search cancel

Endpoint Protection 14.2 or 14.2 MP1 clients fail to register with the Endpoint Protection Manager when the logged in username or the client group includes special characters.

book

Article ID: 173680

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When logged into a Windows client, if the logged in username or the client's preferred group include one or more special characers, a newly installed Symantec Endpoint Protection (SEP) 14.2 or 14.2 MP1 client will fail to register with the Endpoint Protection Manager (SEPM). 

SEPM
ersecreg.log:
02/15 09:41:00 [2044:4284] 5 Server returned: 500 Internal Server Error
02/15 09:41:00 [2044:4284] 10.7.185.104<AgentInfo PreferredMode="1" DomainID="5D935ABEC0A8020C6C2A26FDE80863F5" AgentType="105" AgentID="E4275F600A07B9674B32A3E6D900D140" HardwareKey="55F69D950958E7B939753E0E4528EA3B" UserDomain="testnet.work" LoginUser="e%26omanager" ComputerDomain="testnet.work" ComputerName="sepm" PreferredGroup="My%20Company%5CServers" SiteDomainName="" AgentPlatform="Windows%20Server%202012%20R2"/>--FAILED

SEP client
cve.log:
[2019-Feb-14 16:50:11.723127] [WARN ] Failed to connect to server sepm.testnet.work. InternalServerException

cve-actions.log:
[2019-Feb-14 16:50:11.721115] E4275F600A07B9674B32A3E6D900D140    500    0    [-Registration]    2019-Feb-14 16:50:09.830408    2019-Feb-14 16:50:11.721115    1890    90032

Environment

Windows user account or the client group includes the & character. 
 

Cause

The SEPM does not allow certain characters, such as "&" in a group name.  Normally, the SEPM UI will block a group from being created with an invalid character.

In cases where AD import is utilized for groups, it is possible that an invalid character such as "&" may be imported, and cause this issue.

SEPM presently does not have a validation mechanism for non-supported characters imported via Active Directory Import.

Resolution

{FIXED_DOWNLOAD_LATEST_SEP.EN_US}

As a workaround, ensure that the Windows username or SEP client group do not include special characters. 

Rename the group in Active Directory, such that it is not using the '&' or other unsupported characters.

Synchronize the group in SEPM: Right Click the group name > Sync now