Clients are failing to connect and the first three tabs of the Symantec Endpoint Protection Manager (SEPM) are blank. Failed to connect to server error is displayed when logging into the SEPM and HTTPD.exe is repeatedly crashing in the Windows Event - Application log.
Error-Pacific Standard Time.log:
[Thu Sep 04 10:01:56.951466 2014] [isapi:error] [pid 7912:tid 2520] AH02110: failed call to GetExtensionVersion() in C:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/Inetpub/secars/secars.dll
[Thu Sep 04 10:01:56.963466 2014] [mpm_winnt:notice] [pid 7912:tid 3228] Child 7912 Thread 7528: Starting thread to listen on port 8445.
[Thu Sep 04 10:01:58.670865 2014] [isapi:error] [pid 7912:tid 3224] (OS 5)Access is denied. : AH02110: failed call to GetExtensionVersion() in C:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/Inetpub/secreg/secreg.dll
[Thu Sep 04 10:01:58.862843 2014] [mpm_winnt:notice] [pid 5268:tid 472] AH00428: Parent: child process exited with status 255 -- Restarting.
SEPM UI:
Failed to connect to server.
Windows Event - Application log:
Log Name: Application
Source: Application Error
Date: 9/4/2014 10:04:51 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Redacted
Description:
Faulting application name: httpd.exe, version: 2.4.6.153, time stamp: 0x539e89a7
Faulting module name: secars.dll_unloaded, version: 0.0.0.0, time stamp: 0x53fdaeef
Exception code: 0xc0000005
Fault offset: 0x6cbb4150
Faulting process id: 0x2114
Faulting application start time: 0x01cfc8625698f77e
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
Faulting module path: secars.dll
Report Id: 94d9321b-3455-11e4-943a-0024e847494c
Faulting package full name:
Faulting package-relative application ID:
Log Name: Application
Source: secars
Date: 9/4/2014 10:04:51 AM
Event ID: 4096
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Redacted
Description:
Initialize Server Configuration Error
Log Name: Application
Source: Windows Error Reporting
Date: 9/4/2014 10:04:51 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Redacted
Description:
Fault bucket , type 0
Event Name: BEX
Response: Not available
Cab Id: 0
Problem signature:
P1: httpd.exe
P2: 2.4.6.153
P3: 539e89a7
P4: secars.dll_unloaded
P5: 0.0.0.0
P6: 53fdaeef
P7: 6cbb4150
P8: c0000005
P9: 00000008
P10:
The issue is caused by copying conf.properties out of the %SEPM_install_directory%\tomcat\etc folder and then replacing the original conf.properties file with the copied one. The semwebsrv account will not have read access rights on the copied conf.properties, because the copied one inherits permissions from its parent folder, which only provides List folder / read data access. This results in semwebsrv being unable to read conf.properties.
Change the Security options (i.e., permissions) for conf.properties to provide the semwebsrv account with the following permissions: Read
How to give semwebsrv Read permissions on conf.properties: