search cancel

Protection Engine UI is not accessible


Article ID: 172874


Updated On:


Protection Engine for Cloud Services Protection for SharePoint Servers Protection Engine for NAS


After no apparent changes, the Symantec Protection Engine (SPE) UI can no longer be accessed via a web browser.

If a netstat is run, port 8004 and 8005 are no longer listening.

If installed to Windows, in the Program Files\Symantec\Scan Engine directory, the Certificate.pem, keyStore.private and keyStore.public are missing.

If installed to Linux, in the /opt/SYMCScan/bin directory, the Certificate.pem, keyStore.private and keyStore.public are missing.


Normally, during install and service starts, the Certificate.pem, keyStore.private and keyStore.public are generated or re-generated if missing. If this process is not happening, it indicates that SPE is unable to resolve the IP address of the fully qualified domain name (FQDN) of the local system via Domain Name System (DNS). If DNS is no longer providing forward and reverse name resolution of the local system, SPE will be unable to generate the certificate and keystore files used to encrypt the console web page.


Troubleshoot and resolve the DNS issues encountered around the time the console stopped working.


Add a hosts file entry in one of the following locations.

  • Windows: C:\Windows\System32\etc\hosts
  • Linux: /etc/hosts

This entry should be in a format similar to the following: <IP address of SPE server>     <FQDN of SPE server> for example    testhost.testdomain

Once this entry is created in the host file, restart the Symantec Protection engine service. The Certificate.pem, keyStore.private and keyStore.public files should now be created and the website should be accessible.