes
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA