How to Create a new "Reporting" Virtual Directory in IIS Manager for troubleshooting "Unable to Communicate with Reporting Component" issue

Hi Everyone - you've probably noticed there are a number of technical support people on the SEP community now - Aniket has created this article to help those of you getting "generic errors."  Let us know if this is helpful!

Eric

Thank you Ankit for the valuable article. I have faced the same problem but it was ressolved with the help of Symantec Technical Analyst.
With the help of this article many others will be able to ressolve without loggin a case in Symantec. Once again thank you from me and the entire community members.

Ajit

@Hear4U: Yes it was very helpful. Thanks for the initiative team. hope we have more of this in the near future.
With the support we are getting in Symantec Connect, it will decongest Symantec tech support form opening cases that are answerable in this site.

thanks. 

Such indepth knowledge articles are very helpful to foresee a potential problem. We can use those information as a preventive measure.

Would definately love to read more of such articles.

Ankiket, make those picture sizes smaller (option is availble, when you uplioad the picture).

which will make your article, more pleasent to eyes, and will not distract users.

For someone of my age, with my eyes, and my computer (notebook) I appreciate the larger image size personally. I'd like to see the forum format widened so that the messaging area isn't so narrow, and useful images can be posted more easily.

All the empty space to the right of this message is wasted, IMO.

How about using floating DIVs to allow this to wrap into that space and utilize it so I can see images that MY eyes can handle?

Not sure if this is what you are after Shadows, but we are utilizing a "fluid" layout that resizes the main body of the page to fit your browser window.  So if you have a large monitor the main area is actually quite large and fits those pictures perfectly.

However, this fluid layout does not work on Internet Explorer 6.  I don't need to go into a rant on the disaster that is IE6, but needleess to say it is not standards-complaint and therefore VERY difficult to design for.  If your company will allow we recommend using firefox, chrome, safari or even IE 7 & 8.  IE6 works, but due to it's weak rendering engine we can't make the fluid layout work properly.

As a web master and site designer myself - no need to mention IE6 at all! Good riddence to a bad browser.

Chrome is not secure, in our eyes, too many issues with it, there's been too many troubles.
Safari also isn't allowed. Even Apple and Mac users have suggested we don't allow it. I don't know too many who actually use it. My Mac using friends use Opera and Firefox - not safari. I tried it at home, it was a disaster and didn't properly display too many sites for me.
I agreee the fluid design does allow the site to expand with the browser window, however, I'm looking at between 20 and 25% gray space that's wasted while this column is only taking up the remaining percentage down here. It's squeezed over so that a small box can be displayed in the upper right corner. Would like to see content flow around and below that box so this message/post, for example, can take 100% of the space and not have all that gray wasted.
JUST AN OPINION!  ;-)

Nice descriptions. I've ran into this problem before as well. Does anyone know if there is anything posted up on the Symantec KB about this? If not, this should be included or linked there.

Hi folks,

Great suggestion for making this a KB article.  I'll see what I can do to ensuring this is included in the dB.

Best,

eric

Hi All,

Thanks a lot for taking interest in reading this article.

I have posed this article to be published in the symantec knoledge base as well. I will post a  comment on this article, when it gets published.

Cheers,
Aniket

Have you also done this for SAV?
Thanks for the great article.

If you use the Symantec Endpoint Protection Manager console on the Windows Server 2003 operating system with Internet Information Services (IIS) 6.0 installed, you may want to install Microsoft's FastCGI Extension for Internet Information Services 6.0.

For your convenience, the following FastCGI extensions are located in this folder:

■ fcgisetup32.msi, for use on 32-bit computers

■ fcgisetup64.msi, for use on 64-bit computers

For more information about FastCGI, see the information available at the following URL:

http://www.iis.net/fastcgi/phpon60

Run the setup for fcgisetupXX.msi on the computer on which you have Symantec endpoint protection installed.

After the installation is done navigate to C:\Windows\System32\inetsrv

Open fcgiext.ini with a text editor.

Add the following lines to the bottom of the file:

php=PHP

[PHP]

ExePath=<Drive>:\Program Files\Symantec\Symantec Endpoint Protection Manager\PHP\php-cgi.exe

Arguments=-c "<Drive>:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php.ini"

InstanceMaxRequests=10000

EnvironmentVars=PHP_FCGI_MAX_REQUESTS:10000

Save the changes to the file.

Now navigate to <drive>:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php.ini

Right click on php.ini and uncheck "Read only" and click on OK. Then open the file and add the following lines to the bottom of the file:

fastcgi.impersonate=1
fastcgi.log=0

Save the changes to the file and close it. Again open properties php.ini and check the "Read only" box and click on OK.

