Endpoint Protection

Just would like to ask if except from the Directory Identities located on IIS /reporting web server

is there any other use for this account?  Can you give us a list of it's uses?


Because we are considering to reset this account for an issue on our SEPM.

Hoping for your response

Thanks in advance

Yes , you can create a Windows user and make him the member of the guest groups


Title: 'SEPM login revert to login screen'
Document ID: 2008081302490248
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008081302490248?Open&seg=ent

Sir Just to follow-up is IUSR connected with the SEPM service stopping after few seconds?

What might be the possible cause?

Thank You

Do you mean to say that that after chnaging the the user name SEPM service has stopped?

Using IUSR:

Before we change the identity we were already having a problem with SEPM service stopping

that's why base on some forums here in symantec connect and some experience done when we has a symantec support help thru webex

We tried to change the account IUSR with our domain account.  At first it worked but now it is again having the same problem.

Thats why we are asking if it is ok if we reset the password for IUSR


Thank You

 

Yes , it is OK to reset password for IUSR. There is no issue with that.

Attach the scm-server-0.log which is present in Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\logs

Hi Sir Aaravind Here is what is in the scm-server-o.log Thank You 2010-09-09 12:00:01.792 SEVERE: ================== Server Environment =================== 2010-09-09 12:00:01.792 SEVERE: os.name = Windows 2003 2010-09-09 12:00:01.792 SEVERE: os.version = 5.2 2010-09-09 12:00:01.792 SEVERE: os.arch = x86 2010-09-09 12:00:01.792 SEVERE: java.version = 1.6.0_14 2010-09-09 12:00:01.792 SEVERE: java.vendor = Sun Microsystems Inc. 2010-09-09 12:00:01.792 SEVERE: java.vm.name = Java HotSpot(TM) Server VM 2010-09-09 12:00:01.792 SEVERE: java.vm.version = 14.0-b16 2010-09-09 12:00:01.792 SEVERE: java.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\jdk\jre 2010-09-09 12:00:01.792 SEVERE: catalina.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat 2010-09-09 12:00:01.792 SEVERE: java.user = null 2010-09-09 12:00:01.792 SEVERE: user.language = en 2010-09-09 12:00:01.792 SEVERE: user.country = US 2010-09-09 12:00:01.792 SEVERE: scm.server.version = 11.0.5002.333 2010-09-09 12:00:04.354 SEVERE: Unknown Exception in: com.sygate.scm.server.servlet.StartupServlet com.sygate.scm.server.util.ScmServerError: This server is not registered, please run Server Configuration Assistant to register server! at com.sygate.scm.server.servlet.StartupServlet.registerServer(StartupServlet.java:279) at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:85) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148) at org.apache.catalina.core.StandardHost.start(StandardHost.java:697) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213) at org.apache.catalina.startup.Catalina.start(Catalina.java:484) at org.apache.catalina.startup.Catalina.execute(Catalina.java:371) at org.apache.catalina.startup.Catalina.process(Catalina.java:134) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)

" This server is not registered, please run Server Configuration Assistant to register server!"

In SEPM go to programs--->Symantec Endpoint Protection Manager--->management server configuration Wizard and reconfigure your server....

Sir

We have ran the server configuration wizard but still the sepm service is still stopping.

We have tried to restart the server and still the same

We have checked the scm-server-0.log and here is now the result

Thank You


2010-09-09 13:51:47.388 SEVERE: ================== Server Environment ===================
2010-09-09 13:51:47.404 SEVERE: os.name = Windows 2003
2010-09-09 13:51:47.404 SEVERE: os.version = 5.2
2010-09-09 13:51:47.404 SEVERE: os.arch = x86
2010-09-09 13:51:47.404 SEVERE: java.version = 1.6.0_14
2010-09-09 13:51:47.404 SEVERE: java.vendor = Sun Microsystems Inc.
2010-09-09 13:51:47.404 SEVERE: java.vm.name = Java HotSpot(TM) Server VM
2010-09-09 13:51:47.404 SEVERE: java.vm.version = 14.0-b16
2010-09-09 13:51:47.404 SEVERE: java.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\jdk\jre
2010-09-09 13:51:47.404 SEVERE: catalina.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat
2010-09-09 13:51:47.404 SEVERE: java.user = null
2010-09-09 13:51:47.404 SEVERE: user.language = en
2010-09-09 13:51:47.404 SEVERE: user.country = US
2010-09-09 13:51:47.404 SEVERE: scm.server.version = 11.0.5002.333
2010-09-09 13:51:50.779 SEVERE: ================== StartClientTransport ===================
2010-09-09 13:51:51.013 SEVERE: Unknown Exception in: com.sygate.scm.server.servlet.StartupServlet
java.lang.Exception: HTTP 401 Unauthorized, URL: http://localhost:8014/secars/secars.dll?action=34
 at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:626)
 at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:147)
 at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:106)
 at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
 at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
 at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
 at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
 at org.apache.catalina.core.StandardService.start(StandardService.java:450)
 at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
 at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
 at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)
com.sygate.scm.common.communicate.CommunicationException: Unexpected server error. ErrorCode: 0x10010000
 at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:650)
 at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:147)
 at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:106)
 at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
 at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
 at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
 at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
 at org.apache.catalina.core.StandardService.start(StandardService.java:450)
 at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
 at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
 at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)

