ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unexpected Server alerts are being received every 10 minutes

book

Article ID: 173265

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Prevalent e-mail alerts from the Symantec Endpoint Protection Manager (SEPM) repeat every 10 minutes, indicating that an "Unexpected Server Error" has occurred. This behavior occurs without any specific trigger that the user or administrator can identify.

Unexpected Server Error messages should be diagnosed with Tomcat debugging.

After Enabling Tomcat server debugging for Endpoint Protection Manager, the following exception can be observed in scm-server log files:

com.sygate.scm.common.configobject.ValidationException: The entity name must immediately follow the '&' in the entity reference. at com.sygate.scm.common.configobject.XMLHelper.parseSAX(XMLHelper.java:563) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:168) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:179) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:214) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.handleRegistrationRequest(AgentRegisterHandler.java:288)

To match the AgentHandler issue, it is necessary to review the AgentRegisterHandler log. The AgentRegister-x.log reveals:

THREAD 82116 WARNING: com.sygate.scm.common.configobject.ValidationException: The reference to entity "M" must end with the ';' delimiter.

Cause

The SEPM does not allow certain characters, such as "&" in a group name.  Normally, the SEPM UI will block a group from being created with an invalid character.

In cases where AD import is utilized for groups, it is possible that an invalid character such as "&" may be imported, and cause this issue.

SEPM presently does not have a validation mechanism for non-supported characters imported via Active Directory Import.

Environment

SEP 14.2, with managed SEP Clients

Resolution

This issue is fixed in Symantec Endpoint Protection 14.2 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

If an upgrade to 14.2 RU1 is not an option at this time, the following steps must be taken to remediate this issue:

  1. Rename the group in SEPM, such that it is not using the '&' or other unsupported characters.
  2. The clients in the group will contain cached group name information containing the '&'. For resolution of this issue, move the clients to another SEPM group that does not contain an ampersand character. This will update the preferred group entry in the client's opstate info, which will clear the opstate of the cached special character.  The client can then safely move the clients back into it's original group, which  has been renamed.