Symantec Endpoint Protection (SEP) clients fail to communicate after a new Symantec Endpoint Protection Manager (SEPM) replication partner is configured

Article:TECH185333  |  Created: 2012-03-30  |  Updated: 2013-07-02  |  Article URL
Article Type
Technical Solution



SEP clients no longer communicate with their SEPM server and new clients cannot register to it anymore.

SEP shows a different "kcs" value (the hash of the encryption password set during the installation) in the and the sylink.xml files published for its groups.


The following errors can be seen in a sylink.log of a client with Sylink logging enabled:

  • 05/29 13:43:03.595 [5864] <EncodeHelper::DecryptUrl> Exception caught: Could not parse length parameter.
    05/29 13:43:03.595 [5864] <CSyLink::Start> Decryption for the last server entry failed.
  • 05/29 13:43:06.264 [2712] <SendRegistrationRequest:>http://<SEPM address>:<sepm port>
    05/29 13:43:06.264 [2712] 13:43:6=>Send HTTP REQUEST
    05/29 13:43:06.304 [2712] 13:43:6=>HTTP REQUEST sent

    05/29 13:43:06.304 [2712] 13:43:6=>QUERY return code
    05/29 13:43:06.304 [2712] 13:43:6=>QUERY return code completed   0
    05/29 13:43:06.304 [2712] <SendRegistrationRequest:>SMS return=400
    05/29 13:43:06.304 [2712] <ParseHTTPStatusCode:>400=>400 Bad Request

    05/29 13:43:06.304 [2712] <SendRegistrationRequest:>ERR to query content length  
    05/29 13:43:06.304 [2712] <SendRegistrationRequest:>Content Lenght =>
    05/29 13:43:06.304 [2712] HTTP returns status code=400



Two independent SEPMs are installed, A and B.

B is reconfigured as the replication partner of A via the Management Server Configuration Wizard but, while doing so, the option to use the recovery file is selected (this is the default option). 


Once the replication is done as described above and has completed and SEPMs are restarted, SEPM A got an inconsistent status by showing two different "kcs" values in its and in sylink.xml published for its groups. Replacing the sylink.xml for the already registered clients resolves the communication issue, however newly installed clients are unable to register and connect to SEPM A.

Reconfiguring an independent SEPM to become a replication partner is not compliant with Symantec's Best Practice for configuring a replication partner already during its installation.

The SEPM encryption password is configured when the SEPM is first installed as part of the Management Server Configuration Wizard. The client's encryption password is stored in its sylink.xml configuration file as the XML value "kcs".  If the value of "kcs" is not identical to the SEPM's encryption password, the SEP client will not be able to encrypt/decrypt communications to/from the SEPM.


Remove the SEPM which has been reconfigured to be a replication partner (B in the example).

Apply the disaster recovery process following Symantec's Best Practices on the compromised SEPM (A in the example) in order to restore it to its last working status:
Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

Reinstall SEPM B as a new replication partner of A.

Alternate: Disable the SEPM Service and replace the scm.agent.kcs value in on the SEPM with the value that is being pushed out in the sylink. Then restart the SEPM and push out another communication package.

Supplemental Materials


Article URL

Terms of use for this information are found in Legal Notices