Video Screencast Help

Things you can do with Conf.properties file and Server.xml file in SEPM

Created: 08 Oct 2009 • Updated: 02 Nov 2009 | 4 comments
Language Translations
Rafeeq's picture
+14 14 Votes
Login to vote
Hello All,
 
I would like to share the few configuration options which can be setup in the conf.properties file.
 
Changing Port number in IIS
_______________________________________________________________________
Any time when you decide that you want to change the port number Symantec manager uses in IIS, due to a security concern you may follow this step.
First you need to change the port number in IIS
 
Stop the "Symantec Endpoint Protection Manager" service.
Open IIS.
Right-click the Web site on which Symantec Endpoint Protection Manager resides.
Click Properties.
Under TCP port, enter the HTTP port number you want to use.
Once this is done, we need to write a line in the conf.properties file.
 
Go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\etc\conf.properties
Check for the following line in the conf.properties file. Add the line to the bottom of the file if it does not already exist.
scm.iis.http.port=8018
 
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111212591048
 
If you want to configure HTTPS for SEPM
 
Add the following two lines to the bottom of this file:
scm.use_https=1
scm.iis.https.port=443
 
Symantec Document: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082314220048
 
 
 
 
Changing the virus definitions content value
_______________________________________________________________________
Sometimes old virus definitions do not get purged and we need to clean the database in that case, adding this line in the conf file would help you to save some space.
 
Go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\etc\conf.properties
Now add.
scm.lucontentcleanup.threshold=1 (no of revisions)
 
Cutting down the CPU usage for SEMSRV.exe
_______________________________________________________________________
When new defs are downloaded or during data purge Symantec manager process uses lot of CPU, you can limit the CPU usage by adding this line
scm.delta.cpu.usage=0.5
Decimal number between 0 and 1, where 1 represents 100% usage and 0.5 represents 50% usage.
 
Symantec Document:http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216360648
 
Changing Radius port
_______________________________________________________________________
The Symantec Endpoint Protection Manager uses Radius communication and requires port 1812 to be available for the Enforcer sometimes you will get error message while installing SEPM like
"Error: "Port 1812 is already in use. Stop your Radius server if you have the Enforcer installed." while installing Symantec Endpoint Protection Manager"
 
To overcome this you need to add this line.
 
scm.radius.port=xxxx
 
Where xxxx is the desired port number
 
Symantec Document:http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111411152348
 
Changing Backup location
_______________________________________________________________________
 
If SEPM is installed on drive C by default the backup location will be C in case if you are running out of space on C drive, you can use this configuration.
 
Open conf.properties file.
 
Change the drive letter
 
scm.agent.root=C\:\\Program Files\\Symantec\\Symantec Endpoint Protection Manager\\data
 
If you want on D it would be
 
scm.agent.root=D\:\\Program Files\\Symantec\\Symantec Endpoint Protection Manager\\data
 
Now all your backups will be on drive D
 
Collecting SEPM logs for debugging
_______________________________________________________________________
If you want to generate additional logs for troubleshooting SEPM, you need to set the log level in the conf.properties file
 
To debug SEPM notifications, add 
scm.mail.troubleshoot=1
 
To create logs
 
scm.log.loglevel=fine
 
Detailed log files will now be saved in the folder
C:\Program Files\Symantec\Symantec Policy Manager\tomcat\logs\
 
Symantec Document: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007133987546098
 
To change the port number that is used for remote Symantec Endpoint Protection Manager Console
_______________________________________________________________________
Open the conf.properties file from: "tomcat\etc\conf.properties" in Notepad and change the scm.http.port=9090
You need to change the port number in server.xml file too.
 
Open the file "...\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml" with WordPad or a similar editor.
 
 
In the file you opened, locate the <Service name="SCM"> element.
Locate the <Connector acceptCount> subelement that has the port attribute equal to 9090.
 
The <Service name="SCM"> element contains more than one <Connector acceptCount> subelement.
 
Change the 9090 in the port=9090 attribute to the port number you want to use for remote login
 
Symantec Document:http://service1.symantec.com/support/ent-security.nsf/docid/2008020815241748
 
 
 
Changing tomcat port 8005 in SEPM
_______________________________________________________________________
In case of port conflict with tomcat 8005, SEPM service would not start and you would get Java-1 in the event log.
To change the port number.
Right-click the server.xml file and click edit to modify the file:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml)
 
For conflicts with port 8005, change the port to another unused port:
port="8006"
 
Symantec Document:http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100309555748
 
 
 
 
 
 
 
 

Comments 4 CommentsJump to latest comment

shp's picture

Good one....  

Regards,
Srinivas H.P.
HCL Infosystems Ltd

0
Login to vote
Mithun Sanghavi's picture

Hello Rafeeq,

 

Thats a good one..

Every thing about the Conf.properties file and Server.xml file  has been added here...

I would recommend this to everyone..!!!

Cheers

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote
mon_raralio's picture

Hi,

Does the service needs restarting after the changes or does it get detected in realtime?

“Your most unhappy customers are your greatest source of learning.”

0
Login to vote
atshul's picture

when i am chenging backup loacation then it gives an failed message in exsecars.log file

Error Message :-

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\SubmissionsMan

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\RepMgtMan

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\RebootMgrMan

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\NacMan

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\LocalRep

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\LUMan

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\GUP

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\CommonMan

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\CidsMan

failed to create dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\BashMan

 

some other types of messages are shown in the file as we set the path of backup folder e.i. 

scm.agent.root=H\:\\SYMANTEC DATA   it is our changed path.

please reply ASAP.

Regards,

 

Atul Sharma

 

 

0
Login to vote