Error 12029 while the Symantec Endpoint Protection (SEP) client is not able to communicate with Symantec Endpoint Protection Manager (SEPM).

book

Article ID: 177956

calendar_today

Updated On:

Products

Endpoint Protection Data Loss Prevention Network Monitor

Issue/Introduction

The Symantec Endpoint Protection client is not able to communicate with Symantec Endpoint Protection Manager. The Sylink log illustrates "Error Code = 12029."

Cause

Possible causes for this situation include the following:

 - The SEPM service is not running.

 - The machine hosting the SEPM does not allow inbound traffic via the expected port.

 - A firewall or proxy server is blocking inbound traffic via the expected port to the machine hosting the SEPM.

 - The SEP client is attempting to communicate via HTTPS while the SEPM or associated website is not correctly configured to allow HTTPS.

Resolution


Note: The Communications Port for Symantec Endpoint Protection Manager by default is 8014; this communications port may have been customized during the installation of the Symantec Endpoint Protection Manager or at a later time.


 

  • When the Server on which Symantec Endpoint Protection Manager is un-available

OR

  • Symantec Endpoint Protection Manager service on the Symantec Endpoint Protection Manager server is stopped/not running
  • Ensure that Symantec Endpoint Protection Manager Server is Running, the Symantec Endpoint Protection Manager Service is running and the Symantec Endpoint Protection Manager was not re-installed.
  • Symantec Endpoint Protection Manager was completely re-installed without restoring the Database backup or the Server Certificates
  • When Windows Firewall is not allowing the SEP client to connect on port 8014
  • Follow the steps below in order to allow the inbound traffic on port http 8014:
    1. Open Windows Firewall Advance Settings from Administrative Tools
    2. Under Inbound Rules, select Create New Rule
    3. Create the rule for Ports & Protocol
    4. Select TCP port 8014
    5. Allow the traffic for only Domain as it is specific for Internal Network
    6. Finish the wizard
    7. Try to update the policy on the one of the client to test the end results
    8. The client should show up in manager and will start communicating with the manager
  • A Proxy may not be allowing to connect to sepm server on port 8014

Bypass OR create Exclusion on the Proxy Server to allow traffic to the Symantec Endpoint Protection Manager on port 8014

  • Custom Management Server List is configured for HTTPS, although the website in IIS is not configured for SSL
  • SEP clients that have a management server list configured to use HTTPS communication, without having configured SSL for the website in IIS, will not communicate with the SEP Manager. Either configure an SSL certificate in the IIS website or change the communication setting from HTTPS to HTTP in the Management Server List.