Endpoint Protection

Hi folks,

I am running SEPM 12.1 on an existing server and have built a new server and want to migrate SEPM from the old to the new.  I downloaded the newest version of SEPM from fileconnect and installed it on the new server.  When I went into my old server to set up the new one as a replication partner, it errored on me because the new server was a slightly newer version than the old one.  So I thought, I would just update the old server to match the new server, then replicate.  

I was able to backup the old server successfully, but got an error trying to upgrade to the newer version of SEPM.  I read an article that talked about renaming the SEM5 and recreating it.  I tried that, and SEPM would not start, giving a dependency error trying to start the SEPM service after a reboot.  I'm also low on disk space, but can't get into SEPM to compact things.

I renamed the SEM5 DB file back to normal and reboot, but the services won't start, and running the management wizard gets me to the point of picking the DB on the server, and I select embedded database and it returns an error that it could not start.

I'm rebooting again, but any ideas of what to try?  I did free up some disk space so I'm going to see what happens when it reboots.

Edit:  I see that the apache service won't start either, gives error 3299 in event log.  The Apache service named  reported the following error:
>>> Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration.

I found the command here:

Version 12.1.2xxx:

1. Stop Symantec Embedded Database and Symantec Endpoint Protection Manager services in the Services.MSC.
2. Rename sem5.log to sem5.log.old
   Path, for 32 Bit: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\"
   Path, for 64 Bit: "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\"
3. Click Start, click on Run and Type “CMD” then click OK
4. In the Command prompt (as Administrator if applicable):
   For 32 Bit, type: "CD C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\"
   For 64 Bit, type: "CD C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\ASA\win32\"
   and press Enter. This will change directories to the folder containing dbsrv12.exe.
5. Force the recreation of sem5.log.
   For 32 Bit, type: dbsrv12 -f "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.db"
   For 64 Bit, type: dbsrv12 -f "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\sem5.db"
   and press Enter.
6. Click Start, click on Run and Type “Services.MSC” then click OK and start the Symantec Embedded Database Service
7. Start the Symantec Endpoint Protection Manager Service.
8. If it stays started then go ahead and log into the Symantec Endpoint Protection Manager and everything should now be working properly.
   OR
   If the Symantec Endpoint Protection Manager service fails to start then run Management Server Configuration Wizard in order to log in to the Symantec Endpoint Protection Manager.

I don't have dbsrv12, but in my \ASA\win32 folder I have dbsrv16, so I ran that.  I get an error:  Cannot access C:\program files (x86)\symantec\symantec endpoint protection manager\db\sem5.db.  File does not exist. 

Turn on advanced debugging, post the log here

How to debug the Symantec Endpoint Protection Manager

post the scm-server0.log

are you on embedded on SQL db?

Issue

 The Symantec Embedded Database service (SQLANYs_sem5) fails to start after installing or migrating to Symantec Endpoint Protection 12.1.5 (SEP RU5).

Error
In the Windows event log:
SQLANYs_sem5
Can't open Message window log file: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\db\out.log

In the Upgrade-0.log:
The service SQLANYs_sem5 failed to be started.

In the Management Server Upgrade Wizard:
Setting
ACL...(100%)...Done
Error occurred

Cause
In SEP 12.1.5 (RU5), Symantec changed the SemSrv and SemWebSrv services to use service virtual accounts. These services are set to an UNRESTRICTED SID type, but the SQLANYs_sem5 service remains under the RESTRICTED category.

Solution
FIRST STOP ALL Symantec Endpoint Services!

Then use the following workaround to change the SID type to UNRESTRICTED, since we are using a service virtual account for the Symantec Embedded Database service as well.

Note: A permanent solution is targeted for SEP 12.1.5 RU5 MP1.

Check the SID type of the service
1.On the computer where SEPM is installed, click Start > Run.
2.Type CMD and click OK.
3.Type sc qsidtype SQLANYs_sem5
4.Verify that the following is returned:
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: SQLANYs_sem5
SERVICE_SID_TYPE: RESTRICTED

Change the SID type of the SQLANYs_sem5 service to UNRESTRICTED
1.On the computer where SEPM is installed, click Start > Run.
2.Type CMD and click OK.
3.Type cd "<Drive>:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin"

Note: Replace <Drive> with the drive that SEPM is installed on.
 
4.Type ServiceUtil.exe -changeservicesidtype 1 -servicename "SQLANYs_sem5"

Note: Running the command returns: "Change the semsrv service SID successfully." The string "semsrv" is hardcoded, but we are changing the SID type for the SQLANYs_sem5 service. Please disregard that message.
 
Verify that the SID type has changed to UNRESTRICTED
1.On the computer where SEPM is installed, click Start > Run.
2.Type CMD and click OK.
3.Type sc qsidtype SQLANYs_sem5
Start services
After following the preceding steps, start the following services:
(I ACTUALLY HAD To REBOOT the Server to get it to work)

•Symantec Embedded Database
•Symantec Endpoint Protection Launcher
•Symantec Endpoint Protection Manager
•Symantec Endpoint Protection Manager Webserver

thank you friend, solved the problem, the updated 12.1.3 to 12.1.5 and after the first boot the server the database emblemed symantec service did not rise.

Thanks

Just had to perform this, on my Server 2012 R2 host, post upgrade. Thanks for this. This needs to be added to known issues if it isn't.

This worked for me.  Thanks!