Video Screencast Help

IUSR account in SEP

Created: 08 Sep 2010 • Updated: 14 Oct 2010 | 45 comments
This issue has been solved. See solution.

Just would like to ask if except from the Directory Identities located on IIS /reporting web server

is there any other use for this account?  Can you give us a list of it's uses?

Because we are considering to reset this account for an issue on our SEPM.

Hoping for your response

Thanks in advance

Comments 45 CommentsJump to latest comment

P_K_'s picture

Yes , you can create a Windows user and make him the member of the guest groups

Title: 'SEPM login revert to login screen'
Document ID: 2008081302490248
> Web URL: http://service1.symantec.com/support/ent-security....

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

securityguard's picture

Sir Just to follow-up is IUSR connected with the SEPM service stopping after few seconds?

What might be the possible cause?

Thank You

P_K_'s picture

Do you mean to say that that after chnaging the the user name SEPM service has stopped?

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

securityguard's picture

Using IUSR:

Before we change the identity we were already having a problem with SEPM service stopping

that's why base on some forums here in symantec connect and some experience done when we has a symantec support help thru webex

We tried to change the account IUSR with our domain account.  At first it worked but now it is again having the same problem.

Thats why we are asking if it is ok if we reset the password for IUSR

Thank You

 

P_K_'s picture

Yes , it is OK to reset password for IUSR. There is no issue with that.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

AravindKM's picture

Attach the scm-server-0.log which is present in Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\logs

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

Hi Sir Aaravind

Here is what is in the scm-server-o.log

Thank You

2010-09-09 12:00:01.792 SEVERE: ================== Server Environment ===================
2010-09-09 12:00:01.792 SEVERE: os.name = Windows 2003
2010-09-09 12:00:01.792 SEVERE: os.version = 5.2
2010-09-09 12:00:01.792 SEVERE: os.arch = x86
2010-09-09 12:00:01.792 SEVERE: java.version = 1.6.0_14
2010-09-09 12:00:01.792 SEVERE: java.vendor = Sun Microsystems Inc.
2010-09-09 12:00:01.792 SEVERE: java.vm.name = Java HotSpot(TM) Server VM
2010-09-09 12:00:01.792 SEVERE: java.vm.version = 14.0-b16
2010-09-09 12:00:01.792 SEVERE: java.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\jdk\jre
2010-09-09 12:00:01.792 SEVERE: catalina.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat
2010-09-09 12:00:01.792 SEVERE: java.user = null
2010-09-09 12:00:01.792 SEVERE: user.language = en
2010-09-09 12:00:01.792 SEVERE: user.country = US
2010-09-09 12:00:01.792 SEVERE: scm.server.version = 11.0.5002.333
2010-09-09 12:00:04.354 SEVERE: Unknown Exception in: com.sygate.scm.server.servlet.StartupServlet
com.sygate.scm.server.util.ScmServerError: This server is not registered, please run Server Configuration Assistant to register server!
at com.sygate.scm.server.servlet.StartupServlet.registerServer(StartupServlet.java:279)
at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:85)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)

AravindKM's picture

" This server is not registered, please run Server Configuration Assistant to register server!"

In SEPM go to programs--->Symantec Endpoint Protection Manager--->management server configuration Wizard and reconfigure your server....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

Sir

We have ran the server configuration wizard but still the sepm service is still stopping.

