Important The KB Articles provided may require you to login to https://support.forcepoint.com to view. If you do not have an account, please Create a Customer Account. If you have an account but cannot log in, Contact Support for assistance. 

The errors included in this article are separated into the major sections. Some errors that are specific to existing featured articles will not be in this article. For more information, visit our Feature Article homepage. 

Connection Errors
Certificate Errors
Installation and Upgrade Errors
 

Connection Errors

While many connection errors are related to environmental issues in the Network, such as Ports and Firewall blocking, others may be due to configuration.
 
For a list of ports that need to be opened for communication in the deployment:

1. Log in and go to Support Documentation
2. Click All Documents.
3. Scroll to the product installed in the environment.
4. Click the corresponding version to your Forcepoint install.
5. Port lists will have the word "port" in the section. The exact location within the section may change.
6. Examples:
   • Web Protection Solutions Ports Diagram 
   • Forcepoint Email Security Default Ports
   • Ports for On-Premises Web, Data and Email Solutions

 

CASB

API token test connection fails in Office 365 with error "Data classification test failed"
This error happens after configuring the token for the API.
 

Cloud

“Cannot Connect - The requested URL is not available" error displayed when browsing to a website
This error happens when going through the Cloud proxy, but not when bypassing the Cloud proxy.
 
Directory Synchronization error: LDAP connection failed
This error is specific to Directory Sync Client used with Cloud.
 

Web

 Forcepoint Security Manager
Error: "Strong(er) authentication required" - Unable to connect to AD Server
This is primarily a Web error, but can also happen in Email deployments.
 
“Forcepoint Security Manager could not connect to Cloud App agent" error displayed in Alert tab
This error only applies to version 8.4.
 
Content Gateway
"Unable to connect to the configured proxy server" error in Appliance Manager
This issue only applies to versions 7.6-8.2.
 
Websense Content Gateway error: "Tunnel connection failed"
For use when a website or application does not load, and the error in error.log is: Tunnel Connection Failed
 
WCG error log shows clients attempting to connect to port 80 on the external firewall
This error does not produce issues for the environment but may be seen in the error.log.
 
WCG error.log shows multiple failed connections for sites never visited
This issue may be due to legitimate or malicious traffic.
 
WCG Error: A client exceeded the 100 per second connection rate limit
This issue may cause latency for all users.
 
Error message: "FTP Error Connection Reset by Peer"
The solution for this may also correct other problems if Network Agent is used with a Content Gateway.
 
 

Certificate Errors

Many certificate errors can be corrected by updating the certificate in use in the environment, particularly for expired or SHA-1 certificates. In other cases, the issue is specific to the TLS version supported in the environment versus what is expected by the website.
 

Cloud

Public Wi-Fi logon page blocked with certificate error
Caused by internal certificates for the logon pages rather than public certificates, corrected via bypass.
 
"Stronger security is required" message
This error is specific to Internet Browser TLS versions.
 

Web

How to create and install a new server certificate in the TRITON EIP infrastructure
This addresses how to resolve the certificate error warning when browsing to the Forcepoint Security Manager GUI.
 
Subordinate Certificate Authority import creates error "Cannot load the private key"
Error happening when Importing a SubCA root certificate for SSL Decryption rather than using the self-signed certificate generated from the Content Gateway.
 
Remove the "Revocation information for the security certificate for this site is not available." error message In Internet Explorer
This addresses a popup warning that happens only in Internet Explorer for security certificate revocation.
 
Peer disconnected after first handshake message: Possibly SSL/TLS Protocol level is too low or unsupported on the server
Some websites only connect over specific TLS versions, and having TLS versions disabled in the Content Gateway may produce this error.
 

Installation and Upgrade Errors

There are many failures that may happen during installation or upgrade. Some of the more common causes particularly for components on Windows machines are from Data Execution Prevent (DEP), User Account Control (UAC), and Windows Firewall.
 
Ensure DEP/UAC/Firewall are turned off  

• User Access Control (UAC):
  1. Click Control Panel and search for UAC.
  2. Set to Never and reboot the server after other steps are complete.
• Data Execution Prevention (DEP):
  1. Click Control Panel and click System.
  2. Click Advanced System Settings, click Settings (Performance), and click Data Execution Prevention.
  3. Ensure DEP is turned off. For windows components/services only, reboot the server.
• Windows Firewall:

Click Control Panel, click Firewall and ensure Firewall is turned off.
 
Other common factors include: Antivirus solutions installed on the machine, read-write permissions on the account used to log onto the server, and not running programs as Administrator.
 
 

Advanced Malware Detection (AMD)

Installation issues: amd_register ends in fatal error or installation stalls and does not complete
Fixes for installation issue during installation of Lastline virtual machine stalling, and On-Premises Manager error:
“FATAL ERROR: An Unrecoverable error has occurred.”
 

Cloud

Endpoint install error: "Installation missed some parameters, installation failed."
This error is specific to Cloud Endpoint installation error on user machines.
 

Data

TRITON AP-DATA supplemental server install failure error 1406 could not write manager_pass to key
Issue created by having special characters in password.

Installing Data Security on Windows 2012 R2 server causes "Installation ended prematurely because of an error" error
Installation error due to Print Spooler service being disabled.
 

Email

Email Security Manager v8.5 installation fails with error 142
Specific to 8.5 installation or upgrade with SQL Enterprise versions 2014 and 2016.

"Current versions found" error when trying to reinstall Email Log server
Re-install of Log Server failing due to registry key entries for Log Server remaining after uninstall.  

TRITON AP-EMAIL Log Database Upgrade fails with error 154
This error is specific to when upgrading the Windows components to version 8.3.0.
 
Appliance upgrade fails with Internal command error
This error is specific to when upgrading an Appliance to version 8.3.0.
 

Forcepoint Security Appliance Manager

Forcepoint Security Appliance Manager (FSAM) Installation Error for Missing dll
Error Message: "Installation Error: "The program can't start because api-ms-win-crt-runtime-l1-1-0.dll is missing from your computer. Try reinstalling the program to fix this problem.""
 

Next Generation Firewall (NGFW)

“Engine error…The number of tunnels in the configuration is too large” error displayed during policy install
Error message: “Engine error: Engine error: Message code 208 Syntax error [ ipsecpmd ] The number of tunnels in the configuration is too large! (Future policy changes may fail to upload.)”
 

Web

"Non 7-zip Archive" error displayed when opening the TRITON Installer
This installer error prevents installation of any product from Forcepoint Setup, not just Web.

Error 1720 "Installation failed" occurs when installing Forcepoint components
Error message: "Error 1720: Installation failed: This installation is forbidden by system policy. Contact your system administrator."

Installation error 1460 when configuring Policy Server
Most common cause is the Policy Broker IP having been changed and communication is broken. Changing the Policy Broker IP can also cause many other errors and is not suggested.

"Installer user interface mode not supported" error displayed when installing on Redhat / Centos 7.4
For version 8.5 only when installing on a Linux software Content Gateway.

Websense Install Fails With “Cannot Connect To SQL Server” Error
Caused by connectivity or service account issues for the SQL server during installation.

Forcepoint Websense Content Gateway installation error “Device eth0 does not exist”
Error message: "Device “eth0” does not exist. Warning: Content Gateway requires interface eth0 to have an IP address. This interface should have a route to the TRITON manager."

Log Server installation fails with error "Failed to generate the ODBC connection for the database"
This error may happen if an ODBC connection already exists or attempted creation but did not have proper connection.

"Service was not found" error for Log Server and doesn't install successfully
Log server installation error which requires potential reinstall of the service.

Error "Cannot connect to TRITON Settings database" during upgrade or install of 8.2.0
This error only happens if upgrading to or creating a fresh installation of the Windows components for 8.2.0.

“Invalid IP address supplied” error on appliance upgraded to version 8.3.0
This error only happens when upgrading an Appliance to 8.3.0.