search cancel

Symantec Endpoint Protection Manager ADSI task shows SQL exception

book

Article ID: 174039

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When attempting to sync Active Directory OUs within the Symantec Endpoint Protection Manager (SEPM) group structure the group structure will sync as expected, but the endpoints will fall into the Default Group under My Company.

The issue appears to be related to the following which is truncated for brevity:

scm-server-0.log
SEVERE: in: com.sygate.scm.server.task.ADSITask
java.sql.SQLException: [Sybase][JDBC Driver][SQL Anywhere]Right truncation of string data

...

ADSITASK-0.log
FINE: LdapUtils>> connectWithSimpleLoginForAD: using domain=domain.local to login because the user doesn't specify one...
FINE: LdapUtils>> connect: Setting the properties...
INFO: LdapUtils>> connect: Connecting...
INFO: LdapUtils>> connect: Done!
FINE: LdapUtils>> connect: Setting the properties...
INFO: LdapUtils>> connect: Connecting...
INFO: LdapUtils>> connect: Done!
FINE: LdapRootDSE>> init: Done with retrieving RootDSE in LDAP://controller.domain.local:389!
FINE:     #0, nameDn=, my_dn=OU=Symantec,OU=TestOU,DC=domain,DC=local, path=LDAP://domain.local:389/OU=Symantec,OU=TestOU,DC=domain,DC=local, domain=domain.local, type=OrganizationalUnit
FINE: LdapXmlGenerator>> saveOU: no name from nameDn=[]
FINE: LdapXmlGenerator>> save: OK to save xml - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\1234567890123.stage.xml

...

Packet capture

Packet 1234
No.     Time               Source                Destination           Protocol Length Info

1234 <TIMESTAMP>    192.168.1.2           192.168.1.3           LDAP     1514   searchResEntry(6) "CN=Computer 1,OU=Symantec,OU=Test,DC=domain,DC=local"  | searchResEntry(6) "CN=Computer 2,OU=Symantec,OU=Test,DC=domain,DC=local"  | searchResEntry(6) "CN=Computer 3,OU=Symantec,OU=Test,DC=domain,DC=local"

 

All data presented here is an example.

Cause

Symantec is currently investigating this issue. Please subscribe to this article for continued updates.

Environment

Symantec Endpoint Protection Manager installed on a Windows Server with either a Microsoft SQL or embedded database.

Resolution

Similar issues in the past were a result of munged data present in Active Directory computer properties. It is recommended to first check for munged characters within your Active Directory computer properties for each machine not successfully imported from Active Directory that is reporting to the Default Group under My Company, however this is not a known cause. At this time there is not a known workaround related specifically to this issue.