Policy serial numbers do not get updated/created unless the SEPM service is restarted

Article:TECH173941  |  Created: 2011-11-09  |  Updated: 2012-09-20  |  Article URL http://www.symantec.com/docs/TECH173941
Article Type
Technical Solution

Product(s)


Issue



  • Updating an existing policy and applying it to an existing group does not update the policy serial number.  Once the server is rebooted or the Symantec services are cycled things begin working again.
  • Creating a new group does not generate a policy serial number and the corresponding folder in the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent is not created.
  • After restarting the SEPM service, changes made prior to restart are applied, but then new updates also require the SEPM service to be restarted again.
  • PackagePublisherTask.log (recording all the events related to Policy Serial Number updates) shows that Package Publisher Task is only executed once, just after restarting SEPM, instead of on a regular basis as it should be.

 


Error



ID of groups added in the console:

C595B39CC02005EB003D0D2B5BB0027B
38FC8B92C02010AE01059FD6BFCB77B9

 

CommitTransaction logs show when they have been added to the console:

2011-10-28 13:43:01.652 THREAD 73 FIN: insertIdentityAttributes: Insert into IDENTITY_MAP (ID, NAME, TYPE, DOMAIN_ID) values (?,?,?,?)
2011-10-28 13:43:01.652 THREAD 73 FIN: C595B39CC02005EB003D0D2B5BB0027B, SemClientGroup
...
2011-10-28 14:48:48.545 THREAD 113 FIN: insertIdentityAttributes: Insert into IDENTITY_MAP (ID, NAME, TYPE, DOMAIN_ID) values (?,?,?,?)
2011-10-28 14:48:48.545 THREAD 113 FIN: 38FC8B92C02010AE01059FD6BFCB77B9, SemClientGroup

 

Gap in PackagePublisherTask, matching the moment when groups were added:

2011-10-27 17:02:14.640 THREAD 25 FIN: PackageTask started with priority=1, isFirstTime =false
2011-10-28 15:14:49.613 THREAD 21 GRAVE: ================== Server Environment ===================   => match the moment when SEPM service has been restarted

 

All "Group checking" events in PackagePublisherTask:

2011-10-27 16:57:34.098 THREAD 25 FIN: Setup group directories and compile group profiles...
2011-10-27 16:57:34.221 THREAD 25 FIN: Checking group: 9A1F857FC02010AE018756D0F0AD67CC
2011-10-27 16:57:34.842 THREAD 25 FIN: Checking group: 6F273083C02010AE004AF0B2D7542ED3
2011-10-27 16:57:34.917 THREAD 25 FIN: Checking group: 58181891C02010AE00AB3A9323EFA65B
2011-10-27 16:57:34.995 THREAD 25 FIN: Checking group: EDD606CDC02010AE00CF2994024E8187
2011-10-27 16:57:35.111 THREAD 25 FIN: Checking group: 34FACF47C02010AE0035C5849FEA083C
2011-10-27 16:57:36.841 THREAD 25 FIN: Checking group: 474431AEC02010AE01C8621359716BDD
2011-10-27 16:57:37.099 THREAD 25 FIN: Checking group: 8925A53CC02010AE0153CE00BD646495
2011-10-27 16:57:37.265 THREAD 25 FIN: Checking group: 37B592A6C02010AE00A29E6D45FD3601
2011-10-27 16:57:37.427 THREAD 25 FIN: Checking group: 18CC3274C02010AE018C44A7C87BBC87
2011-10-27 16:57:37.699 THREAD 25 FIN: Checking group: C00EDDBBC02010AE00B7EDD3B0122FFD
2011-10-27 16:57:37.748 THREAD 25 FIN: Checking group: 89E44125C021865200C005E8BAC9A14B
2011-10-27 16:57:38.498 THREAD 25 FIN: Checking group: FFD0CAA3C021865201E5AAEC50CEBC68
2011-10-27 16:57:38.545 THREAD 25 FIN: Checking group: B364153FC02186520155BA783C7D0AD8
2011-10-27 16:57:38.585 THREAD 25 FIN: Checking group: 6E71F637C02010AE018E1E4FE62F55E1
2011-10-27 16:57:38.619 THREAD 25 FIN: Checking group: B95675C2C02185940045209EA0515C2C
2011-10-27 16:58:06.826 THREAD 25 FIN: Checking group: B79C3582C02010AE00D245AB5E75AD5A
2011-10-27 16:58:07.062 THREAD 25 FIN: Checking group: AC68F2CCC02010AE01670CC557B1ED34
2011-10-27 16:58:09.770 THREAD 25 FIN: Checking group: 57B92D02C02010AE00C49FA6B9F3F447
2011-10-27 16:58:10.110 THREAD 25 FIN: Checking group: 55291967C02010AE0162B914E1316D92
2011-10-27 16:58:12.105 THREAD 25 FIN: Checking group: 5F443839C02010AE01EF2FED39CDF32A
2011-10-27 16:58:12.160 THREAD 25 FIN: Checking group: 7642BD28C02010AE0066455F4A31B11A
2011-10-27 16:58:14.424 THREAD 25 FIN: Checking group: CCCB8609C02010AE01D47F6C28E79B8A
2011-10-27 16:58:16.257 THREAD 25 FIN: Checking group: 23D63EF4C02010AE00BB06794AF1E4E8
2011-10-27 16:58:16.775 THREAD 25 FIN: Checking group: 9E93B005C02010AE01F50DF9FD5A1D07
2011-10-27 16:58:16.919 THREAD 25 FIN: Checking group: BF3C0666C02010AE0199693A03F56CF1
2011-10-27 16:58:19.098 THREAD 25 FIN: Checking group: 30527429C02010AE00701F2CE92C41F2
2011-10-27 16:58:19.199 THREAD 25 FIN: Checking group: 207FDAF7C02010AE0016C85D2115E477
2011-10-28 15:21:41.536 THREAD 21 FIN: Setup group directories and compile group profiles...   => match the moment when SEPM service has been restarted
2011-10-28 15:21:41.991 THREAD 21 FIN: Checking group: 9A1F857FC02010AE018756D0F0AD67CC
2011-10-28 15:21:42.507 THREAD 21 FIN: Checking group: 6F273083C02010AE004AF0B2D7542ED3
2011-10-28 15:21:42.668 THREAD 21 FIN: Checking group: 58181891C02010AE00AB3A9323EFA65B
2011-10-28 15:21:42.804 THREAD 21 FIN: Checking group: EDD606CDC02010AE00CF2994024E8187
2011-10-28 15:21:43.049 THREAD 21 FIN: Checking group: 34FACF47C02010AE0035C5849FEA083C
2011-10-28 15:21:43.387 THREAD 21 FIN: Checking group: 474431AEC02010AE01C8621359716BDD
2011-10-28 15:21:43.441 THREAD 21 FIN: Checking group: 8925A53CC02010AE0153CE00BD646495
2011-10-28 15:21:43.734 THREAD 21 FIN: Checking group: 37B592A6C02010AE00A29E6D45FD3601
2011-10-28 15:21:43.806 THREAD 21 FIN: Checking group: 18CC3274C02010AE018C44A7C87BBC87
2011-10-28 15:21:43.870 THREAD 21 FIN: Checking group: C00EDDBBC02010AE00B7EDD3B0122FFD
2011-10-28 15:21:43.927 THREAD 21 FIN: Checking group: 89E44125C021865200C005E8BAC9A14B
2011-10-28 15:21:43.999 THREAD 21 FIN: Checking group: FFD0CAA3C021865201E5AAEC50CEBC68
2011-10-28 15:21:44.080 THREAD 21 FIN: Checking group: B364153FC02186520155BA783C7D0AD8
2011-10-28 15:21:44.164 THREAD 21 FIN: Checking group: 6E71F637C02010AE018E1E4FE62F55E1
2011-10-28 15:21:44.232 THREAD 21 FIN: Checking group: B95675C2C02185940045209EA0515C2C
2011-10-28 15:21:44.301 THREAD 21 FIN: Checking group: 38FC8B92C02010AE01059FD6BFCB77B9   => group finally known/checked
2011-10-28 15:21:44.333 THREAD 21 FIN: Checking group: C595B39CC02005EB003D0D2B5BB0027B   => group finally known/checked
2011-10-28 15:22:02.217 THREAD 21 FIN: Checking group: B79C3582C02010AE00D245AB5E75AD5A
2011-10-28 15:22:02.302 THREAD 21 FIN: Checking group: AC68F2CCC02010AE01670CC557B1ED34
2011-10-28 15:22:06.229 THREAD 21 FIN: Checking group: 57B92D02C02010AE00C49FA6B9F3F447
2011-10-28 15:22:06.288 THREAD 21 FIN: Checking group: 55291967C02010AE0162B914E1316D92
2011-10-28 15:22:08.876 THREAD 21 FIN: Checking group: 5F443839C02010AE01EF2FED39CDF32A
2011-10-28 15:22:09.125 THREAD 21 FIN: Checking group: 7642BD28C02010AE0066455F4A31B11A
2011-10-28 15:22:09.811 THREAD 21 FIN: Checking group: CCCB8609C02010AE01D47F6C28E79B8A
2011-10-28 15:22:11.299 THREAD 21 FIN: Checking group: 23D63EF4C02010AE00BB06794AF1E4E8
2011-10-28 15:22:12.181 THREAD 21 FIN: Checking group: 9E93B005C02010AE01F50DF9FD5A1D07
2011-10-28 15:22:13.380 THREAD 21 FIN: Checking group: BF3C0666C02010AE0199693A03F56CF1
2011-10-28 15:22:26.432 THREAD 21 FIN: Checking group: 30527429C02010AE00701F2CE92C41F2
2011-10-28 15:22:27.092 THREAD 21 FIN: Checking group: 207FDAF7C02010AE0016C85D2115E477

