Endpoint Protection

 View Only

  • 1.  Apache will not start on SEPM 12.1

    Posted May 14, 2013 08:29 AM

    Hello,

    The SEPM service will not start on one of my SEPMs.  When an attempt is made to start, there is an error about a dependent service not running.  The service is called semwebsrv.  When I try to start that service, it also fails.  The Windows application logs show two events when I try to start semwebsrv:

     

     
     
    1.  The Apache service named  reported the following error:
    >>> Syntax error on line 143 of E:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/apache/conf/ssl/ssl.conf:     .

    2.  The Apache service named  reported the following error:

    >>> SSLCertificateFile: file 'E:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/apache/conf/ssl/server.crt' does not exist or is empty     .
     
    I also notice that the server.crt file is 0KB.  I suspect that this file is causing the problem.  Is there a way to repair or regenerate this file?  Am I on the right path?
     
    Bob


  • 2.  RE: Apache will not start on SEPM 12.1

    Posted May 14, 2013 08:46 AM

    Has anything changed on the SEPMs or did this issue just start?



  • 3.  RE: Apache will not start on SEPM 12.1

    Posted May 14, 2013 08:57 AM

    Apparently my colleague couldn't log into the SEPM anymore and he reported a problem.  Another colleague then said he ran a reconfiguration wizard to solve the problem.  I notice that the time stamp of the server.crt is the same day that my colleague tried to run the reconfiguration.



  • 4.  RE: Apache will not start on SEPM 12.1
    Best Answer

    Posted May 14, 2013 09:10 AM

     

    I'd suggest first trying to restore the original server.crt from backup if possible.  If you cannot do this, then the below command should allow you to create a new one:

    This needs to be run from the directory: "%\ProgramFiles%\Symantec\Symantec Endpoint Protection Manager\apache\bin"

    openssl req -config ..\conf\ssl\openssl.cnf -new -x509 -out server.crt -key ..\conf\ssl\server.key

    After this, just copy the "server.crt" file from the "..apache\bin" folder to the "..apache\conf\ssl" folder, replacing the server.crt file that has apparently become corrupted.  You can always rename the original first if you want to be safe.
     
    Finally, restart the services.

    #EDIT#

    Oh yeah, it's worth mentioning that you'll be asked for certificate attributes like location, common name and stuff after hitting return on the above command