Defender unable to connect to the Prisma Cloud Console with the Error "Connection failed due to hostname conflict"

Connection failed due to hostname conflict, Defender name "<hostname>" is already connected.

• Prisma Cloud

• During installation, Defender will take the Hostname from the underlying Host as the Defender ID.
• Prisma Cloud Console requires the Defender ID to be unique.
• If not unique, the subsequent connection by another Host with the same Defender ID (Hostname) will be rejected.

• Following are the steps listed for different Deployment Scenarios to Re-install the Defender with the flag: unique_hostname=true

Orchestrator(daemonset):

• With any orchestrator such as Kubernetes or Openshift, you can simply modify the YAML/Helm Chart as below, and apply again to the cluster.
• The Orchestrator will re-deploy the defender pods across the nodes with new config automatically.

If you have YAML/HELM that was used for deployment, here are the steps:

YAML
 

1. Open the yaml file with text editor, and find a key with name CLOUD_HOSTNAME_ENABLED, and modify the value from false to true

2. Create a new key/value as below pic when you can't find key CLOUD_HOSTNAME_ENABLED:
   
   

3. Execute command to push the new settings of the daemonset:

kubectl apply -f example.yaml

Note: Replace the example.yaml to the yaml file name you are using.

Helm Chart
 

1. Open value.yaml in the path of twistlock defender Helm chart, and modify the value of the key with name unique_hostname, from false to true

2. Create a new key/value as below pic, when you can't find the key unique_hostname:

3. Execute command to push the new settings of the daemonset via helm:
    

   helm upgrade -n twistlock twistlock

   (Note: You may need to change namespace, and/or helm release name from twistlock to your own defined name)
   Example output:

Can't find original YAML/Helm Chart?
 

• If you can't find the YAML/HELM chart that used to deploy the defender, you can generate a new YAML/HELM with below steps:

1. Go to Compute UI > Manage > Defenders > Deploy > Defenders > Orchestrator.

2. Select the best option/value that fits your environment, such as choosing the orchestrator type, Defender communication port...etc.

3. Make sure you have "Assign globally unique names to Hosts (optional)" is "On":

4. After confirming all options are well-chosen, click download YAML or Helm chart accordingly:

Single Defender:
 

• If you are using Single Defender, you will need to uninstall the current defender, and then install a new defender with below steps:

1. Uninstall the defender:

• Windows:

  • Run this cmd in command prompt with admin:

          OR

• Linux - Container Defender:

  • Run this cmd:

    sudo /var/lib/twistlock/scripts/twistlock.sh -u

• Linux - Host Defender:

  • Run this cmd:

sudo /var/lib/twistlock/scripts/twistlock.sh -u defender-server

2. Re-Install the Defender:

   1. Visit Compute UI > Manage > Defenders > Deploy > Defenders > Single Defender

   2. Select the best option/value that fits your environment, such as choosing the Defender type, Defender communication port...etc.

   3. Make sure you have "Assign globally unique names to Hosts (optional)" is "On"

4. Copy the script in the last step, and execute on your host to install a new defender.

   • For Linux, paste the result on terminal/CLI

   • For Windows, paste the result on powershell

5. After the new installation, the defender should use unique hostname to report to Console. Issue solved.