Endpoint Protection clients fail to communicate with Manager due to certificate error
search cancel

Endpoint Protection clients fail to communicate with Manager due to certificate error

book

Article ID: 175269

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) clients is not communicating with the Symantec Endpoint Protection Manager (SEPM).
When viewing the status of this client on SEPM under Clients → Tasks → Clients tab → View: Client status, the "Last Update Status" field shows as recent for the impacted clients. However, the SEP clients do not receive policy updates, nor do they upload logs to the SEPM. 

Following error is found in the cve.log of client:

[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider Begins
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list.
.
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider Finished
[2019-Jun-26 12:59:19.058754] [ERROR] Verify signature failed.
[2019-Jun-26 12:59:19.058754] [INFO ] Heartbeat failed
[2019-Jun-26 12:59:19.058754] [DEBUG] Heartbeat status: [complete: true] [successful: false]
[2019-Jun-26 12:59:19.059748] [ERROR] Heartbeat failed with error SignatureException

For a Linux client in similar situation:

2024-10-11T09:08:45.795+07 140193730373376 INFO cve.sylinkcommunicator [2024-Oct-11 09:08:45.795664] [INFO ] Starting heartbeat. [thread:7f81657fa700]
2024-10-11T09:08:45.796+07 140193730373376 INFO cve.sylinkcommunicator [2024-Oct-11 09:08:45.796526] [INFO ] CallOneServer: Heartbeat pass <1> for Server_Name [thread:7f81657fa700]
2024-10-11T09:08:45.805+07 140193730373376 INFO cve.sylinkcommunicator [2024-Oct-11 09:08:45.805911] [INFO ] Heartbeat failed [thread:7f81657fa700]
2024-10-11T09:08:45.806+07 140193730373376 WARN cve.sylinkcommunicator [2024-Oct-11 09:08:45.806003] [WARN ] Failed to connect to server Server_Name. UnknownHostException [thread:7f81657fa700]
2024-10-11T09:08:45.806+07 140193730373376 INFO cve.sylinkcommunicator [2024-Oct-11 09:08:45.806291] [INFO ] CallOneServer: Heartbeat pass <1> for Server_Name.COM [thread:7f81657fa700]
2024-10-11T09:08:45.831+07 140193730373376 ERROR cve.commchannel [2024-Oct-11 09:08:45.831659] [ERROR] Verify signature failed. [thread:7f81657fa700]

Cause

It is mostly due to an issue with the Sylink.xml file, or certificate on the client.

Resolution

To resolve the issue, replace the Sylink.xml with a known good copy. 

For more information on replacing the Sylink.xml, reference: How do I replace the client-server communications file on the client computer?

Powered by Wolken Software