HTTP 400 - Bad Request communication error for Symantec Endpoint Protection Manager (SEPM) 11.x

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) is experiencing communication issues and the Endpoint Protection (SEP) clients are showing as offline. A HTTP 404 error has been identified in the logs.

> The SEPM log server-0.log showed the following after enabling 'Finest' debugging:

2010-12-22 15:20:03.420 SEVERE: Unknown Exception in: com.sygate.scm.server.servlet.StartupServlet
java.lang.Exception: HTTP 400 Bad RequestHTTP 400 Bad Request, URL: http://localhost/secars/secars.dll?action=34
    at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:626)
    at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:147)
    at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:106

...

com.sygate.scm.common.communicate.CommunicationException: Unexpected server error. ErrorCode: 0x10010000
at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:650)

This log can be found in the folder C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs. For more information on debugging see: How to debug the Symantec Endpoint Protection Manager console in Symantec Endpoint Protection 11.x

> If you take a look at the Internet Information Service (IIS) httperr log you might find ''400 - Bad Request -' or 400 - Hostname -' at the end of a GET request:

2010-12-22 10:02:11 10.98.59.71 1753 <IP_address> 80 HTTP/1.0 POST /secreg/secreg.dll?l=2 400 - Hostname -

> The application pool used by the Symantec Website in IIS failed to stay started.

> After running the Symantec Endpoint Protection Support Tool (SST) the following errors related to IIS were identified:

The Secars communication test failed.
SEPM Virtual Directories with incorrect permissions.
SEPM Virtual Directories with incorrect paths.

For detail on the SST see About the Symantec Endpoint Protection Support Tool

Cause

The IIS configuration has been changed or become corrupt.

Resolution

Step 1: Follow the Disaster Recovery steps to backup the necessary information for your SEPM. For details read this article: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

Step 2: Reinstall IIS:

In the this step you will need the Operating System disk for you SEPM server.

For IIS 6.x please follow the instructions in this Microsoft KB to reinstall IIS: How to remove and reinstall IIS 5.0, 5.1 and 6.0

For IIS 7.x please backup any necessary IIS logs required. Then following Microsoft TechNet: uninstall as per Remove an Application (IIS 7) and reinstall as per IIS 7 Installation and Deployment.

Step 3: Run a repair of the SEPM:

Open the Control Panel,

In Windows XP/2000/2003 open Add or Remove Programs by clicking the Start button > Settings > Control Panel, and then clicking Add or Remove Programs.

Click on the Symantec Endpoint Protection Manager in the list of programs. Click on Change, click on Repair and follow the prompts to the end.

In Windows Vista/Windows 7/Windows 2008 open Programs and Features by clicking the Start button > Control Panel > Programs, and then clicking Programs and Features. Click on the Symantec Endpoint Protection Manager in the list of programs. Click on Repair and follow the prompts to the end.

Step 4: Run the Management Server Configuration Wizard:

Go to Start > Programs > Symantec > Symantec Endpoint Protection Manager > Management Server Configuration Wizard.

And run the management configuration wizard to reconfigure the SEPM with the existing database as per the wizard prompts.

The end result should be the IIS configuration is restored to its original state and the SEPM can now communicate with a HTTP 404 error.

If the issue is not resolved following these steps you may need to do a complete reinstall of the SEPM following the article previously mentioned Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager