When logged into a Windows client, if the logged in username or the client's preferred group include one or more special characers, a newly installed Symantec Endpoint Protection (SEP) 14.2 or 14.2 MP1 client will fail to register with the Endpoint Protection Manager (SEPM).
02/15 09:41:00 [2044:4284] 5 Server returned: 500 Internal Server Error
02/15 09:41:00 [2044:4284] 10.7.185.104<AgentInfo PreferredMode="1" DomainID="5D935ABEC0A8020C6C2A26FDE80863F5" AgentType="105" AgentID="E4275F600A07B9674B32A3E6D900D140" HardwareKey="55F69D950958E7B939753E0E4528EA3B" UserDomain="testnet.work" LoginUser="e%26omanager" ComputerDomain="testnet.work" ComputerName="sepm" PreferredGroup="My%20Company%5CServers" SiteDomainName="" AgentPlatform="Windows%20Server%202012%20R2"/>--FAILED
[2019-Feb-14 16:50:11.723127] [WARN ] Failed to connect to server sepm.testnet.work. InternalServerException
[2019-Feb-14 16:50:11.721115] E4275F600A07B9674B32A3E6D900D140 500 0 [-Registration] 2019-Feb-14 16:50:09.830408 2019-Feb-14 16:50:11.721115 1890 90032
Windows user account or the client group includes the & character.
The SEPM does not allow certain characters, such as "&" in a group name. Normally, the SEPM UI will block a group from being created with an invalid character.
In cases where AD import is utilized for groups, it is possible that an invalid character such as "&" may be imported, and cause this issue.
SEPM presently does not have a validation mechanism for non-supported characters imported via Active Directory Import.
As a workaround, ensure that the Windows username or SEP client group do not include special characters.
Rename the group in Active Directory, such that it is not using the '&' or other unsupported characters.
Synchronize the group in SEPM: Right Click the group name > Sync now