Endpoint Protection

 View Only
Expand all | Collapse all

Unable to generate emailed notifications/reports

Migration User

Migration UserNov 10, 2010 12:15 PM

Migration User

Migration UserNov 10, 2010 02:10 PM

  • 1.  Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 11:52 AM

    Hello,

    I searched the forums and couldn't quite find any solution that works for me on this problem. As I stated in the topic, I'm unable to have emails send from the SEPM (11.0). A little bit of background so you can help me identify where the issue is. 

    When I decided to set this up, I went to the admin area and edited the properties of the server. I added the mail server and all of the pertinent information. I tried different forms of the user name to see if the syntax was incorrect. The only feedback I get is the scrolling text along the bottom stating: Email sending failed [Site: Sysmantec Endpoint] [Server: servername]. That repeats every hour with no other information.

    Is there an area I can check that would give more information as to what the cause/bottleneck is regarding this issue? I've been searching for this and have only found a couple of ideas. Port 25 is open. The password is correct. The email address to send to is proper as well. 

    Please let me know if there is more information I can give to assist. 



  • 2.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:07 PM

    can you find anything in scm-server0.log?

    check the logs folder of symantec endpoint protectio manager\logs folder



  • 3.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:08 PM

    Does your SMTP server requires Secure Password Authentication?

     

    SEPM cannot send email notifications to a SMTP server configured to require Secure Password Authentication. You will need to configure SEPM to use another mail server that does not require SPA or disable the requirement of SPA from your current email server.

     

    http://www.symantec.com/business/support/index?page=content&id=TECH103008&actp=search&viewlocale=en_US&searchid=1289408759804

     

    Best,

    Thomas



  • 4.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:14 PM

    Here is the only entry in the log. 

     

    2010-11-02 15:25:56.544 SEVERE: Unknown Exception in: com.sygate.scm.server.task.AgentLogCollector
    java.io.FileNotFoundException: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client\37b87d2a-3762-4444-ada4-fba1770375d0.dat (The process cannot access the file because it is being used by another process)
    at java.io.FileInputStream.open(Native Method)
    at java.io.FileInputStream.<init>(FileInputStream.java:106)
    at com.sygate.scm.server.task.AgentLogCollector.appendFile(AgentLogCollector.java:394)
    at com.sygate.scm.server.task.AgentLogCollector.enumerateInbox(AgentLogCollector.java:284)
    at com.sygate.scm.server.task.AgentLogCollector.run(AgentLogCollector.java:103)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)


  • 5.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:15 PM

    Hi Thomas,

    No. The server does not require that. 



  • 6.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:20 PM

    Are you using a FQDN?

     

    The user name that is configured for the mail server from the Server
    Properties dialog must be a fully qualified domain name (FQDN) in the form user@domain.
    If this field is left blank, the notifications are sent from SYSTEM@computername. If the
    reporting server has a name that uses Double Byte Character Set (DBCS) characters, you
    must specify the user name field with an email account name of the form user@domain.
    To check this setting, follow the instructions Below.

    1. Log in to the SEPM
    2. From the Admin tab click > Servers > Server name > Edit server properties > Mail server tab
    3. Input the name as "User@domain-name.com"(As an example.). The name used has to be a valid user name that belongs to the domain.

    http://www.symantec.com/business/support/index?page=content&id=TECH91622&locale=en_US



  • 7.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:24 PM

    Yes. the username is set as a fully qualified domain name with the admin account. 



  • 8.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:38 PM


  • 9.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 12:44 PM

    Can you try running a test notification?

     

    How to test the e-mail notification feature in the Symantec Endpoint Protection Manager Console.

     

    http://www.symantec.com/business/support/index?page=content&id=TECH95887&locale=en_US



  • 10.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 01:49 PM

    We're using a relay and there isn't any internal filtering going on. There's no whitelisting or blacklisting set up so there's nowhere to add that email address.



  • 11.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 01:50 PM

    I tried this and I'm not getting any notifications either. I get the error at login, but no email. 

    I should also add that I'm able to ping the email server just fine from the AV box so I know it "connects" and can "see" it. 



  • 12.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 01:55 PM

    Do the following:

     

    1. Stop the Symantec Endpoint Protection Manager service
    2. Add the line scm.log.loglevel=FINEST and scm.mail.troubleshoot=1 to the bottom of the file:

      C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties
    3. Restart the Symantec Endpoint Protection Manager service

     

    Try sending a test email or set a scheduled report to email, anything to generate an email.

    After doing so, attach the following files:

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SecurityNotifyTask.log

     

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\catalina.out



  • 13.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 02:10 PM
      |   view attached

    Here are the logs you requested. 

    Attachment(s)

    zip
    SecurityNotifyTask-0.zip   36 KB 1 version


  • 14.  RE: Unable to generate emailed notifications/reports

    Posted Nov 10, 2010 03:41 PM

    From the catalina.out file:

    ==========

    220 (domain) Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at  Wed, 10 Nov 2010 11:06:05 -0800 

     

    DEBUG SMTP: connected to host "192.168.2.243", port: 25
     
    EHLO 192.168.2.19
    DEBUG SMTP: Attempt to authenticate
    AUTH LOGIN
    535 5.7.3 Authentication unsuccessful.
     
    ==========
     
    Do you have any SMTP gateway that might be interfering?
    Ensure the user/pass is correct?
    Try adding the domain in front of the username?
     
    Obviously seems like something with the user/pass SEPM is sending is getting rejected...hope that provides a good starting point.
     


  • 15.  RE: Unable to generate emailed notifications/reports
    Best Answer

    Posted Nov 10, 2010 05:35 PM

    Problem solved. Since we're running a relay, there was no need for authentication. Since nothing could authenticate the username and password, it was failing. Taking the credentials out of the fields caused this problem to disappear and reports/notifications are sending at this time. Thank you all for the help.