Endpoint Protection

 View Only

  • 1.  SEPM 12.1.5 php error in event log and home tab issues.

    Posted Feb 02, 2015 04:26 PM

    I just upgraded our SEPM 12.1.1 server update 12.1.5 over the weekend due an issue where Live update suddenly not being able to correctly download defs for SEP 12.1, both 32-bit and 64-bit. Upgrading appeared to resolve this issue but now I am encountering a new matter.

     

    Since upgrading I now see the below in the Application event log each time the SEPM console is started:

     

    Faulting application name: php-cgi.exe, version: 5.4.24.0, time stamp: 0x5390f801
    Faulting module name: php_curl.dll, version: 5.4.24.0, time stamp: 0x5390f808
    Exception code: 0xc0000005
    Fault offset: 0x0003aa07
    Faulting process id: 0x161c
    Faulting application start time: 0x01d03f29af2e385b
    Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\php\php-cgi.exe
    Faulting module path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Php\ext\php_curl.dll
    Report Id: 190ee423-ab1d-11e4-96b7-005056a466a6

    I have spent hours atttempting to resolve this matter, unfortunately support has not been responsive yet on this matter.

    I have since found the following KB (http://www.symantec.com/business/support/index?page=content&id=TECH191091) which appears to be the cause of the issue I have encountered.

    Now i ask, why would Symantec make such a change whereby SEPM must have DIRECT access to get to Symantec.com without a proxy?
    Furthermore why was not made more clear in the requirements when upgrading? This surely has a big impact for many companies?
    Why not leave the previous option for those who require it?

    In our case we will not be able to do this due to company policy. Now we are left with a broken console that does not correctly display information and occassionaly errors.

    Has anyone found a work around for this so that SEPM can function correctly without needing direct internet access?



  • 2.  RE: SEPM 12.1.5 php error in event log and home tab issues.

    Posted Feb 02, 2015 04:37 PM

    Being that this was a code change, I don't believe there would be a workaround. Do you have SE you can get in touch with to get it put to a higher priority?



  • 3.  RE: SEPM 12.1.5 php error in event log and home tab issues.

    Posted Feb 02, 2015 06:56 PM

    I had already esclated the issue to support but yet to ge any reply.
    I will update.



  • 4.  RE: SEPM 12.1.5 php error in event log and home tab issues.

    Posted Feb 03, 2015 05:11 AM

    Whats the event ID? 1000?

    Symantec Endpoint Protection Manager 12.1 records "Event ID 1000: Faulting application php-cgi.exe"

    http://www.symantec.com/business/support/index?page=content&id=TECH164235



  • 5.  RE: SEPM 12.1.5 php error in event log and home tab issues.

    Posted Feb 03, 2015 11:47 AM

    Thank you for your reply. Yes, it is "Event ID 1000" (sorry, I should have specified that in my original post).

    I had also found the KB you are referencing and tried it but to no avail, the issue persists. I also do not get the pop up dialog that appears in that KB.

    I find it quite bizarre that Symantec would make such a big architecural change to SEPM yet not make this apparent up front to their customers so they can then consider whether to deploy it or not. Had I known this to be the case I would not have upgraded and we would be looking for a different solution. Now I have a borked SEPM console and need to find a way to resolve it. I am sure others have had this same issue.



  • 6.  RE: SEPM 12.1.5 php error in event log and home tab issues.

    Posted May 06, 2015 02:55 PM

    I too spent a few hours on the phone with symantec, about this same issue. Well it didn't start out as this issue, but after trying all that Symantec suggested, I check the logs and found the error. I am supposted to get a call back tomorrow. We will see how that goes. If it get fixed I'll update this page. I copied the post above and sent it to the support tech, so we will see.