search cancel

Error: "SEPM returned a non-200 HTTP response"

book

Article ID: 172809

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) controller connection is failing on Endpoint Detection and Response (EDR) console with error:

SEPM returned a non-200 HTTP response

central_manager.log on EDR shows an authentication error:

ERROR RMI TCP Connection(512776)-127.0.0.1 (SepmCommunicatorRemoteImpl.java:validateSepm:895) Error when trying to connect to SEPM. Exception : {"errorCode":"401","appErrorCode":"","errorMessage":"Invalid user name or password. Please try again."}:name=ERROR_HTTP_RESPONSE_NOT_OK, description=Sepm returned non 200 HTTP response. There was an error.

Following error is found in 'semapisrv_log.xxxx-xx-xx.0.log' on SEPM:

[https-openssl-apr-0.0.0.0-8446-exec-9] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: error.login 
com.symantec.sepm.core.exception.AuthorizationException: error.login

Cause

The SEPM API Service is having issues connecting to EDR

Resolution

Solution 1:

  • If the SEPM API service is running, then stop it.
  • Navigate to '<SEPM install folder> tomcat/instances/sepm/api/webapps' and delete the 'sepm' subfolder.
  • Restart the SEPM API service.

Note: This will redeploy the sepm folder that was deleted so that the service runs properly.

Solution 2:

  • Stop all SEPM services on SEPM having issue
  • Back up all files and folder from '<SEPM_HOME>\tomcat\instances\sepm-api\webapps'
  • Delete all files from this folder (Default path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\instances\sepm-api\webapps)
  • Copy "SEPM.WAR" file from a working SEPM on same version in this folder. 
  • Start all SEPM services and verify that all the files are generated
  • Try adding the SEPM to EDR