When installing the Symantec Endpoint Protection Manager using the same hostname, the KeyStore file is not retrieved from the database
|Article:TECH103158|||||Created: 2007-01-24|||||Updated: 2010-08-14|||||Article URL http://www.symantec.com/docs/TECH103158|
After installing Symantec Endpoint Protection Manager (SEPM) to an existing site, logging on to the console generates a "Failed to connect to the server" error message.
The Symantec Endpoint Protection Manager service starts, a "Failed to connect to the server" error message is generated when logging on
- The "
<Install Dir>\Tomcat\Logs\catalina.out" log file displays the following error message: "java.io.FileNotFoundException: C:\Program Files\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks (The system cannot find the file specified)"
Managed clients cannot connect to the Symantec Endpoint Protection Manager server and display the error message "<ParseHTTPStatusCode:>503=>503 SERVICE NOT AVAILABLE" in the sylink.log file.
After installing, recovering, or reinstalling Symantec Endpoint Protection Manager on the same computer, or on a different computer, with the same host name as the previous computer name and you are using the same database.
A copy of the server certificate will be required to accomplish this work around.
If a copy of the server certificate is not available and this is a clean install on a system with the same host name as a previous system, copy the certificate files from the previous computer.
The two certificate files are:
<Install Dir>\Tomcat\etc\keystroke.jks <Install Dir>\Tomcat\conf\server.xml
Example: <FactoryclassName="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" keystoreFile="C:\Program Files\Symantec Endpoint Protection Manager\tomcat\etc\keystroke.jks" keystorePass="changeit" protocol="TLS"/>
If a backup of the previous server certificate cannot be obtained, the SEPM install must be accomplished with a different host name. This will force Symantec Endpoint Protection Manager to generate a new server certificate, which will also cause communication between the server and the clients to break.
To prevent this issue the future, accomplish the following steps before moving the Symantec Endpoint Protection Manager server. (This will require at least two servers in the site.)
Note: If the Embedded database is being used, there cannot be two servers in a site.
Article URL http://www.symantec.com/docs/TECH103158