Endpoint Protection client is trying to register with an invalid Domain ID


Article ID: 177404


Updated On:


Endpoint Protection


Within the Symantec Endpoint Protection Manager (SEPM) logs or console, it can be seen that a SEP client is trying to register with an invalid Domain ID.

Examples of SEPM tomcat\logs\scm-server log entries (FINEST logging may need to be enabled to see all details):

Unexpected server error / Unknown Exception

java.lang.IllegalArgumentException: Client is trying to register with invalid Domain ID 45A7120CC0A8ECFE013AFAC794DDE8E0 from xxxxxxxxx

com.sygate.scm.server.agentmanager.InvalidDomainIdRegistrationException: Client xxxxxx is trying to register with invalid Domain ID AD8FED1CC0A801EA202DF86C3BB4DE7E


The sylink.xml file being used by one or more clients refers to a Domain ID that no longer exists. This could occur if the SEPM was reinstalled or a former Domain has been deleted.


There are two different solutions for this issue.

  1. When this issue occurs a file called InvalidDomainChange.properties should be created within the <SEPM Install>\tomcat\etc folder. If you have never had this issue then the file will not be present. Edit the InvalidDomainChange.properties file. You should see something that looks similar below:

    #Contains Invalid Domain ID and the corresponding Domain ID to be used to move a client
    #Wed Jun 07 17:58:24 CDT 2017

    Edit the file to include the current Domain ID in use on the SEPM found when going to Admin > Domains. Below is an example edit of the properties file which will re-direct clients to use the B9D51233C0A8C5A6007AEB8641A0EB46 Domain ID. Again, every SEPM domain will be different so check Admin > Domains to find the correct Domain ID to use.

    #Contains Invalid Domain ID and the corresponding Domain ID to be used to move a client
    #Wed Jun 07 17:58:24 CDT 2017

    Save the InvalidDomainChange.properties file after making the change and then restart the SEPM and SEPM Webserver services. This will redirect clients containing the two Domain IDs on the left to the Domain ID noted on the right.

  2. Follow the steps in How do I replace the client-server communications file on the client computer? to provide affected clients with new communication that includes the correct Domain ID.


NOTE: The domain ID is just an identifier related to administrative domains under SEPM, it is NOT related to windows domain groups.