Troubleshoot communication issues with Endpoint Protection Manager

book

Article ID: 154324

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) logs errors or displays HTTP error codes.

Cause

The communication channels between all Symantec Endpoint Protection (SEP) components must be open. These channels include:

  • Server to client communications
  • Server to database communications
  • Server and client communications to the content delivery component, such as LiveUpdate.

Resolution

Learn how to troubleshoot communication issues between the SEPM server and SEP clients or databases.

Contents

Troubleshoot management server and client communications

If you have trouble with communications between Endpoint Protection clients and servers, ensure that there are no general network or network connectivity issues.

You can test the communication between the client and the management server in several ways.

Look on the client to see if the client connects to the management server

You can check several important connection data values in the client. The dates, times, server address, and port numbers are available for troubleshooting connection problems.

To check connection status data values in the client:

  1. In the SEP client, click Help, and then click Troubleshooting.
  2. In the left column, select Connection Status.
  3. View the connection status values.

View the access log to see if the client connects to the management server

You can view the Apache HTTP server Access log on the management server to check whether the client connects to the management server. If the client connects, the client's connection problem is probably not a network issue.

Network issues include the firewall blocking access, or networks not connecting to each other. You must first enable the Apache HTTP server Access log before you can view the log.

Note: Disable the log after you view it because the log uses unnecessary CPU resources and hard disk space.

To enable the Apache HTTP server Access log:

  1. In a text editor, open C:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf.
  2. Remove the hash mark (#) from the following text string, and then save the file:
    #CustomLog "logs/access.log" combined
  3. Using services.msc, restart the Endpoint Protection Manager Webserver service (Apache).
  4. Click Yes to restart the SEPM service.

To view the Apache HTTP server Access log:

  1. On the management server, open C:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\logs\access.log.
  2. Look for a client computer's IP address or host name, which indicates that the clients connect to the Apache HTTP server.
  3. Disable the Apache HTTP server Access log when you are done.

Use the ping command on the client computer to test connectivity to the management server

  1. On the client computer, open a command prompt.
  2. Type ping and the computer name of the management server, and then press Enter.
    You can use the server IP address in place of the computer name. The command should return the server's correct IP address.

    Note: If the ping command does not return the correct address, verify the DNS service for the client and check its routing path.

Use a browser on the client computer to test connectivity to the management server

  1. On the client computer, open a web browser.
  2. In the browser command line, type the following command, where management_server_address is the management server's DNS name, NetBios name, or IP address:
    http://management_server_address:8014/secars/secars.dll?hello,secars
  3. When the web page appears, look for one of the following results:
    • If the word OK appears, the client computer should be able to connect to the management server. Therefore, the issue may be on the client.
    • If the word OK does not appear, the client computer cannot connect to the management server. Therefore, the issue may be on the server.

Check for any network problems

Verify that there are no network problems by checking the following items:

  • Test the connectivity between the client and management server first. If the client computer cannot ping or Telnet to the management server, verify the DNS service for the client.
  • Check the client's routing path.
  • Check that the management server does not have a network problem.
  • Check that the Endpoint Protection firewall or third-party firewall does not cause any network problems.

Check debug logs on the client computer

If the client has communication problems with the management server, status messages about the connection problem appear in the client's debug logs.

You can check the debug logs by using the following methods:

  1. In the SEP client, click Help, and then click Troubleshooting.
  2. In the left pane, click Debug Logs.
  3. In the right pane, under Symantec Endpoint Protection, click Edit Debug Log Settings.
  4. Type a name for the log, and click OK.
  5. Click View Log.
  6. In the Windows Registry, turn on debugging in the client under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_debuglog_on.

Check inbox logs on the management server

Use the log files ersecreg.log and exsecars.log on the management server to troubleshoot client and server communications. These log files show activity that occurs in the management server inbox.

To check the inbox logs on the management server:

  1. On the management server, under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SEPM, set DebugLevel=3.
  2. Open the log files. These files usually appear in <DRIVE>:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log.

