Video Screencast Help

Symantec Endpoint Protection Manager Webserver sevices do not start

Created: 07 Jan 2013 • Updated: 08 Jan 2013 | 25 comments
This issue has been solved. See solution.

Hi all,

 

I was checking Symantec services and realised that the Symantec Endpoint Protection Manager Webserver services are not started. I tried to start them they do not start.

I tried the following commands and they still do not start.

net stop semwebsrv

net start semwebsrv

and the response was "access denied" , and this is the screen shot from Windows Event Logs

I can open SEPM everything is working perfectly except that these services are not starting.

Any suggestions?? Im not sure what they are used for but I know they were started before. 

 

Thank you

Comments 25 CommentsJump to latest comment

AravindKM's picture

Try this once

verify Distributed Component Object Model (DCOM) properties

  1. Login as Local Administrator, On the Windows taskbar, click Start > Run.
  2. Type the following, and then click OK:

    dcomcnfg

     

  3. Do one of the following, depending on your operating system:
    • In Windows XP/2003, click Component Services Computers My Computer. Then right-click My Computer and click Properties.
    • In all other versions of Windows, go on to the next step.
  4. On the Default Security or Default COM Security tab, under Default Access Permissions, click Edit Default.
  5. Verify that Administrators, Interactive, and System accounts are set to Allow Access, and then clickOK.
  6. Under Default Launch Permissions, click Edit Default.
  7. Verify that the Administrators, Interactive, and System accounts are set to Allow Launch, and clickOK.
  8. Do one of the following, depending on your operating system:
    • In Windows XP/2003, skip the two following steps.
    • In all other versions of Windows, go on to the next step.
  9. In the Default Configuration Permissions section, click Edit Default.
  10. In the Registry Key Permissions window, verify that the following are set to Full Control, and then click OK:

    CREATOR OWNER
    ...\Administrators
    SYSTEM

     

  11. On the Default Properties tab, verify that Default Impersonation Level is set to Identify.
  12. Click Apply, and then click OK.
  13. Restart the computer for the changes to take effect.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Eyal's picture

Hi,

I have verified these steps and all the settings are already configured.

 

Thank you

Ajit Jha's picture

Please post the scm-server log, typically located in the following location:

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\scm-server-0.log

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ashish-Sharma's picture

HI,

Try to repair for add/remove program ?

Thanks In Advance

Ashish Sharma

 

 

Ashish-Sharma's picture

Hi,

i think Do yu have change your services account ?

As per this thread

https://www-secure.symantec.com/connect/forums/ema...

Thanks In Advance

Ashish Sharma

 

 

Ashish-Sharma's picture

As per log your LDAP account authentication has been failed.

 

2012-12-29 14:52:42.040 THREAD 31 SEVERE: LDAP Authentication Failed [path=LDAP://172.18.131.162:389, user=vtcarrick].

com.sygate.scm.server.util.ServerException: LDAP Authentication Failed [path=LDAP://172.18.131.162:389, user=vtcarrick].

 

Do you have reset password ?

Thanks In Advance

Ashish Sharma

 

 

Ajit Jha's picture

Hi Eyal,

Have you tried connecting to the SEPM through the web console, to see if the users are able to login through that.

Just to make sure, the accounts are not locked out?  Are the accounts being locked after several attempts to login? 
If they are not being locked out, this could be a sign that SEPM is not communicating (passing the credentials) to the server.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Eyal's picture

Yes I can login to SEPM via the web console, the users are also able to login to SEPM. It's the Symantec Endpoint Protection Manager Webserver services that do not start.

 

pete_4u2002's picture

can you try logging into administrator account instead of LDAP?

com.sygate.scm.server.util.ServerException: LDAP Authentication Failed [path=LDAP://172.18.131.162:389, user=MV43218].

Eyal's picture

Hi

 

Im not having issues with users unable to login to SEP. I have an issue with SEP Manager Webserver services. I can not start them.

AravindKM's picture

Please check your user account "vtcarrick" once..

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

Is it possible you to enable this account and try once..

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Eyal's picture

Hi,

I think the authentication error you seeing on the logs was when the user tried to login to SEPM and because the account is disabled the user couldn't login.

I can login to SEPM successfully and is fully functional. My issue is that I cannot start the Symantec Endpoint Protection Manager Webserver services.

They do not start when I try to start them.

 

 

pete_4u2002's picture

if you are able to login then the SEPM web server services should be running. Else SEPM services will be stopped as it is dependent on webserver service.

SMLatCST's picture

Have you checked for any errors within the logs of the SEPM's Apache server?  These are usually found in "%ProgramFiles%\Symantec\Symantec Endpoint Protection Manager\apache\logs"

The odd thing in your situation is that the SEPM is working.  This is usually not possible without the Webserver service running as well.  Can you confirm that the "Symantec Endpoint Protection Manager" service is defintiely started?

The only thing I can think of that might bring about this situation is if someone has deliberately started up the httpd.exe process in "%ProgramFiles%\Symantec\Symantec Endpoint Protection Manager\apache\bin" by other means.  Doing so would casue the process to bind to the SEPM's client communication port (8014 by default), and thus prevent the "Symantec Endpoint Protection Manager Webserver" service from starting.

You could try to verify this by running a netstat on the SEPM and see if anything is listening on 8014.  I'd also recommend using the -o switch with netstat so you can grab the PID and check task manager to find out under which context this process might be running (i.e. SYSTEM, or a specific user...)

AravindKM's picture

Did you try by restarting the server?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Eyal's picture

No, I just went to services and restarted the Symantec Endpoint Protection Manager services.

Eyal's picture

Hi everyone,

Thank you for all your prompt responses. This morning I couldn't login to SEPM as you guys have explained that this service works with SEPM.

When I checked the Windows Event Logs, SEPM services were not started aswell. So I restarted the SEPM services then the Webserver services started.

So I restarted SEPM services and now everything is back to normal :-)

Thank you

SOLUTION