When trying to connect to a managed host you may receive the following error: “There was no end-point listening that could accept the message.”
This error indicates that there is an issue with the Data Governance service.
To resolve this issue, open the Services snap-in and restart the One Identity Manager Data Governance Service, then select the managed host in the Navigation view.
Ensure that the following registry value contains the required Deployment ID:
Registry Key: HKEY_LOCAL_MACHINE\Software\One Identity\Broadway\Agent\Services\communication
Registry Value: deploymentId (REG_SZ)
After adding an EMC or NetApp host machine to a domain running Windows Server 2012/2012 R2, you may encounter one or both of the following:
Both of these issues are related to known issues with Windows Server 2012/2012 R2 and Windows 8 clients. That is, Windows Server 2012 and later and Windows 8 and later include a newer version of the Server Message Block (SMB) protocol. These newer versions now ship with SMB 3.0 (originally known as SMB 2.2).
To resolve the problem where the agent cannot access EMC or NetApp shares, upgrade the FLARE code on your NAS device with support for SMB 3.0.
WORKAROUND: If upgrading the FLARE code is not an option, disable SMB 2.0 on the agent machine running Windows Server 2012/2012 R2.
See http://www.exaltedtechnology.com/windows-8-access-is-denied-to-network-shares-could-be-an-issue-with-smb-2-2-with-emc-cellera-or-nas-device/ for more information on this known issue and how to disable SMB 2.0.
To resolve the problem where the agent cannot scan the NAS device, use an alternate supported operating system to host the agent to scan the EMC or NetApp filer or contact the file server vendor for an update that enables the file server to support Windows Server 2012 and Windows 8 clients.
WORKAROUND: Set "Secure Negotiate" to "enable if needed" using the following PowerShell command on the agent machine running Windows Server 2012/2012 R2:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 2 -Force
NOTE: Using the "enable if needed" setting means that if the remote client is able to go secure, the Windows Server 2012/2012 R2 will use the secure negotiate feature, but if the remote client cannot go secure (like NetApp and EMC), then it will fallback.
Disabling the secure negotiate feature is NOT recommended by Microsoft.
See https://support.microsoft.com/en-us/kb/2686098 for more details on this known issue.
To determine the SMB version running on your server
Access the remote file server and run the following PowerShell command:
Look at the "Dialect" entry to see what version of SMB the client has negotiated with the file server.
For example, if the entry is 3.0, both the client and the server support that version of the SMB protocol.