search cancel

HTTP 500 Internal Server error when attempting to retrieve a suspicious file using the SEPM REST API

book

Article ID: 175131

calendar_today

Updated On:

Products

Endpoint Protection Advanced Threat Protection Platform

Issue/Introduction

When attempting to retrieve a suspicious file from an Endpoint Protection client, the Endpoint Protection Manager (SEPM) REST API returns an HTTP 500 Internal Server error.  This issue is specific to clients in the following scenario:

  1. The SEP client was "copied" from an Organization Unit (OU) group in the SEPM to a non-OU "SEPM" group. 
  2. When using Symantec Endpoint Detection and Response (SEDR), the "Copy to file store from Endpoint" command fails with "Sepm returned non 200 HTTP response. There was an error."
  3. When using the SEPM REST API directly, the API command returns an http 500 Internal Server error. 

semapisrv.log
2019-05-28 13:56:12,234 [http-apr-0.0.0.0-8446-exec-9] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: com.symantec.sepm.server.module.client.command.createCommandByHardwareKey (batch index #2) failed. 1 prior sub executor(s) completed successfully, but will be rolled back. Cause: java.sql.BatchUpdateException: Violation of PRIMARY KEY constraint 'PK_COMMAND'. Cannot insert duplicate key in object 'dbo.COMMAND'. The duplicate key value is (633F6276B08F431F0B86B2D02A7ABAC7, EC71DA459B064B51908F607D1A857FF2).

Resolution

This issue is resolved in 14.2.5280.2000 (RU2) and newer. For information on how to obtain the latest build of Symantec Endpoint Protection, see: Download Symantec software, tools, and patches.