We have tried to restart the server and still the same

We have checked the scm-server-0.log and here is now the result

Thank You

2010-09-09 13:51:47.388 SEVERE: ================== Server Environment ===================
2010-09-09 13:51:47.404 SEVERE: os.name = Windows 2003
2010-09-09 13:51:47.404 SEVERE: os.version = 5.2
2010-09-09 13:51:47.404 SEVERE: os.arch = x86
2010-09-09 13:51:47.404 SEVERE: java.version = 1.6.0_14
2010-09-09 13:51:47.404 SEVERE: java.vendor = Sun Microsystems Inc.
2010-09-09 13:51:47.404 SEVERE: java.vm.name = Java HotSpot(TM) Server VM
2010-09-09 13:51:47.404 SEVERE: java.vm.version = 14.0-b16
2010-09-09 13:51:47.404 SEVERE: java.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\jdk\jre
2010-09-09 13:51:47.404 SEVERE: catalina.home = E:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat
2010-09-09 13:51:47.404 SEVERE: java.user = null
2010-09-09 13:51:47.404 SEVERE: user.language = en
2010-09-09 13:51:47.404 SEVERE: user.country = US
2010-09-09 13:51:47.404 SEVERE: scm.server.version = 11.0.5002.333
2010-09-09 13:51:50.779 SEVERE: ================== StartClientTransport ===================
2010-09-09 13:51:51.013 SEVERE: Unknown Exception in: com.sygate.scm.server.servlet.StartupServlet
java.lang.Exception: HTTP 401 Unauthorized, URL: http://localhost:8014/secars/secars.dll?action=34
 at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:626)
 at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:147)
 at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:106)
 at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
 at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
 at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
 at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
 at org.apache.catalina.core.StandardService.start(StandardService.java:450)
 at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
 at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
 at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)
com.sygate.scm.common.communicate.CommunicationException: Unexpected server error. ErrorCode: 0x10010000
 at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:650)
 at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:147)
 at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:106)
 at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
 at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
 at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
 at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
 at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
 at org.apache.catalina.core.StandardService.start(StandardService.java:450)
 at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
 at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
 at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)

P_K_'s picture

Failed to connect to server" message during login and the scm-server-0.log file shows '401 Unauthorized' errors.

http://service1.symantec.com/SUPPORT/ent-security....

Title: 'Java -1 error in event viewer, SemSrv will not stay in started state. "Failed to connect to server" message during login, scm-server-0.log file shows '401 Unauthorized' errors.'
Document ID: 2009011616184048
> Web URL: http://service1.symantec.com/support/ent-security....

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

securityguard's picture

Sir

have added authenticated user and given the permissions but still the same error and same logs on scm-server-0.log

Thank You

AravindKM's picture

Do you followed ""Java -1" error in event log and the error "Failed to connect to server" at login, with HTTP 401 in scm-server-0.log, HTTP 401 1 0 in IIS Logs" KB?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Mahesh Roja's picture

Arvind your talking about this KB

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101518485148

If this Info helps to resolve the issue please Mark as Solution

Thanks

securityguard's picture

Just finish the steps on the KB you have given

it showed :

Property anonymoususerpass found at:

W3SVC

which from the kb shows that it is in the right location right?

Thank You

AravindKM's picture

Try this now
Restart the IIS Admin service
Go to Start > Run > Type IISRESET
Click OK.
Start the Symantec Endpoint Protection Manager service
Go to Start > Run > Type Services.msc
Right Click on Symantec Endpoint Protection Manager Service and select Start.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

Sir Aravind

Service still stops and 401 error is still on the scm-server-0.log

Thank You

AravindKM's picture

Try this once
Failed to connect to the server while logging on to the SEPM

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

Have tried this sir but it didnt work as well

Thank You

securityguard's picture

We are thinking of reinstalling IIS and SEPM will that be a good idea?

But ofcourse we hope this would be our last resort

Thank You

P_K_'s picture

Go the propery of the IUSR, and Open the Account tab
Click the Logon Hours button and Set to Logon Permitted
Click OK.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

AravindKM's picture

Before to that try this also one give read and write permission to IUSER to following folders
\Program Files \Symantec\Symantec Endpoint Protection Manager
\Program Files \Symantec\Symantec Endpoint Protection Manager\Inetpub and its sub folders
C:\Inetpub and its sub groups...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

If above suggestions not helps reinstall IIS and do a repair for SEPM from add/remove programs...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

The steps above still doesnt work? 

