Endpoint Protection

I'm at my whits end with this issue. None of the problems identified in Document ID: 2007090613570348 are applicable. This is a new install on a Win2K3 R2 standalone DC and File server. Tried to upgrade Symantec AV Corporate Edition 10, but had to remove in Safe Mode because no one knew the password to the old manager there either. I've already reinstalled the entire SEP suite and I'm about to apologize to the client for recommending they try SEP after I've had ZERO issue with TM-WorryFree on SCORES of installs. Is there any salvaging the use of this software or should I go to Trend? HOPING a Symantec Tech will assist and not force this Non-profit client to buy maintenance.

Hi,

usually you can find something useful in the logs...
in C:\program files\symantec\SEPM\tomcat\logs you can find scm-server-0.log and catalina.out. Read them and you will probably find the reason of your issue otherwhise call the Tech Support.

Regards,

I read the logs, and honestly, they didn't quite make sense to me without detailed analysis which I didn't have time for.  I'll post them later and hopefully you can interpret for me.  I do appreciate Symantec responding quickly.  I'm quite worried about the possibility of having to abandon Symantec.

You don't have to abandon Symantec for this issue. It is not a bug but just an environmental incompatibility like a port conflict or a permission issue. I can try to help you via the forum but of course here we can make a limited troubleshooting.
Regarding the logs, the error should be on the first rows after the system details.
If I will not be able to help you here or if you have to resolve it in a short time it is better to call the Support and they will probabily resolve it in one call.

As requested/suggested I attached the logs that I created per the knowledgebase instructions.  I set logging to FINE and captured these entries upon trying to manually start the SEPM service and having it immediately stop automatically.

I'll look at them again, but I don't know what is what.  I'll also try to capture a netstat -a to a txt file and add to post.

Giuseppe, Thank you for your help!

Hi,

from a first quick look on scm-server-0.log here's one significant error:

HTTP 401 Unauthorized, URL: http://localhost/secars/secars.dll?action=34

It means that there are some custom restriction in IIS. The SEPM console is web-based.
I give you a test URL you can use in your browser for a standard IIS troubleshooting:

http://localhost:(port)/secars/secars.dll?hello,secars

where (port) is the port of the Symantec Web Sites installed in IIS if it is not the usual 80.

The above URL will fail with error 401 instead of "OK" and it is up to the Microsoft Support because, again, it is a standard IIS error code related to the custom restriction in place in the system.
Most of the times there are some issues with the anonymous user.
In this moment I don't have useful links for you in my hands because I am not in my office, sorry.

Regards,

PS: When you will get "OK" from the test URL, remember to start manually the Symantec Endpoint Protection Manager before test again the log on in the console!

Thank you for that tip.  It was the anonymous IUSR_ that wasn't enabled.  I thought that if you check Anonymous user access in IIS that it would enable the associated user in AD, but apparently not in this case.

Looking forward to introducing the client to this great application, now that I have it working.

Thank you again for your help and prompt replies.

After reboot I got the error Java Virtual Machine Launcher - Unable to access jarfile scm-ui.jar.

I guess I'll need to repair/reinstall, but being that I'm not at the site that will have to wait.

I had the same issue and it took me a few days to work it out but I git there in the end.
You basically need to get the Symantec Management Console Service to start and stay started.

The reason the Symantec Management Console Service won't start is because another program is using the port.

Firstly stop all the Symantec Services. Next check nothing is using port 2368. To do this run "netstat -ano" from DOS prompt. Find the associated process and stop it / kill it. I will probably be a service as well.
Also check the port 8443, 9090 and 8005 are not being used by other processes. ( these may be different if yiu used custom ports when installing the Management console )

In my case another program ( VM Ware Web Interface was using that port ) I stopped that service, Check that nothing is now using that port by running a  (netstat -ano ) again by making sure the port is not listed.

Start all the Symantec Services again and then see if port 2368 is being used by the Symantec Management Console Service. It should be and the service should remain started.

See

You should then be able to login to the Management Console.

I found doc id 20080226133558935 most helful in determining the above

One thing to check is to make sure IIS is set to use (All Unassigned) in the properties for the default website (or what ever site you assigned the SEP manager to). I've seen this cause the exact same problem.

Hi

4 Files are missing in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\webapps\scm\clientpkg
scm-ui.jar
scm-ui-res.jar
scm-common.jar
scm-common-res.jar

You can repair your SEPM to get it back.

Regards
Ajit

HI,

I think this will resolve your issue.


http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101813380348

You can also just enabled the SQL Server Browser and put the local path of the SQL Client folder

I just fixed the same problem using David's recommendation.  Thank you very much, David. You rock!