Endpoint Protection

We recently did a patch update to our Windows Server 2008 R2 x64, and since I am unable to login to the Symantec Endpoint Protection Management Console on the server.

After login attempt I check the services, and the Symantec Endpoint Protection Manager service stops with the following errors in the event log:

Faulting application name: httpd.exe, version: 2.4.6.235, time stamp: 0x559f69ad
Faulting module name: secars.dll_unloaded, version: 0.0.0.0, time stamp: 0x55fbffc5
Exception code: 0xc0000005
Fault offset: 0x6ca290c0
Faulting process id: 0x6f4
Faulting application start time: 0x01d1a00946db8476
Faulting application path: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
Faulting module path: secars.dll
Report Id: 855c419a-0bfc-11e6-805f-005056a61a6a

I am attempting to login from the Management Server itself.

Did you reboot it? What is the exact version of SEPM?

Have you tried removing the patch to see if it was the cause?

Run the symdiag tool on it to do further error checking:

Download SymDiag to detect Symantec product issues

Also check the scm-server-0.log file for errors

I have rebooted the server - same issue

It was a major patch run, the previous network admins had let the patching go over a year, so finding the patch which potentially caused the problem will be extremely difficult.

I have run symdiag tool, which basically confirms the service isn't running which it requires. I can start the service again, but it stops as soon as you attempt to login.

Afterr checking the scm-server-0.log file I see these errors repeating:

THREAD 184718 SEVERE: Error in ClientTransportInfoTask starting client transport after SEPM service started
java.net.SocketException: Connection reset

com.sygate.scm.common.communicate.CommunicationException: Failed to connect to the server.

Make sure that the server is running and your session has not timed out.
If you can reach the server but cannot log on, make sure that you provided the correct parameters.
If you are experiencing network issues, contact your system administrator. ErrorCode: 0x80020000

THREAD 184718 SEVERE:  in: com.sygate.scm.server.task.ClientTransportInfoTask
java.net.SocketException: Connection reset

com.sygate.scm.common.communicate.CommunicationException: Unexpected server error. ErrorCode: 0x10010000
    at com.sygate.scm.server.task.ClientTransportInfoTask.getClientTransportInfo(ClientTransportInfoTask.java:519)
    at com.sygate.scm.server.task.ClientTransportInfoTask.execute(ClientTransportInfoTask.java:140)
    at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:41)
    at java.util.TimerThread.mainLoop(Timer.java:555)
    at java.util.TimerThread.run(Timer.java:505)
2016-04-21 21:36:19.096 THREAD 184720 SEVERE:  in: com.sygate.scm.server.task.AgentLastCheckInTask
java.net.SocketException: Connection reset
    

try to run a management server configuration wizard once, if it doesn't fix the issue for you please upload  these following logs here 

scm-server-0.log and

Catalina.out

Just a quick update, after getting Symantec Support involved, it was a conf.properties file which was corrupt in the tomcat\etc folder.

They recreated the file, and after running Management Server Configuration Wizard from the symantec start menu -> Tools, was able to re-establish connection to the database and at this point the management console worked as intended.

Apparently this "file corruption" of the conf.properties file is a common issue, well common enough that it was diagnosed and fixed within 15 minutes of receiving the call.