Endpoint Protection

First off, I'm doing this on a test box, not my actual production box.

We are beginning a mass move to Windows Server 2008, so I'd like to take advantage of the latest builds of the SEP Manager server working on 2k8.

My server was 2003, and I updated it to 11.0.4014 MR4 MP1. That seemed to go well.  Then I did an inplace upgrade of the server to Windows Server 2008.

I'm using the embedded database, that seems to be working fine. Symantec Endpint Protection Manager however will not run, it puts the following Event 4096 semsrv in my application log: The Java Virtual Machine has exited with a code of -1, the service is being stopped.

I've searched these forums for that error and tried the following:

Doing a repair install of Symantec Endpoint Protection - no change.
Doing a reconfiguration using the Management Server Configuration Wizard - no change.

Windows Firewall is disabled on this box - IIS also seems to be working fine.

Any ideas for fixing this would be great.

Thanks,

- Steve

Hi,

      Please try the following steps as this seems to be an issue with the Tomcat port.

A conflict on port 8005 can account for this error. The server version of Quickbooks 2007 is known to use another version of tomcat on port 8005.

To alter the Tomcat port used by SEPM:
Ensure that the Symantec Endpoint Protection Manager service is stopped. Please see the Technical Information section of this document for steps to start/stop this service.
Right-click the server.xml file and click Edit to modify the file:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml

For conflicts with port 8005, change the port to another unused port:
port="8005"

Save the changes to the "server.xml" file.
Start the Symantec Endpoint Protection Manager service
Attempt to login to the Symantec Endpoint Protection Manager, or create an install package to test if the issue is resolved.

Nope, nothing else is running on Port 8005. I changed it anyway to another port number I know not to be in use (16000), and it still dies.

Do you think you could post the event logs. There are actually quite a few reasons why you might get this error and the even logs will help us narrow it down. Cheers,

Grant

Sure thing and I've narrowed it down a little I think. The scm-server-0.log has the following:  Note the inability to instantiate the dll:

2009-05-08 21:58:50.832 SEVERE: ================== Server Environment ===================
2009-05-08 21:58:50.832 SEVERE: os.name = Windows Vista
2009-05-08 21:58:50.832 SEVERE: os.version = 6.0
2009-05-08 21:58:50.832 SEVERE: os.arch = x86
2009-05-08 21:58:50.832 SEVERE: java.version = 1.5.0_15
2009-05-08 21:58:50.832 SEVERE: java.vendor = Sun Microsystems Inc.
2009-05-08 21:58:50.848 SEVERE: java.vm.name = Java HotSpot(TM) Server VM
2009-05-08 21:58:50.848 SEVERE: java.vm.version = 1.5.0_15-b04
2009-05-08 21:58:50.848 SEVERE: java.home = C:\Program Files\Symantec\Symantec Endpoint Protection Manager\jdk\jre
2009-05-08 21:58:50.911 SEVERE: catalina.home = C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat
2009-05-08 21:58:50.911 SEVERE: java.user = null
2009-05-08 21:58:50.911 SEVERE: user.language = en
2009-05-08 21:58:50.911 SEVERE: user.country = US
2009-05-08 21:58:50.911 SEVERE: scm.server.version = 11.0.4014.26
2009-05-08 21:59:04.692 SEVERE: ================== StartClientTransport ===================
2009-05-08 21:59:05.098 SEVERE: Unknown Exception in: com.sygate.scm.server.servlet.StartupServlet
java.lang.Exception: HTTP 404 Not Found, URL: http://localhost:8014/secars/secars.dll?action=34
at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:556)
at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:72)
at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:104)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)
com.sygate.scm.common.communicate.CommunicationException: Unexpected server error. ErrorCode: 0x10010000
at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:580)
at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:72)
at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:104)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)


See, it's throwing a 404 back from the web server when calling the secars.dll. I verified that the dll is registered as a web extension in the ISAPI and CGI Restrictions in IIS7 manager, but it doesn't want to execute.  Is there some default permission under IIS7 that isn't allowing this to run?

Thanks!

This is one of the articles I have found thus far. I will edit this post as I find more. This relates specifically to the 404 error throwback.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008030400460348

Grant-

Grant, that article really isn't helpful here.  My IIS installation is stable and it's responding with a 404.2, not a 404.0.

If I try to access the secars DLL with the follwoing URL on the box:

http://localhost:8014/secars/secars.dll?hello,secars

I get a server error:

Error Summary
HTTP Error 404.2 - Not Found
The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.

Detailed Error Information
Module IsapiModule
Notification ExecuteRequestHandler
Handler AboMapperCustom-960846
Error Code 0x800704ec
Requested URL http://localhost:8014/secars/secars.dll?hello,secars
Physical Path C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\secars\secars.dll
Logon Method Anonymous
Logon User Anonymous

But I have the secars.dll set in the ISAPI and CGI restrition list--if I check ISAPI and CGI Restrictions at the server level, I see Secars and Secreg are set up as allowed.  

Is there a permissions issue going on here?

Okay, I think I figured this out. The trick was to not go to add/remove programs and so a repair install, but rather re-run the installer .MSI file from the SEPM directory of the 11.0.4014 MR4 MP1 installer.

So, here's how to recreate what I was doing:

2k3 box has older install
Install 11.0.4014 MR4 MP1
Do an inplace upgrade of the 2k3 box -> 2k8
Go to your 11.0.4014 MR4 MP1 installer, disc1, SEPM folder and run the .msi file there.
Do a repair install
Follow through with the reconfigure of the install--it should notice that the database schema is unchanged
After that, start the service, it should stay running.

I have no idea what magic this installer does to fix thiings up, but I'm pretty happy it does.

I will be trying to do this with a production server in the near future, I might run this through a test server one more time to make sure I know the steps will work for me. YMMV.

tell me: what port SEPM was using when it was on 2003 server?

You upgraded your OS with the SEPM installed?  Its neat that you got it to work, but I honestly wouldn't do that in a production environment.  Way too many variables and things that can go wrong.  You have to contend with IIS 6 > IIS 7 changes, missing SEPM files required for 2008 functionality, and permissions changes with IUSR.  (Technically the user account actually changes.)  Seems to me that you would be much better served by simply doing a database/jks/keystore backup and then just reinstalling the SEPM and restoring the database once 2008 is up and running. 

It was on 8014, the default.

It was on 8014, the default.

The default, port 8014.


Sorry for the triple post--the forums were not responding and refresh simply submitted again.

jks/keystore?  I understand the database backup part, but I'm not sure what you mean there.  I'm in a fairly small environment (<200 users, 1 SEPM server).

I'm all for whatever is best.  I think the reinstall is probably what fixed up the IUSR issues.  SEPM requires all the IIS6 backwards compatability stuff to run anyhow--I did a clean install of SEPM on 2k8 as a trial run as well and had just as much difficulty getting it to detect all the required parts of IIS, it took 3-4 runs at that install to get it to install once. :-)

If someone can give me best practices for this, I'm all ears.  I can't imagine I'm the last person on earth who is going to want to move his SEPM server up to 2k8.  :-)