 


Environment



  • Symantec Endpoint Protection 12.1 with SQL Database (does not apply to Embedded Database) 
  • Windows 2008
  • Windows 2008 R2
  • Windows 2008 SBS

Cause



Symantec is currently investigating this issue.


Solution



Symantec is aware and is investigating this issue.  This document will be updated as more information is available.  To resolve this issue, please use the following instructions:

  1. Stop the Symantec Endpoint Protection Manager service
  2. Stop the SQL Database service.
  3. Go to the directory <SEPM install dir>\tomcat\conf\Catalina\localhost and find the file ROOT.xml
  4. Backup ROOT.xml by taking a copy into a secure directory
  5. Use a text editor to open and edit ROOT.xml
  6. Find the string:  validationQuery="SELECT count(*) FROM CONNECTION_TEST"
  7. Next, add/append to the end of that string:  validationQueryTimeout="60"
  8. Save the changes
  9. Start the SQL Database service
  10. Start the Symantec Endpoint Protection Manager service

After making the changes the edited ROOT.xml should look like the following example:

<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="false" antiResourceLocking="false" crossContext="true"
debug="0" privileged="true" reloadable="false">
  <Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver"
factory="com.sygate.scm.pool.ScmDataSourceFactory" maxActive="150" maxIdle="50"
maxWait="30000" name="jdbc/metadatabase" password="{************}"
type="javax.sql.DataSource"
url="jdbc:jtds:sqlserver://TESTSQL:49934/TESTSEP;instance=TEST" username="TESTsep"
validationQuery="SELECT count(*) FROM CONNECTION_TEST" validationQueryTimeout="60"/></Context>


Supplemental Materials

SourceETrack
Value2695163



Article URL http://www.symantec.com/docs/TECH173941


Terms of use for this information are found in Legal Notices