SEPM can't login to console
Created: 04 Feb 2013 | Updated: 05 Feb 2013 | 17 comments
This issue has been solved. See solution.
Hi,
I had some issues with SEPM using up the remaining 160GB on my HDD, I wiped the logs by running the following script:
net stop "Symantec Embedded Database"
net stop semsrv
rem DELETE EXISTING LOG FILE
CD "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db"
del /f "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\sem5.log"
rem FORCE RECREATION OF SEM5.LOG FILE
CD "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\ASA\win32\"
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv11" -f "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\sem5.db"
rem RESTART semp AND SEMDB SERVICES
net start "Symantec Embedded Database"
net start semsrv
rem END OF SCRIPT
Both before and after this I could not login into the SEPM console. When I do I get prompted for a certificate which I didn't before the issue and when I hit accept I get "unexpected server error" I took a further look into this and the SEPM webserver service is no longer started and in event viewer I get the following 3 errors: Apache Service, event ID 3299, description:
The Apache service named reported the following error:
The Apache service named reported the following error:
>>> Unable to open logs .
The Apache service named reported the following error:
>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:8014 .
and an application error, event ID 1000
Faulting application name: httpd.exe, version: 2.2.22.4, time stamp: 0x4f71ed81
Faulting module name: secreg.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f8fc399
Exception code: 0xc0000005
Fault offset: 0x6ea994d0
Faulting process id: 0x18cc
Faulting application start time: 0x01ce02bac3ab2482
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
Faulting module path: secreg.dll
Report Id: 1850375b-6eae-11e2-9bb1-0019bb32df48
>>> Unable to open logs .
I found this article https://www-secure.symantec.com/connect/forums/sep-12-semsvcexe-keeps-terminating but I am not keen on re installing SEPM especially if it means reinstalling all of the clients. I've rebooted the server and still get this issue. Suggestions please?
Cheers
James
Discussion Filed Under:
Comments 17 Comments • Jump to latest comment
are the SEPM services and DB services started?
can you look into the tomcat logs?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
The SEPM and DB services start, then I try to login and the web server service crashes. Which tomcat log should I look at?
can you check this link and confirm if it helps
http://symantec.com/docs/TECH181453
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi Pete,
I gave that a go and I still get the same error when I log into the console however in event viewer I am getting this message: source: semsrv, Event ID 4096: The Java Virtual Machine has exited with a code of -1, the service is being stopped.
Cheers
James
HI,
Check this artical
Symantec Policy Manager service stops with a Java -1 error in the event log
Check this thread
https://www-secure.symantec.com/connect/forums/sepm-keeps-disconnecting-semsrv-4096-error-server
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
is the web service started?
can you look into the scm-server-0.log?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
hi,
Also Check this thread
https://www-secure.symantec.com/connect/forums/aft...
John Solution
go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\ROOT\clientpkg, install the jre-6u31-windows-i586.exe file into the default directory and then go to C:\Program Files\Java\jre6, copy and paste the the lib and bin directories, then
Overwrite the lib and bin directories under C:\Program Files\Symantec\Symantec Endpoint Protection Manager\jre
after that run the Management Server Configuration Wizard.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
I had tried your second suggestion @shish and I am still getting the same thing in event viewer. The service starts, runs for around 10 seconds and then crashes again.
I was about to attach the scm-server-0.log but it seems that it is not being written to when the service starts even with scm.log.loglevel=fine set in the conf.properties file. The only thing in the logs is about a lack of disk space which has since been resolved. I can post them anyway if you would like?
I had a look through http://www.symantec.com/business/support/index?page=content&id=TECH103335 but IIS is something I'm not great with! Furthermore I use the Symantec Internal database which rules out SQL problems?
HI,
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
I ran a repair but I am still getting the same behaviour logs still aren't being written to and the webservice will not start
HI,
You can try to disater recovery process
Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager
Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
have you freed up space on the server?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Could you check the “httpd.conf” on which port is the apache is listening?
The path is “C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Apache\conf\”.
Is there another web application using the configured port(s)?
Hi Pete,
I have freed up space, 160GB of it! This error was happening both before and after the drive filled up/was emptied/
Lue500 After doing a netstat -an there is nothing listening on that port
Hi apie2004
have a look in the TCP configuration.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
> MaxUserPort
Default is 5000. You can set this up to 65534.
Just check the status for the connections if there are some ports with status Time_Wait or Close_Wait.
If so, change the settings for the TCP service.
TCPTimedWaitDelay
http://technet.microsoft.com/en-us/library/cc938217.aspx
Could you check the content of the "conf.properties" (path>\symantec\symantec endpoint protection manager\tomcat\etc)?
I called Symantec Support and they followed this article http://www.symantec.com/business/support/index?page=content&id=TECH181655 All seems to be working now.
Would you like to reply?
Login or Register to post your comment.