Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SEPM can't login to console

Created: 04 Feb 2013 • Updated: 05 Feb 2013 | 17 comments
This issue has been solved. See solution.

Hi,

 

I had some issues with SEPM using up the remaining 160GB on my HDD, I wiped the logs by running the following script:

 

 

 
net stop "Symantec Embedded Database"
net stop semsrv
 
rem DELETE EXISTING LOG FILE
 
CD "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db"
 
del /f "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\sem5.log"
 
rem FORCE RECREATION OF SEM5.LOG FILE 
 
CD "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\ASA\win32\"
 
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv11" -f "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\sem5.db"
 
rem RESTART semp AND SEMDB SERVICES
 
net start "Symantec Embedded Database"
 
net start semsrv
 
rem END OF SCRIPT

 

 

Both before and after this I could not login into the SEPM console. When I do I get prompted for a certificate which I didn't before the issue and when I hit accept I get "unexpected server error" I took a further look into this and the SEPM webserver service is no longer started and in event viewer I get the following 3 errors: Apache Service, event ID 3299, description:

The Apache service named  reported the following error:

 

 

The Apache service named  reported the following error:
>>> Unable to open logs     .
 
The Apache service named  reported the following error:
>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted.  : make_sock: could not bind to address 0.0.0.0:8014     .
 
and an application error, event ID 1000
 
Faulting application name: httpd.exe, version: 2.2.22.4, time stamp: 0x4f71ed81
Faulting module name: secreg.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f8fc399
Exception code: 0xc0000005
Fault offset: 0x6ea994d0
Faulting process id: 0x18cc
Faulting application start time: 0x01ce02bac3ab2482
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
Faulting module path: secreg.dll
Report Id: 1850375b-6eae-11e2-9bb1-0019bb32df48
 
 
>>> Unable to open logs     .
 
I found this article https://www-secure.symantec.com/connect/forums/sep-12-semsvcexe-keeps-terminating but I am not keen on re installing SEPM especially if it means reinstalling all of the clients. I've rebooted the server and still get this issue. Suggestions please?
 
Cheers
 
James

Comments 17 CommentsJump to latest comment

pete_4u2002's picture

are the SEPM services and DB services started?

can you look into the tomcat logs?

apie2004's picture

The SEPM and DB services start, then I try to login and the web server service crashes. Which tomcat log should I look at?

apie2004's picture

Hi Pete,

I gave that a go and I still get the same error when I log into the console however in event viewer I am getting this message: source: semsrv, Event ID 4096: The Java Virtual Machine has exited with a code of -1, the service is being stopped.

 

Cheers

 

James

Ashish-Sharma's picture

HI,

Check this artical

Symantec Policy Manager service stops with a Java -1 error in the event log

 

 

Article:TECH103335 | Created: 2007-01-26 | Updated: 2011-12-26 | Article URL http://www.symantec.com/docs/TECH103335

 

Check this thread

https://www-secure.symantec.com/connect/forums/sepm-keeps-disconnecting-semsrv-4096-error-server

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

is the web service started?
can you look into the scm-server-0.log?

Ashish-Sharma's picture

hi,

Also Check this thread

https://www-secure.symantec.com/connect/forums/aft...

John Solution

 

go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\ROOT\clientpkg, install the jre-6u31-windows-i586.exe file into the default directory and then go to C:\Program Files\Java\jre6, copy and paste the the lib and bin directories, then

Overwrite the lib and bin directories under C:\Program Files\Symantec\Symantec Endpoint Protection Manager\jre

 

after that run the Management Server Configuration Wizard.

Thanks In Advance

Ashish Sharma

 

 

apie2004's picture

I had tried your second suggestion @shish and I am still getting the same thing in event viewer. The service starts, runs for around 10 seconds and then crashes again.

 

I was about to attach the scm-server-0.log but it seems that it is not being written to when the service starts even with scm.log.loglevel=fine set in the conf.properties file. The only thing in the logs is about a lack of disk space which has since been resolved. I can post them anyway if you would like?

 

I had a look through http://www.symantec.com/business/support/index?page=content&id=TECH103335 but IIS is something I'm not great with! Furthermore I use the Symantec Internal database which rules out SQL problems? 

AttachmentSize
scm-server-0.txt 28.82 KB
scm-server-1.txt 32.56 KB
Ashish-Sharma's picture

HI,

 

2013-01-31 09:06:32.274 THREAD 26 SEVERE:  in: com.sygate.scm.server.task.AgentLogCollector
java.io.IOException: There is not enough space on the disk
 
How many disk space available in SEPM server ?
 
If you have already proper disk space try to repair sepm on add/remove program.

Thanks In Advance

Ashish Sharma

 

 

apie2004's picture

I ran a repair but I am still getting the same behaviour logs still aren't being written to and the webservice will not start

Ashish-Sharma's picture

HI,

You can try to disater recovery process

 

Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

Article:TECH102333  |  Created: 2007-01-21  |  Updated: 2011-11-09  |  Article URL http://www.symantec.com/docs/TECH102333
 

 

Symantec Endpoint Protection 12.1: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

Article:TECH160736  |  Created: 2011-05-24  |  Updated: 2012-10-29  |  Article URL http://www.symantec.com/docs/TECH160736
 

 

Thanks In Advance

Ashish Sharma

 

 

LUE500's picture

 

Could you check the “httpd.conf” on which port is the apache is listening?

The path is “C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Apache\conf\”.

Is there another web application using the configured port(s)?

apie2004's picture

Hi Pete,

 

I have freed up space, 160GB of it! This error was happening both before and after the drive filled up/was emptied/ 

 

Lue500 After doing a netstat -an there is nothing listening on that port

LUE500's picture

 

Hi apie2004

have a look in the TCP configuration.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\

> MaxUserPort

Default is 5000. You can set this up to 65534.

 

Just check the status for the connections if there are some ports with status Time_Wait or Close_Wait.

If so, change the settings for the TCP service.

TCPTimedWaitDelay

http://technet.microsoft.com/en-us/library/cc938217.aspx

 

 

LUE500's picture

Could you check the content of the "conf.properties" (path>\symantec\symantec endpoint protection manager\tomcat\etc)?

apie2004's picture

I called Symantec Support and they followed this article http://www.symantec.com/business/support/index?page=content&id=TECH181655 All seems to be working now.

SOLUTION