Hoping for more of your response

Thank You Very much for a fast response

AravindKM's picture

You mean you reinstalled the IIS?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

If no more suggestion we will now push through with the reinstallation both for SEPM and IIS

Mahesh Roja's picture

 refer this KB

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-manager-console-service-stop#comment-2731011

If this Info helps to resolve the issue please Mark as Solution

Thanks

AravindKM's picture

Do you checked the above permissions?If yes once try by using Symantec Endpoint Protection Support Tool.It may show you any permissions issue you have .Have a look at this KB
About the Symantec Endpoint Protection Support Tool

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

Sir

Have already reinstalled IIS and SEPM, but still the service for SEPM stops

in scm-server-0.log still error 401 is reflected

Just wanted to inquire if this issue is mainly an authentication problem?

Thank You

Mahesh Roja's picture

"Enable Anonymous Access" has always been checked in IIS

If this Info helps to resolve the issue please Mark as Solution

Thanks

Mahesh Roja's picture

The permission of C:/ProgramFiles/Symantec folder

If this Info helps to resolve the issue please Mark as Solution

Thanks

securityguard's picture

On what locations or folders in IIS ?

securityguard's picture

Sorry sir but yes we have already checked or enabled anonymous access.

and have already tried adding permissions of the SEPM folders.  Basing from the post given by Sir Prachand and Sir Aravind

Thank You

Mahesh Roja's picture

open iis
right click on symatnec web server
properties
directory security
check integrated windows authentication
restart sepm service
try to log in now

Then Also not getting follow the below doc and see

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/2b432247a8881722652576040040e28e?OpenDocument

If this Info helps to resolve the issue please Mark as Solution

Thanks

SOLUTION
securityguard's picture

Just wanted to know the reason behind as to why SEPM service stops.

AravindKM's picture

Http error 401 - Access denied
Do you tried SEP support tool?Is it given you some error?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

securityguard's picture

Hi Maheshroja

We are now able to log in to SEPM server and SEPM service doesnt stop anymore

Steps Taken:

1) The one you have given
open iis
right click on symatnec web server
properties
directory security
check integrated windows authentication
restart sepm service
try to log in now

but we also need to change the permission on

2) Reporting> Directory Security under Symantec Web Server
to an admin account and also clicked on Integrated Windows Authentication

But after this , since we have reinstalled everything, do we:

1) Wait for SEPM to read all the data from SQL?
2) Do we need to restore any backup?

Thank You Very Much

 

AravindKM's picture

Thank you for sharing the information...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

Since you are facing problem even after reinstalling IIS and SEPM I think the problem is related to your GPO.Any GPO is applied to symantec services?
You can check this as follows
start run & type rsop.msc- it will open a new window.
--> Under computer configrations go to windows setting-- then security setting & click on the system services.. On the right hand side find SEP serivices & check if there is any thing under stratup??

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Mahesh Roja's picture

If want to restore the old database which you have 
You can restore and see.

If this Info helps to resolve the issue please Mark as Solution

Thanks

AravindKM's picture

If you reinstalled SEPM and you need to to connect all the back you have to follow this procedure
Best Practices for Disaster Recovery with Symantec Endpoint Protection

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Mahesh Roja's picture

Security gaurd have your problem resolved?

If this Info helps to resolve the issue please Mark as Solution

Thanks

securityguard's picture

We have just finish restoring the backup and have seen some data but we have to monitor more on the recovery of data

We will keep you posted on future updates

Thank You Very Much

You all have been much help to us

securityguard's picture

Hi Sirs

Sorry for the late reply , so far our SEPM is up and running, all the credentials and client data is restored so far

But the problem is, it seems that out clients still hasnt made connection with the server since last thursday

Hoping for your suggestions

Thank You

Mahesh Roja's picture

Hi Thanks For update..

If this Info helps to resolve the issue please Mark as Solution

Thanks