Clients stop communicating with the Symantec Endpoint Protection Manager (SEPM) with a HTTP 401 error in Sylink log and a HTTP 401.1 error in IIS log

Article:TECH104479  |  Created: 2008-01-26  |  Updated: 2011-04-28  |  Article URL http://www.symantec.com/docs/TECH104479
Article Type
Technical Solution

Product(s)

Issue



Clients stop communicating with the SEPM after replacing the sylink or after re-deploying the client install package. Sylink monitor logs show HTTP 401 errors and IIS logs show 401.1 errors.

Symptoms
Clients lose the green dot and stop communicating with the manager. Dropping the sylink or re-deploying the client package does not restore communications.


The following entries are seen in the Sylink logs:

    03/19 11:22:19 http://SEPM.FQDN
    03/19 11:22:19 SMS return=401
    03/19 11:22:19 401=>Uninterpreted Status
    03/19 11:22:19 Content Length => 1539
    03/19 11:22:19 HTTP return status code=401

The following entries are seen in the IIS logs:

    2008-03-26 16:55:41 10.200.17.25 GET /microcall/mtserver.dll LastMessage 80 SEPM.FQDN\Administrator 10.200.17.25 MICROCALL 200 0 0
    2008-03-26 16:55:41 127.0.0.1 GET /secars/secars.dll action=36 80 - 127.0.0.1 Java/1.5.0_14 401 1 0
    2008-03-26 16:55:41 127.0.0.1 GET /secars/secars.dll action=36 80 - 127.0.0.1 Java/1.5.0_14 401 1 0
    2008-03-26 16:55:41 127.0.0.1 GET /secars/secars.dll action=36 80 SEPM.FQDN\TWCSVR$ 127.0.0.1 Java/1.5.0_14 200 0 0
    2008-03-26 16:55:42 127.0.0.1 GET /secars/secars.dll action=38&usn=114 80 - 127.0.0.1 Java/1.5.0_14 401 1 0
    2008-03-26 16:55:42 127.0.0.1 GET /secars/secars.dll action=38&usn=114 80 - 127.0.0.1 Java/1.5.0_14 401 1 0



 


Cause



The issue can occur if anonymous access is configured in IIS and the anonymous access account password is not same as the actual information stored in the local user database or in Active Directory.


Solution




If the SEPM is on a Domain:

A.

    1. Open IIS Manager
    2. Right click on the website in which SEPM is installed
    3. Click Properties
    4. Click on the Directory Security tab
    5. Under Authentication and access Control click Edit
    6. Make sure that Enable anonymous access is checked
    7. Add the IUSR account if not present
    8. Enter the IUSR password
    9. Restart the IISAdmin and SEPM services

      To reset the IUSR account password (if needed)
       
  1. Open Active directory Users or Computers and search for the IUSR account
  2. Right click on the IUSR account and select Reset Password
  3. After resetting the password put the same password for the IUSR in IIS
  4. Restart the IISAdmin and SEPM Service

B.

  1. Open IIS Manager
  2. Right click on the website in which SEPM is installed
  3. Click Properties
  4. Click on the Directory Security tab
  5. Under Authentication and access Control click Edit
  6. Make sure that Enable anonymous access is checked
  7. Add the Domain Administrator account as a test if adding and resetting the password  of IUSER  account does not help  (STEP A).
  8. Enter the Domain Administrator password .
  9. Restart the IISAdmin and SEPM services
    (Once confirmed whether or not this resolves the issue, you have identified that the issue is due to a permissions related problem. Identify an account that will work with IIS that is not a Domain Administrator account and use that one instead.) 

 

 


If the SEPM is in a Workgroup

    1. Open IIS Manager
    2. Right click on the website in which SEPM is installed
    3. Click Properties
    4. Click on the Directory Security tab
    5. Under Authentication and access Control click Edit
    6. Make sure that Enable anonymous access is checked
    7. Add the IUSR account if not present
    8. Enter the IUSR password
    9. Restart the IISAdmin and SEPM services

      To reset the IUSR account password (if needed)
       
  1. Right click My Computer and choose Manage
  2. Expand Local Users and Groups
  3. Click on users and find the IUSR account
  4. Once found, right click on the user and click on reset password




References
http://support.microsoft.com/kb/907273/



 



Legacy ID



2008032702341648


Article URL http://www.symantec.com/docs/TECH104479


Terms of use for this information are found in Legal Notices