search cancel

The Symantec Endpoint Protection Launcher service returns error 1385


Article ID: 161891


Updated On:


Endpoint Protection


When the Symantec Endpoint Protection Manager (SEPM) is configured to connect to its SQL server using Windows Authentication, various SEPM tasks fail. This is known to affect replication and log processing tasks, but may also affect other tasks.

SEPM tasks fail with the following error: SemLaunchService> parseServiceReturnText>> launch service return code:1385

The Security log in the Event Viewer shows events with event ID 4625, indicating that the account used for Windows Authentication failed to logon. The caller process name is "SemLaunchSvc.exe" (default path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SemLaunchSvc.exe) and the logon type is "2".

SemLaunchService> parseServiceReturnText>> launch service return code:1385


The SEPM has been configured to authenticate to the SQL server using Windows Authentication and the specified Windows account is not allowed to logon to the SEPM.


Grant the specified Windows account the privilege to log on locally to the SEPM computer ("Allow log on locally") and confirm that the account has not been denied the right to log on locally ("Deny log on locally") via the Group Policy Object applied to the SEPM computer.