Endpoint Protection client is trying to register with an invalid Domain ID

book

Article ID: 177404

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Within the Symantec Endpoint Protection Manager (SEPM) logs or console, it can be seen that a SEP client is trying to register with an invalid Domain ID.

Examples of SEPM tomcat\logs\scm-server log entries (FINEST logging may need to be enabled to see all details):

Unexpected server error / Unknown Exception

java.lang.IllegalArgumentException: Client is trying to register with invalid Domain ID 45A7120CC0A8ECFE013AFAC794DDE8E0 from xxxxxxxxx

com.sygate.scm.server.agentmanager.InvalidDomainIdRegistrationException: Client xxxxxx is trying to register with invalid Domain ID AD8FED1CC0A801EA202DF86C3BB4DE7E

Cause

The sylink.xml file being used by one or more clients refers to a Domain ID that no longer exists. This could occur if the SEPM was reinstalled or a former Domain has been deleted.

Resolution

There are two different solutions for this issue.
 

  1. When this issue occurs a file called InvalidDomainChange.properties should be created within the <SEPM Install>\tomcat\etc folder. If you have never had this issue then the file will not be present. Edit the InvalidDomainChange.properties file. You should see something that looks similar below:

    #Contains Invalid Domain ID and the corresponding Domain ID to be used to move a client
    #Wed Jun 07 17:58:24 CDT 2017
    HWI83LM21M9S932AAPWGG524YTW99=
    L27AAA45MND2U1JK564786DDDF87611=


    Edit the file to include the current Domain ID in use on the SEPM found when going to Admin > Domains. Below is an example edit of the properties file which will re-direct clients to use the B9D51233C0A8C5A6007AEB8641A0EB46 Domain ID. Again, every SEPM domain will be different so check Admin > Domains to find the correct Domain ID to use.

    #Contains Invalid Domain ID and the corresponding Domain ID to be used to move a client
    #Wed Jun 07 17:58:24 CDT 2017
    HWI83LM21M9S932AAPWGG524YTW99=B9D51233C0A8C5A6007AEB8641A0EB46
    L27AAA45MND2U1JK564786DDDF87611=B9D51233C0A8C5A6007AEB8641A0EB46


    Save the InvalidDomainChange.properties file after making the change and then restart the SEPM and SEPM Webserver services. This will redirect clients containing the two Domain IDs on the left to the Domain ID noted on the right.
     

  2. Follow the steps in How do I replace the client-server communications file on the client computer? to provide affected clients with new communication that includes the correct Domain ID.

 

NOTE: The domain ID is just an identifier related to administrative domains under SEPM, it is NOT related to windows domain groups.