Symantec Endpoint Protection Manager 11.x Communication Troubleshooting

Article:TECH102681  |  Created: 2007-01-17  |  Updated: 2011-06-27  |  Article URL http://www.symantec.com/docs/TECH102681
Article Type
Technical Solution


Issue



Symantec Endpoint Protection Manager is experiencing communication issues by logging errors or displaying HTTP error codes.

Symptoms
Symantec Endpoint Protection Manager service stops with a Java -1 error in the event log

  • Symantec Endpoint Protection Manager displays an HTTP error in the Home, Monitors and Reports tabs
  • Symantec Endpoint Protection Manager service (SemSrv) will not stay in a started state
  • Symantec Endpoint Protection Manager continually displays the progress bar without loading the pages in the Home, Monitors and Reports tabs
  • Symantec Endpoint Protection Manager displays blank pages in the Home, Monitors and Reports tabs
  • "Too many users are connected" or "No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept"

 


Cause



There are many possible causes for this problem. Be sure to read through all of the possible causes and solutions listed below.


Solution



Run the Symantec Endpoint Protection Support Tool
The Symantec Endpoint Protection Support Tool can identify some of the possible causes of this problem automatically. To download the tool, see the document The Symantec Endpoint Protection Support Tool.


Compatibility Assessment
Please refer to the following document to ensure that you meet the supported configuration:

System requirements for Symantec Endpoint Protection 11 and Symantec Network Access Control 11


Operating System Assessment
Microsoft Windows XP Professional Edition and Windows 2000 Professional Edition are limited to a maximum of ten (10) concurrent connections. Please refer to Microsoft's End User Licensing Agreement (EULA) or Microsoft's Knowledge Base for further details.


IIS Assessment
The HTTP error messages typically indicate a problem with the configuration of the Internet Information Services (IIS). To diagnose the problem, check the IIS logs for the full error code. The default location for the logs is:
C:\Windows\System32\LogFiles\W3SVC1

Note: Please have this log file ready for technicians when contacting Technical Support.


Ensure that the appropriate rights are configured for IIS.

    Verify that the DefaultAppPool identity is set to "Network Service".
    1. Open the IIS Administrator
    2. Expand <server name> > Application Pools
    3. Right-click DefaultAppPool and select Properties
    4. Under Identity, verify the Predefined radio button is selected and that the Network Service is selected in the drop-down list.

    Verify User Rights.
    1. Click Start> Run.
    2. Type gpedit.msc.
    3. Expand Computer Configuration> Windows Settings> Security Settings> Local Policies.
    4. Select User Rights Assignment.
    5. Double-click on Adjust memory Quotas for a Process and Replace a process-level token and verify that the "NETWORK SERVICE" is listed.
      Note: If the "Add User or Group..." option is disabled, it is possible that this policy is locked by a domain GPO (group policy object) which will require an assessment of domain GPOs.
    6. Restart the "IIS Admin" service to update any changes.
       

    Verify Authentication and Access Control.
    1. Open the IIS Administrator
    2. Expand <server name> > Web Sites
    3. Right-click on Default Web Site and select Properties
    4. Select Directory Security.
    5. Under "Authentication and Access Control" select Edit.
    6. Verify that Enable Anonymous Access is checked.
    7. Please check the appropriate setting if you are utilizing Authenticated Access.

    Verify Secure Communications is not selected (if SSL is not implemented).
    1. Open the IIS Administrator
    2. Expand <server name> > Web Sites
    3. Right-click on Default Web Site and select Properties
    4. Select Directory Security
    5. Under "Secure Communications", select Edit
    6. Verify that Require Secure Channel (SSL) is not selected.



Java Assessment
For more information on Java, see the following document:

"Symantec Endpoint Protection Manager remote console is not able to login using Java version 1.6." at:
http://www.symantec.com/business/support/index?page=content&id=TECH102328&locale=en_US


The default heap size for the Symantec Endpoint Protection Manager is 256MB. Be sure to adjust the heap size as appropriate for the operating system. Please refer to page 89 of the installation_guide.pdf located on the installation CD or at the following FTP location:
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/installation_guide.pdf


To adjust the Symantec Endpoint Protection Manager heap size:

  1. Click Start> Run.
  2. Type regedit
  3. Press Enter.
  4. Locate the following registry key:
    HKLM\SYSTEM\CurrentControlSet\Services\semsrv\Parameters\

  5. Locate the following keys:
    JVM Option Number 0
    JVM Option Number 1

  6. Adjust the key values upward, and match the key values.
    For example, to create a 1 GB static heap, set the JVM Option Number 0 to -Xms1024m, and set the JVM Option Number 1 to -Xmx1024m.
  7. Exit Regedit.
  8. Click Start> Settings> Control Panel> Administrative Tools.
  9. In the Services dialog box, right-click Symantec Endpoint Protection Manager, and then click Restart.




PHP Assessment
Running multiple versions of PHP being used by different software products may cause conflicts. PHP performs a check for global configuration (php.ini) in a variety of locations. It forces each product to use its own interpreter which allows the product to operate properly and to use the correct version of PHP associated with each product. Please check your PHP configuration.


Database Assessment


    Verify communication to the embedded (Sybase) database.
    Verify that the "Symantec Embedded Database" service is running and that the "dbsrv9.exe" process is listening on TCP port 2638.
    • Test the ODBC connection.
      1. Click Start> Control Panel
      2. Open Administrator Tools
      3. Double-click Data Sources (ODBC)
      4. Select the System DSN tab
      5. Double-click the SymantecEndpointSecurityDSN and go through the wizard to ensure the following settings:
        • Name: SymantecEndpointSecurityDSN
        • Description:<Anything>
        • Server: Servername\InstanceName (Can be blank as it is localized, otherwise specify default "sem5")
        • Login ID: dba
        • Password: <password>

          Note: If the “Encrypt password” box on the Login tab is not checked, your password will be stored as plain text in the Windows registry.

           
      6. Leave the default settings for the remaining items and click Finish
      7. Click Test Data Source, and verify that it states "Success"
      8. Click OK

    Verify communication to the Remote (SQL) Database.
    • Verify that you have specified a named instance during installation and configuration. Example: \\<server name>\<instance name>
    • Verify SQL Server is running and properly configured.
    • Verify the network connections between Symantec Endpoint Protection Manager and the SQL database.
    • Test the ODBC connection.
      1. Click Start> Control Panel
      2. Open Administrator Tools
      3. Double-click Data Sources (ODBC)
      4. Select the System DSN tab
      5. Double-click SymantecEndpointSecurityDSN and go through the wizard to ensure the following settings:
        • Name: SymantecEndpointSecurityDSN
        • Description:<Anything>
        • Server: Servername\InstanceName (Only enter the server name or IP address if using the default instance)
        • Login ID: sa
        • Password: <password>

           
      6. Leave the defaults for the rest of the items and click Finish
      7. Click Test Data Source on the next page and ensure it states "Success"
      8. Click OK


        For 64bit ODBC communication follow the link below.

http://www.symantec.com/docs/TECH103990


References
"Troubleshooting Client/Server Connectivity." at:

http://www.symantec.com/docs/TECH105894


This document is available in the following languages:


 



Legacy ID



2007101711103548


Article URL http://www.symantec.com/docs/TECH102681


Terms of use for this information are found in Legal Notices