"ATP could not successfully deliver the MD5 Blacklist policy to SEPM. Status code: 400"

book

Article ID: 172024

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

After configuring ATP with a SEPM Controller connection, the connection appears to fail. Blacklist policies from ATP fail to arrive at SEPM.

With the ATP UI, the System Activity Log shows one or more events with a message of "ATP could not successfully deliver the MD5 Blacklist policy to SEPM. Status code: 400"

Cause

Multiple possible causes.

Environment

In ATP UI, on Settings> Global, the Endpoint Controllers list contains one or more configured SEPM Controller connections.

Resolution

To workaround

  1. Within SEPM, verify that group inheritance policies allow for policy edits
  2. Restart the SEPM service
  3. Within ATP UI, on Settings> Global, check the state of your SEPM Controller connection.
  4. If symptoms persist, reboot ATP management server.
  5. Within ATP UI, on Settings> Global, check the state of your SEPM Controller connection.
  6. If symptoms persist, delete and re-add the unhealthy SEPM Controller connection

 

For more detailed information on the response SEPM provided to ATP, collect and examine the following logs from the SEPM:

  • scm-server-0.log
  • catalina.out
  • SEPM.log
  • tomcat.log