Video Screencast Help

sepm starts then stops

Created: 20 Aug 2012 • Updated: 20 Aug 2012 | 9 comments

I have a SEPM 12.1.1101.401 RU1 MP1 running on a Windows 2008 Server R2 with 2 vCPU and 8 GB of vMemory. The server have been working fine for a year now, until a few months ago. The SEPM service suddenly stopped and no matter how many times I try to start it, its stops again. I opened a case and they determine that it was a problem with tomcat. After reconfiguring a conf file, I ran the Configuration Wizard which asks for the DBA password. I forgot the password and have been trying to retrieve it somehow without any luck. I searched within the sem5.log file and found nothing, I changed the values on the Php.ini file so it can show me on an error (something I saw over the internet), but nothing. I cannot do most of the things suggested on the internet because the sepm service is not running. Maybe you can get the password using some methods, but I think that sepm service need to be running for that to happen. I need to know if there's any other way to get that password or how to get the password from the sem5.log file (a specific place or near what), most of the file it looks encrypted.

Comments 9 CommentsJump to latest comment

Swapnil khare's picture

Please roll back settings for Php.ini the way they were .

Please post scm.log to finest from steps below and paste the logs .

Advanced logging for the SEPM console can be enabled by following these steps:

    1. Stop the Symantec Endpoint Protection Manager service
    2. Add the line scm.log.loglevel=FINEST to the bottom of the file: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\

      To debug SEPM notifications, also add: scm.mail.troubleshoot=1
      To debug SEPM proxy authentication, also add: scm.proxy.debug=1

      NOTE: For additional debug values besides FINEST, please see the Table of SEPM Logging Levels below. 

    3. If IIS logs must be gathered in addition to the SEPM debug logs, then follow the steps below:
    4. Restart the IIS Admin service
    5. Restart the Symantec Endpoint Protection Manager service
    6. Detailed log files will now be saved in the folder: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\
    7. Look for errors relating to the problem in the catalina.out and scm-server-0.log files.

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Swapnil khare's picture

just follow this line and upload the scm server and catlina out logs

Add the line scm.log.loglevel=FINEST

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ashish-Sharma's picture


I would suggest you to Run the upgrade.bat from -

%Program Files (x86)%\Symantec\Symantec Endpoint Protection Manager\bin.

which may resolve your issue.

Symantec Endpoint Protection: How to change the database password to a non complex password for use with the Management Server Reconfiguration Wizard

However, incase, you need to somehow recover the password, you may have to contact Symantec Technical Support.

Thanks In Advance

Ashish Sharma

Rusty.J's picture

Try repairing your SEPM first and see if it resolves your issue ,

If that doesn't work perform disaster recovery without Databasebackup/restore



Chetan Savade's picture


If above suggested options are not working then you are left with following choices only.

1) Install SEPM as a fresh install & create new database.

2) Install SEPM & perform disaster recovery without database password.

If liked then promote following idea also:

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Pana's picture

Thanks everyone for all your input. To recap; the Symantec Endpoint Protection Manager Service will not start, the problem that Technical Support found was with tomcat, when I was instructed to run the Configuration Wizard I couldn't run it because I don't remember the DBA password.

Now, I checked one of the links that were suggested, but I've already tried to check using the ODBC method with no luck. Of what I can gather here, I will have to reinstall SEPM and perform disaster recovery without database password. I haven't try that yet and it looks that I would not try that for a couple of days since we are working with our contingency plan due to the proximity of Tropical Depression Nine on the Caribbean.

Thanks again to all for your input, I'll get back to you with the results from the disaster recovery.

Swapnil khare's picture

Hi Pana ,

Just a quick input for you . If your SEPM will be offline ie in not working state SEP clients might go Out of date defs if they are not configured to take Live update over internet . Hence i would suggest to follow dr as soon as possible.

SEP client offline and out of date in the network is not a good idea...

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.