Click Start>Control Panel>Administrative Tools>Internet Information Services (IIS) Manager

In the navigation tree, under Web Sites, under Default Web Site, right-click Reporting, and then select Properties.

On the Virtual Directory tab, click Configuration. On the Mappings tab, under Application extensions, click the executable path, for the extension .php and then click Edit.

Change the path to C:\windows\system32\inetsrv\fcgiext.dll

Or %WINDIR%\system32\inetsrv\fcgiext.dll

Where you replace %WINDIR% with the definition of %WINDIR% on your computer.

The people behind the scenes also deserve a pat on the back.

Many thanks to the team that made the documentation for working around the PHP issues by installing FastCGI. The steps that Siddharth has given are available in a PDF File on the CD2 of the SEP download, in the FastCGI folder.

Here's a cheers to you guys !!!!!

 Hi Aniket,

This is a great article Mate and will definitely reduce the number of calls for  "Unable to communicate to reporting component" issues.

Hi,

I appreciate the efforts taken by Aniket to create such a wonderful article.

I worked on issue where user was trying to access reporting component from a remote computer.
by using URL-http://<ip of SEPM>:8014//reporting
he was getting message--"Forbidden-the request will not be fulfilled"

I followed the instructions mentioned above to create a new virtual directory and issue was resolved.

Thanks A lot for  sharing this valuable information.

Cheers!!

Thanks Aniket for the usefull article.

I am having a similar problem. I followed the instructions of creating a new virtual directory in the article mentionned above but I did not get any error msg. all I have is a blank page.
I right clicked on the new virtual directory created , signed on with username and password and then no error.

But my problem still exist, You get an error "Unable to Communicate with reporting Component" while logging into Symantec Endpoint Protection manager.

Regards,

Hani,

Hay,

Thanks a lot for writing.

If you login to the symantec page after browsing reporting component, and get a blank page, it means that the database is unable o process that authentication request.
PLease chec the ODBC connection and let us know if the issue is resolved.

Testing the ODBC Connection

Note: On a 64-bit computer, a 32-bit DSN is created and is accessible via (by default) C:\Windows\SysWoW64\Odbcad32.exe.

For an embedded (Sybase) database
1. Verify that the Symantec Embedded Database service is running and that the dbsrv9.exe process is listening on TCP port 2638
2. Test the ODBC connection.
1. Open Control Panel > Administrator Tools
2. Double click Data Sources (ODBC)
3. On the System DSN tab, double-click SymantecEndpointSecurityDSN
4. Go through the wizard to ensure the following settings:

Name: SymantecEndpointSecurityDSN
Description: <Anything>
Server: Servername\InstanceName (Can be blank as it is localized, otherwise specify the default: sem5)
Login ID: dba
Password: <password>
5. Leave the defaults for the rest of the items and click Finish
6. Click Test Data Source , it should return "Success"
7. Click OK
For an SQL database
1. Verify the following:
o You specified a named instance during installation and configuration. For example: \\<server name>\<instance name>
o The SQL Server is running and properly configured
o The network connections between Symantec Endpoint Protection Manager and the SQL database.
2. Test the ODBC connection.
1. Open Control Panel > Administrator Tools
2. Double click Data Sources (ODBC)
3. On the System DSN tab, double-click SymantecEndpointSecurityDSN
4. Go through the wizard to ensure the following settings:

Name: SymantecEndpointSecurityDSN
Description: <Anything>
Server: Servername\InstanceName (Only enter the server name or IP address if using the default instance)
Login ID: sa
Password: <password>
5. Leave the defaults for the rest of the items and click Finish
6. Click Test Data Source , it should return "Success"
7. Click OK

Unable to communicate with the reporting component after logging into the Symantec Endpoint Protection Manager
http://service1.symantec.com/support/ent-security....

Hoe this helps.
Cheers,
Aniket

Hi,

I have already tested that and the connection was successful. I am using embeded database. Any other suggestions?

Thanks,

Hani,

Check if changing the identity of the default application pool to Local system, make any difference.

No difference.

No difference. Just to mention that I can log on to the other tabs like Policies, Clients, and Admin in SEPM with no errors. The problem is only with Home, Monitors and Reports.

Please check the scm-server-server-0.log and check the exact HTTP error message. 
Rebooting the server (if possible) is another step you can try.

Humm I checked the scm-server-server-0.log file and here is the output. 
 