Failed to connect to server" message during login and the scm-server-0.log file shows '401 Unauthorized' errors.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009073117184848



Title: 'Java -1 error in event viewer, SemSrv will not stay in started state. "Failed to connect to server" message during login, scm-server-0.log file shows '401 Unauthorized' errors.'
Document ID: 2009011616184048
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009011616184048?Open&seg=ent

"Java -1" error in event log and the error "Failed to connect to server" at login, with HTTP 401 in scm-server-0.log, HTTP 401 1 0 in IIS Logs

Sir

have added authenticated user and given the permissions but still the same error and same logs on scm-server-0.log

Thank You

Do you followed ""Java -1" error in event log and the error "Failed to connect to server" at login, with HTTP 401 in scm-server-0.log, HTTP 401 1 0 in IIS Logs" KB?

Arvind your talking about this KB

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101518485148

Just finish the steps on the KB you have given

it showed :

Property anonymoususerpass found at:

W3SVC

which from the kb shows that it is in the right location right?

Thank You

Try this now
Restart the IIS Admin service
Go to Start > Run > Type IISRESET
Click OK.
Start the Symantec Endpoint Protection Manager service
Go to Start > Run > Type Services.msc
Right Click on Symantec Endpoint Protection Manager Service and select Start.

Sir Aravind

Service still stops and 401 error is still on the scm-server-0.log

Thank You

Try this once
Failed to connect to the server while logging on to the SEPM

Have tried this sir but it didnt work as well

Thank You

We are thinking of reinstalling IIS and SEPM will that be a good idea?

But ofcourse we hope this would be our last resort

Thank You

Go the propery of the IUSR, and Open the Account tab
Click the Logon Hours button and Set to Logon Permitted
Click OK.

Before to that try this also one give read and write permission to IUSER to following folders
\Program Files \Symantec\Symantec Endpoint Protection Manager
\Program Files \Symantec\Symantec Endpoint Protection Manager\Inetpub and its sub folders
C:\Inetpub and its sub groups...

If above suggestions not helps reinstall IIS and do a repair for SEPM from add/remove programs...

The steps above still doesnt work? 

Hoping for more of your response

Thank You Very much for a fast response

You mean you reinstalled the IIS?

If no more suggestion we will now push through with the reinstallation both for SEPM and IIS

 refer this KB

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-manager-console-service-stop#comment-2731011

Do you checked the above permissions?If yes once try by using Symantec Endpoint Protection Support Tool.It may show you any permissions issue you have .Have a look at this KB
About the Symantec Endpoint Protection Support Tool

Sir

Have already reinstalled IIS and SEPM, but still the service for SEPM stops

in scm-server-0.log still error 401 is reflected

Just wanted to inquire if this issue is mainly an authentication problem?

Thank You

"Enable Anonymous Access" has always been checked in IIS

The permission of C:/ProgramFiles/Symantec folder

On what locations or folders in IIS ?

Sorry sir but yes we have already checked or enabled anonymous access.

and have already tried adding permissions of the SEPM folders.  Basing from the post given by Sir Prachand and Sir Aravind

Thank You

Just wanted to know the reason behind as to why SEPM service stops.

open iis
right click on symatnec web server
properties
directory security
check integrated windows authentication
restart sepm service
try to log in now

Then Also not getting follow the below doc and see

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/2b432247a8881722652576040040e28e?OpenDocument

Http error 401 - Access denied
Do you tried SEP support tool?Is it given you some error?

Hi Maheshroja

We are now able to log in to SEPM server and SEPM service doesnt stop anymore

Steps Taken:

1) The one you have given
open iis
right click on symatnec web server
properties
directory security
check integrated windows authentication
restart sepm service
try to log in now

but we also need to change the permission on

2) Reporting> Directory Security under Symantec Web Server
to an admin account and also clicked on Integrated Windows Authentication


But after this , since we have reinstalled everything, do we:

1) Wait for SEPM to read all the data from SQL?
2) Do we need to restore any backup?

Thank You Very Much


 

If want to restore the old database which you have 
You can restore and see.

Since you are facing problem even after reinstalling IIS and SEPM I think the problem is related to your GPO.Any GPO is applied to symantec services?
You can check this as follows
start run & type rsop.msc- it will open a new window.
--> Under computer configrations go to windows setting-- then security setting & click on the system services.. On the right hand side find SEP serivices & check if there is any thing under stratup??

If you reinstalled SEPM and you need to to connect all the back you have to follow this procedure
Best Practices for Disaster Recovery with Symantec Endpoint Protection

Thank you for sharing the information...

Security gaurd have your problem resolved?

We have just finish restoring the backup and have seen some data but we have to monitor more on the recovery of data

We will keep you posted on future updates

Thank You Very Much

You all have been much help to us

Hi Sirs

Sorry for the late reply , so far our SEPM is up and running, all the credentials and client data is restored so far

But the problem is, it seems that out clients still hasnt made connection with the server since last thursday

Hoping for your suggestions

Thank You

Hi Thanks For update..