DLP Agent not enforcing policies

Hello,

After trial license expired and our engineer uploaded  new license,  Endpoint Agent was no longer responding to the policies. We delated and installed again, but there was the same problem.

Then he reinstalled  DLP Server, cleaned bases, upgraded to 14.0.1  version, uploaded new license file.

Also  installed new agent to the client, policies seemed to work fine, but after some time same problem occurred again: policies become unresponsive.

Port: 10443 is open, via wireshark we can see that messages are being from agent and push packets are being sent to agent from server.

Agent status: Reporting, WDP and  EDPA services are also activated.

Client system: Windows 64 Bits, we tried with two different  computers with Windows 10, but didn’t work anyway.

Network monitor is working without problems, very likely all Detection Servers are working, problem is only in Endpoint Prevent or in agent, but as this problem is not for one computer.

Interestinf outpoot in Aggregator0.log: 

Apr 22, 2016 4:31:48 PM com.symantec.dlp.communications.common.activitylogging.JavaLoggerImpl log
WARNING: 
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1646)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1614)
    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1780)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1075)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:901)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:775)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1285)
    at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:917)
    at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
    at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
    at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
    at org.jboss.netty.channel.SimpleChannelHandler.messageReceived(SimpleChannelHandler.java:142)
    at com.symantec.dlp.communications.transportlayer.impl.NettyChannelEventCaptureConnectionHandler.messageReceived(NettyChannelEventCaptureConnectionHandler.java:35)
    at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
    at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
    at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
    at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
    at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
    at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
    at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
    at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
    at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
    at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
TC - SSL handshake failed  for connection number 588 at 2016-04-22 04:31:48.Connection statistics:
Connection Number = 588
    PeerId = null
    StartTime = 2016-04-22 16:31:48.486
    Disconnected Time = Not Yet Disconnected
    Duration Of Connection In Millis = 0
                        Bytes Dequeued  Bytes Enqueued
    HTTP                             0               0
    SSL                            524           1,741
Connection specific high frequency logs for connection number = 588. There is no peerId information for this connection.
DateTime                 Event                                                   ReplicatorId     Num Bytes  AdditionalInformation
-----------------------  ------------------------------------------------------  ---------------  ---------  --------------------
2016-04-22 16:31:48.470  DC - Scheduling succeeded                                                        0  ScheduledToServiceInNanos=59999963334             
2016-04-22 16:31:48.486  NCE - Connected                                                                  0  
2016-04-22 16:31:48.486  TC - Connection opened                                                           0  RemoteHostAndPort=/10.55.18.7:52895               
2016-04-22 16:31:48.486  TC - Connection accepted by connection acceptor                                  0  RemoteHostAndPort=/10.55.18.7:52895               
2016-04-22 16:31:48.486  TC - Initiated SSL handshake                                                     0  
2016-04-22 16:31:48.486  NCE - Inbound message received                                                 517  NumSSLBytesReceived=517                           
2016-04-22 16:31:48.486  NCE - Write outbound data                                                     1741  NumSSLBytesToBeWritten=1741                       
2016-04-22 16:31:48.486  NCE - Inbound message received                                                   7  NumSSLBytesReceived=7                             
2016-04-22 16:31:48.486  TC - SSL handshake failed                                                        0  

Connection specific medium frequency logs for connection number = 588. There is no peerId information for this connection.
DateTime                 Event                                                   ReplicatorId     Num Bytes  AdditionalInformation
-----------------------  ------------------------------------------------------  ---------------  ---------  --------------------
2016-04-22 16:31:48.486  NCE - Connected                                                                  0  
2016-04-22 16:31:48.486  TC - Connection opened                                                           0  RemoteHostAndPort=/10.55.18.7:52895               
2016-04-22 16:31:48.486  TC - SSL handshake failed                                                        0  

Connection specific low frequency logs for connection number = 588. There is no peerId information for this connection.
DateTime                 Event                                                   ReplicatorId     Num Bytes  AdditionalInformation
-----------------------  ------------------------------------------------------  ---------------  ---------  --------------------
2016-04-22 16:31:48.486  TC - Connection opened                                                           0  RemoteHostAndPort=/10.55.18.7:52895               
2016-04-22 16:31:48.486  TC - SSL handshake failed                                                        0  

Maybe something with Agent certificates.... 

Do you have any idea where this problem comes from?

Thanks