When attempting to retrieve a suspicious file from an Endpoint Protection client, the Endpoint Protection Manager (SEPM) REST API returns an HTTP 500 Internal Server error.  This issue is specific to clients in the following scenario:

1. The SEP client was "copied" from an Organization Unit (OU) group in the SEPM to a non-OU "SEPM" group. 
2. When using Symantec Endpoint Detection and Response (SEDR), the "Copy to file store from Endpoint" command fails with "Sepm returned non 200 HTTP response. There was an error."
3. When using the SEPM REST API directly, the API command returns an http 500 Internal Server error. 

semapisrv.log
2019-05-28 13:56:12,234 [http-apr-0.0.0.0-8446-exec-9] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: com.symantec.sepm.server.module.client.command.createCommandByHardwareKey (batch index #2) failed. 1 prior sub executor(s) completed successfully, but will be rolled back. Cause: java.sql.BatchUpdateException: Violation of PRIMARY KEY constraint 'PK_COMMAND'. Cannot insert duplicate key in object 'dbo.COMMAND'. The duplicate key value is (633F6276B08F431F0B86B2D02A7ABAC7, EC71DA459B064B51908F607D1A857FF2).

This issue is resolved in 14.2.5280.2000 (RU2) and newer. For information on how to obtain the latest build of Symantec Endpoint Protection, see: Download Symantec software, tools, and patches.