Endpoint Protection

I had installed SEPM 12 and setup several servers. I setup about 12 total with client protection. Yesterday morning I noticed that there were some servers not getting definitions updated. The SEPM and SEP clients seemed to be working correctly for about three days and then bam, they all just stopped updating. Everything was running ok and there didn't seem to be any problems. I figured I would restart the server and see if that helps as I couldn't really find any issues (event log was ok and everything seemed good). When the server came up, all hell broke loose.

The first thing I noticed is that the Endpoint Protection manager application wouldn't start. I checked the services and it appeared that Symantec Endpoint Protection Manager (Semsvc.exe) wasn't started. I attempted to start it and about 5 seconds after I started it, it crashed. I tried it a few more times and couldn't get it started so I went to check the event log. In the event log I am now seeing errors. I see the following errors:

Faulting application name: httpd.exe, version: 2.2.22.4, time stamp: 0x4f71ed81

Faulting module name: secars.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f8fc3a5

Exception code: 0xc0000005

Fault offset: 0x6db85110

Faulting process id: 0x138

Faulting application start time: 0x01cd4570c7acdee0

Faulting application path: <path withheld>\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe

Faulting module path: secars.dll

Report Id: 05ca0070-b164-11e1-806d-005056bd6a12

Initialize Server Configuration Error

can you post the scm-server-0.log?

Hello,

What version of SEP 12.1 are you running? What OS are you running on the SEPM server?

I could find following fix in SEP 12.1 RU1 notes. In your case you are already using SEP 12.1 RU1.

I would like to know it was an upgrade or fresh install ?

Apache httpd.exe process crashes
Fix ID: 2484177
Symptom: The Apache httpd.exe process crashes every few hours after upgrading from SEP 11.x to SEP 12.1.
Solution: A string was not terminated correctly. The string is now terminated correctly

Reference : http://www.symantec.com/business/support/index?page=content&id=TECH174

Secondly, Was there any SEPM Backup Taken?

Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH160736

Yes, as pete suggested in the comment above, please provide us with the scm-server-0.log and catalina.out.log which would assist us to get to the root cause of the issue.

Hope that helps!!

Sure! No problem.

Attachment(s)

scm-server-0_24.zip   15 KB 1 version

Thanks a bunch for the help! Let me see if I can answer your questions.

1. I believe I am running the latest version as this was a fresh download done about mid May. The zipped file I downloaded from Symantec File Connect says, "Symantec_Endpoint_Protection_RU1_MP1_Part1_Installation_EN."
2. I am running this on Windows 2008 R2 Enterprise. This is a VM on ESX(i) 5.0 update 1. 
3. This was a fresh install.
4. I believe the automated backup process was run a few times. I ran out of disk space about 2 days after inital install. I increased the side of the database drive and restarted the server. Everything woked fine for a few days after that. That specifc drive currently has 10 gigs free. 
5. I have also attached the catalina.out file as requested.

Again, thanks a ton for the help on this guys. I've worked with SEPM 11 and this is my first foret into SEPM 12.x.

Attachment(s)

catalina_1.zip   703 B 1 version

Hello,

Upon checking the Logs, we see..

2012-06-05 17:20:08.603 THREAD 648 SEVERE:  in: com.sygate.scm.server.consolemanager.requesthandler.ConfigServerHandler

java.io.IOException: There is not enough space on the disk

1. Could you please check if there is enough disk space available on the machine?
2. Symantec Endpoint Protection Manager is installed on D drive.
3. Once the machine has enough disk space, you can run the Management Configuration Wizard to Login to the SEPM.

There was a space issue early on, but that has been resolved. There is now 10 gigs free on all disk drives. I found the management configuration wizard, but it gets to the point where it asks me if I want to overwrite the database, and I choose no... Do I want to choose yes to that? 

Hello,

Do we have a Database Backup? Was there any SEPM Backup Taken?

Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH160736

Similar Issue and same situation - 

https://www-secure.symantec.com/connect/forums/faulting-application-name-httpdexe-version-22215

Hope that helps!!

I appear to have a backup file (database) but it seems to be old. It's dated 6/4. My failure occured 6/6 or 6/7. I also have found the Server Private Key Backup zipped file. It's dated 5/31. Are these the files you are looking for? I am reading the restore procedures right now. 

Hello,

Yes,. those are the files.

Follow the Steps provided in the Article provided above for Disaster Recovery, if possible.

This is probably one of those rare occasions where this process doesn't work. I had to do a full reinstall. It appears that either the Semsvc.exe or the httpd.exe service was truely corrupted.