search cancel

Symantec Endpoint Protection Bridge Service does not stay started after enrollment.

book

Article ID: 171357

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection (SEP) Bridge Service does not stay started after enrolling the Symantec Endpoint Protection Manager (SEPM) with the cloud.

You may see the following in the Advanced Security tab: An authentication mismatch has occurred.

And a check of the SepBridgeSrv in services may show that it has stopped:

Symantec Endpoint Protection Bridge Service SepBridgeSrv NT SERVICE\SepBridgeSrv Automatic Stopped 0

Further, you may see lines in the logs as follows:

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\semapisrv*.log:

WARN  c.s.p.bridge.sepmclient.SepmClientManager - getShouldHubRun>> getBridgeAccessToken failed (retry: 11). Exception: Bridge access token is null or empty for serverId
https-openssl-apr-0.0.0.0-8446-exec-7] WARN  c.s.s.s.m.c.s.o.TransactionalRandomValueTokenServicesFacade - Unable to refresh access token due to unexpected error

C:\Program Files\Symantec Endpoint Protection Cloud Hub\log\ConfigureCollector_get_access_token.log:

SepmProperties> load>> conf path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties
SepmProperties> static>> Exception while loading conf.properties file. Error: Scm property file does not exist.
java.lang.Exception: Scm property file does not exist.

C:\Program Files\Symantec Endpoint Protection Cloud Hub\log\sepcloudhub.yyyy-mm-dd.0.log:

2018-03-12 16:09:45,276 [main] WARN  c.s.platform.hub.common.SensorConfig - SensorConfig>> Sensor configuration file path: C:\Program Files\Symantec Endpoint Protection Cloud Hub\etc\sensor.xml 
2018-03-12 16:09:45,526 [main] ERROR c.s.platform.common.db.SepmDbConnector - isSepmInstalledWithSqlDb: Detailed exception is: null 
2018-03-12 16:09:45,963 [main] ERROR c.s.p.bridge.sepmclient.SepmClientManager - SepmClientManager> getShouldHubRun>> serverId cannot be null. 
2018-03-12 16:09:45,963 [main] WARN  java.lang.Class - init>> This is not the reporting hub. Stopping the service. 

Cause

Insufficient rights for the SEP Bridge Service to read the SEPM configuration file, conf.properties.

Resolution

Correct the file and folder permissions and/or any GPO preventing the SEP Bridge Service from locating and reading conf.properties in the path indicated by the logs.

Workaround: Add the necessary rights for the built-in group SERVICE to traverse the directory structure, list the contents, and read the SEPM configuration file.

Attachments