Hi,
I've exhausted both the documentation and Broadcom's support on this issue, and I'm hoping someone here can help. There is very limited documentation on setting up optical character recognition (OCR) servers, as generally seems to be the case for newer capabilities in DLP.
I have a 3 tier DLP setup. We recently purchased the licensing for OCR, and I installed 8 OCR servers (all servers on Windows Server 2016). I followed the instructions to install the OCR software and then add the OCR engine configuration. The ultimate intent is to use a load balancer for these OCR servers, but I'm first trying to get just a direct connection working first. I've added OCR engine configurations for both the load balancer and for each individual OCR server.
My problem is that when I add an OCR config to the OCR tab of a detection server, I can't get any OCR detections. Once I try using the OCR server, I get overwhelmed by 4800 (OCR Service is busy) and 4803 (OCR request was not successful) events. At first I thought that it might be a TLS connection issue, but it looks like I have good keystores on both the detection server and the OCR server with matching certs. I went into SymantecDLPOCRServer.conf and SymantecDLPOCRServer.conf to increase the Java heap sizes, but the problem is still going on.
Does anyone have any idea how I can get this working? I have these errors even during off-peak hours when traffic is low. When I used the sizing checksheet for how many OCR servers I'd need, I decided that 7 OCR servers would be enough, but we built 8.