Video Screencast Help

Need SEPM to stop using port 80.

Created: 05 Dec 2007 • Updated: 21 May 2010 | 3 comments
DarkHorseSki's picture
The server that SEPM must be installed on has a database app that needs port 80 for management purposes (and this can not change).  Now, you can aim IIS web services to another port (which I did by choosing 8888) and you can tell SEP that it is supposed to communicate with IIS via that port by editing the conf.properties file under the tomcat\etc directory  (add a line "scm.iis.http.port=8888")  However, if you do a netstat -an prior to installing SEPM, you will see that port 80 is not in use, and after SEPM is installed port 80 is in use, but port 8888 now is in use.  (It doesn't matter if you do a custom web server or use the default.)  This action is bound into the iis webservice as removing SEPM does not eliminate this, but only removing the web service and re-adding it will eliminate this.  (BTW, this is a 2k SP4 server, can't change that either.)
 
Now why does this matter, you may ask.  Because, if I install the DBTool and give it access to port 80, as long as that is true, you can not manage the SEPM (can't login, "verify server or port" error) and port 8443 (or whatever custom port you may have chosen if you changed it, I know, I have tried this many times.) no longer even appears as a listening port once port 80 is given to the other app.
 
How do I get SEPM to stop needing port 80?
 
I should point out that I have a ticket open with Symantec and I can fully replicate this at will.  The Symantec folks have been working on it for 2 days now so I am hoping that somebody else has perhaps already conquered this issue as they are rather stumped.



Message Edited by DarkHorseSki on 12-05-2007 03:07 PM

Comments 3 CommentsJump to latest comment

Eck's picture
I agree with you that this is an issue that needs to be corrected, however, is there a reason that SEPM has to be installed on *THAT* server?  I try to either pick a server that has no web applications on it or install SEPM to a 'Management' workstation (just a workstation that's not being utilized by a user).
DarkHorseSki's picture
Yes, SEPM must be installed on this server.  This is a government type of situation where they have hundreds of these small networks that need to be protected from users bringing virii into them.  The networks are not connected to the Internet, but they only have one box (this particular box) that is not a 2000 pro box.  Since you can't install SEPM on 2k Pro, it has to be this box.  They can't add another box due to the bureacracy.
 
The solution, aside from what I wrote above (editing the tomcat\etc file to include the scm.iis.http.port=8888 line) is that you have to go back into the IIS website (custom or default) and go to the advanced button and remove the port 80 listener that the SEPM install added to the website (it added it in addition to the port that you had moved the default website to use).
 
That resolves the issue and allows their service to run on 80 and allows the SEPM to be accessible and functional.  After that, you need to modify the management server policy to point the clients to the proper http port on the server too.
Eck's picture
Great information.  Thank you for posting the resolution.  I figured there was good reason that it had to be that box; you just peaked my curiosity ;)