2009-06-23 16:36:44.589 SEVERE: Unknown Exception in: com.sygate.scm.server.task.ScheduledReportingTask
java.io.IOException: Server returned HTTP response code: 500 for URL: http://localhost:8014/Reporting/reports/sr-login.php
at sun.reflect.GeneratedConstructorAccessor20.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1225)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1219)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:906)
at com.sygate.scm.server.task.ScheduledReportingHelper.doRequest(ScheduledReportingHelper.java:344)
at com.sygate.scm.server.task.ScheduledReportingHelper.doIntegratedLogin(ScheduledReportingHelper.java:465)
at com.sygate.scm.server.task.ScheduledReportingTask.run(ScheduledReportingTask.java:135)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.io.IOException: Server returned HTTP response code: 500 for URL: http://localhost:8014/Reporting/reports/sr-login.php
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:1961)
at com.sygate.scm.server.task.ScheduledReportingHelper.storeCookie(ScheduledReportingHelper.java:772)
at com.sygate.scm.server.task.ScheduledReportingHelper.doRequest(ScheduledReportingHelper.java:341)
... 4 more

Thanks,

Authenticated Users are missing in the Security tab for permissions to the Symantec Endpoint Protection Manager Folder.

Follow the steps below to solve this issue:
Click My Computer> Windows Explorer and browse to the following folder:
C:\Program Files\Symantec

Right-click the Symantec Endpoint Protection Manager folder and select Properties.
Select the Security tab.
If "Authenticated Users" does not appear in the list of user names click Add and add "Authenticated Users."
Click OK.
Ensure the "Authenticated Users" group has at least "Read and Execute", "List Folder Contents" and "Read" permissions.
Click Advanced, and then uncheck the "Allow inheritable permissions from the parent to propogate... " option.
Click Apply and if prompted to Copy or Remove, click Copy.
Select to enable the Replace permission entries on all child objects with entries shown here... option
Click Apply> OK.

Hi Aniket,

I followed what you mentionned above. "Authenticated Users" group has at least "Read and Execute", "List Folder Contents" and "Read" permissions.
already. I just Select to enable the Replace permission entries on all child objects with entries shown here... option and Click Apply> OK.

This is the new output from scm-server-server-0.log file :

2009-06-24 08:22:08.867 SEVERE: Unknown Exception in: com.sygate.scm.server.task.ScheduledReportingTask
java.io.IOException: Server returned HTTP response code: 500 for URL: http://localhost:8014/Reporting/reports/sr-login.php
at sun.reflect.GeneratedConstructorAccessor20.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1225)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1219)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:906)
at com.sygate.scm.server.task.ScheduledReportingHelper.doRequest(ScheduledReportingHelper.java:344)
at com.sygate.scm.server.task.ScheduledReportingHelper.doIntegratedLogin(ScheduledReportingHelper.java:465)
at com.sygate.scm.server.task.ScheduledReportingTask.run(ScheduledReportingTask.java:135)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.io.IOException: Server returned HTTP response code: 500 for URL: http://localhost:8014/Reporting/reports/sr-login.php
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:1961)
at com.sygate.scm.server.task.ScheduledReportingHelper.storeCookie(ScheduledReportingHelper.java:772)
at com.sygate.scm.server.task.ScheduledReportingHelper.doRequest(ScheduledReportingHelper.java:341)
... 4 more

Same problems remains.

Thanks,

Why don't you try replacing the IUSR by any domain user in the directory security tab?  Make sure that you click on the "check names" button to get the fully qualified username.
right click on the server, ->all tasks->save configuration to disk

Then restart IIS manager service. After that try to login. Let us know the results.

 This steps is to check if the IUSR account password is not valid or if the account is corrupted.

Aniket

The IUSR account is specifically meant only for ANONYMOUS USER Access, and is not supposed to be tampered with. You can't simply go and change the IUSR at will or play around with the permissions. It's an absolute NO-NO.

Try to change the AppPool settings from Network Service to Local System and see if that gives any indication of whats wrong. If changing the AppPool identity gets the issue resolved, that'd mean that there are not enoug privileges for the Application to run.

Also, HTTP 500 also signifies ODBC settings issues, OR a permission issue on the SEPM Installation Folder. Trt checking the SEPM installation folder permissions and see if the IUSR account has got read / execute permissions on the same.

Hi Guys,

I installed the SQL anywhere 9 on the server to access the embedded database and I have someting different when I log in. No more errors but it goes to HOME for a while then goes back to the logon screen again.

Can I just try to repair the SEPM installation or it will screw up everything?

Thanks,

Hani,

He guys,

Well no more responses from you. Anyway I had my probem solved by openning a case with symantec.
Had me repair the installation and the issue was fixed.

Thanks again, 

Hani

Note: do not install SQL anywhere 9 on symantec server. This is where my problem started. Symantec has no support for it.