Recover lost client communication using the SylinkDrop tool

To recover lost client communications using Communication Update Package Deployment:

See Restore client-server communications with Communication Update Package Deployment

To recover lost client communications using the SylinkDrop tool:

  1. From the installation files, go to the <DRIVE>:\Tools\NoSupport\SylinkDrop folder, and run SylinkDrop.exe.
    You can run the tool remotely or on the client computer. If you use the tool on the command line, read SylinkDrop.txt for a list of the tool's command parameters.
  2. In the SEPM, export the communication file (sylink.xml) from the client group to which you want the client computer to connect.
  3. Deploy the communication file to the client computer.

Note: Ensure that the Computer Browser Service is running on the server.

Troubleshoot management server and console or database communications

If you have a connection problem with the console or the database, you may experience one of the following symptoms, which display a "Java -1" error in the Windows Event log:

  • The management server service (semsrv) stops.
  • The management server service does not stay in a started state.
  • The Home, Monitors, and Reports pages display an HTTP error.
  • The Home, Monitors, and Reports pages are blank.
  • The Home, Monitors, and Reports pages display a continuously loading progress bar, without displaying any content.

To find the specific cause for the "Java -1" error, review the scm-server log, typically located at C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\scm-server-0.log.

Test database and management server connectivity

If the management server runs the embedded Sybase database:

  1. Verify that the Symantec Embedded Database service runs, and that the dbsrv11.exe or dbsrv12.exe process listens to TCP port 2638.
  2. Test the ODBC connection.

To verify the ODBC connection with the embedded database:

  1. Click Start Run.
  2. Type the following command:
    • 32-bit operating systems: %systemroot%\system32\odbcad32.exe
    • 64-bit operating systems: %systemroot%\syswow64\odbcad32.exe
  3. In the ODBC Data Source Administrator dialog box, click System DSN.
  4. In the System DSN tab, double-click SymantecEndpointSecurityDSN.
  5. In the ODBC tab, verify that the Data source name drop-down list is SymantecEndpointSecurityDSN. You can type an optional description.
  6. Click Login.
  7. In the Login tab, in the User ID field, type dba.
  8. In the Password field, type the password for the database.
    This password is the one that you entered for the database when you installed the management server.
  9. Click Database.
  10. In the Database tab, in the Server name field, type <\\servername\instancename>.
    If you use the English version of Endpoint Protection Manager, use the default sem5. Otherwise, leave Server name blank.
  11. In the ODBC tab, click Test Connection.
    Verify that the test succeeds.
  12. Click OK.
  13. Click OK.

If the management server runs the remote SQL database:

  1. Verify that you have specified a named instance when you installed and configured the SEPM.
  2. Verify that SQL Server runs and that you have properly configured the server.
  3. Verify that the network connection between management server and the SQL database is correct.
  4. Test the ODBC connection.

To verify ODBC connection to the SQL database:

  1. Click Start > Run.
  2. Type the following command:
    • 32-bit operating systems: %systemroot%\system32\odbcad32.exe
    • 64-bit operating systems: %systemroot%\syswow64\odbcad32.exe
  3. In the ODBC Data Source Administrator dialog box, click System DSN.
  4. In the System DSN tab, double-click SymantecEndpointSecurityDSN.
  5. In the Server drop-down list, verify and select the correct server and instance.
  6. Click Next.
  7. For Login ID, type sa.
  8. In the Password field, type the password for the database.
    This password is the one that you entered for the database when you installed the management server.
  9. Click Next.
  10. Select "sem5" for the default database.
  11. Click Next.
  12. Click Finish.
  13. Click Test Data Source. Look for the result that states "TESTS COMPLETED SUCCESSFULLY!".

Verify the management server heap size

You may need to adjust the heap size that is appropriate for the management server's operating system. If you cannot log on to the management server's remote console, or if you see an out-of-memory message in the smc-server log, you may need to increase the heap size.

The default heap size for Endpoint Protection Manager is 256 MB.


Verify that the management server is not running multiple versions of PHP

Check whether the management server runs multiple software packages that use different versions of PHP. PHP checks for a global configuration file (php.ini).

If there are multiple configuration files, you must force each product to use its own interpreter. When each product uses the correct version of PHP associated with it, the management server operates properly.


Check system requirements

Ensure that both the client and the management server meet the Endpoint Protection system requirements.