"Connection Error" on status of SEPM Connection

book

Article ID: 184575

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

On the Settings> Global page of the appliance console for Symantec Endpoint Detection and Response (SEDR), the Status of one or more connections to Symantec Endpoint Protection Manager (SEPM)  show a "Connection error".

Resolution

Multiple causes have been observed in the field and in the Symantec test lab environment, including, but not limited to:

  • incorrectly specified dba account password within mssdbconnector
  • incorrectly specified proxy username within mssdbconnector
  • incorrectly specified proxy password within mssdbconnector
  • incorrectly specified proxy username within CIU
  • incorrectly specified proxy password within CIU
  • mssdbconnector is not able to obtain a port because another process is already listening on port 8081
  • SQL components are not fully removed before installing SEPM and/or mssdbconnector
  • configuration within UI is pointed at the port for an instance of SQL that does not contain the sem5 database.
  • incorrectly specified credentials for the SQL instance hosting the sem5 database.

 

 

Steps to triage

  1. At a cmd or powershell prompt on the Windows server hosting the embedded database, type: 
    ipconfig

     
  2. At the admin CLI of the CIU, type: 
    tcp_check IP_OF_SEPM_SERVER 8081

    ...where IP_OF_SEPM_SERVER is the actual IP address associated with the SEPM server. If SEPM is using SQL to host the sem5 database, in the command above, replace 8081 with the dedicated port number of the SQL instance hosting the sem5 database.
     
  3. If output from tcp_check includes "Connected to", then tcp_check was able to reach the target tcp port on the SEPM machine. See below to troubleshoot credentials
     
  4. If output from tcp_check does not include "Connected to", then tcp_check was not able to reach the target port on the target IP address. See below to troubleshoot connectivity. 

 

 

To troubleshoot credentials for SEPM Embedded database

  1. Open a command prompt or powershell.
  2. To navigate to the location of the dbisqlc.exe database tool, type: 
    cd c:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\ASA\win32
     
  3. To start the dbisqlc.exe database tool, type: 
    .\dbisqlc.exe

    The "Connect to SQL Anywhere" dialog box appears. 
     
  4. In the User ID: field, type: 
    dba

     
  5. In the Password: field, type the password for the dba account. (This is the password first used when setting up SEP admin account).
  6. In the Action: dropdown box, select "Connect with an ODBC Data Source"
  7. Below "ODBC Data Source name, click "None" to display the available options.
  8. Click "SymantecEndpointSecurityDSN" to select.
  9. Click OK.
  10. If dbisqlc displays an "Invalid user ID or password" dialog box, resolve this issue before continuing.

    NOTE: This may involve research within your local administration logs to identify the correct password for the dba account. If the administrative logs/journals do not contain the password, secure the dba account of the SEPM Embedded database. 
     
  11. If dbisqlc does not display an "Invalid user ID or password" dialog box, but instead displays its main Command window, the credentials typed in the "Connect to SQL Anywhere" dialog box were correct.  If the credentials were not correct during the initial attempt, see below to change DB credentials within mssdbconnector proxy.
  12. If you did not receive an "Invalid user ID or password" dialog box at any time while attempting to login with dbisqlc, remove and re-add the proxy username account for the mssdbconnector proxy.

 

 

To locate the installation location of mssdbconnector

  1. Click Start> Run
  2. In the Run dialog box, Type: services.msc
  3. Scroll down and right click on Symantec MSS DB Connector
  4. click Properties
  5. Highlight the entire contents of the "Path to executable:" line
  6. In notepad, paste.
  7. Delete "commons-daemon/prunsrv.exe" and all text following
  8. Copy and paste remainder into a Windows Explorer window to navigate to install location of mssdbconnector

 

 

To change DB credentials within mssdbconnector proxy

  1. Open cmd or powershell
  2. Type: cd
    ...then paste the installation location. Be sure to leave a space after cd
     
  3. To enter the scripts folder, type:
    cd scripts

     
  4. To start the configuration console for mssdbconector, type:
    console.bat

     
  5. To change the DB credentials, type: 
    5

     
  6. At the "Enter IP Address:" prompt, type the IP address of the management interface of the CIU.
  7. At the "Enter User Name:" prompt, type the name of the proxy username shared between mssdbconnector and the CIU.
  8. At the "Enter DB user name:" prompt, type: 
    dba

     
  9. At the "Enter new DB password:" prompt, type the correct password for the dba account within the SEPM embedded database.
  10. At the "Confirm password:" prompt, re-type the correct password for the dba account within the SEPM embedded database.
  11. If any message other than "DB user and password values changed successfully" appears, repeat steps 5-10.

 

 

To secure the dba account of the SEPM Embedded database

  1. Export the contents of the SEPM database
  2. Uninstall SEPM
  3. Reinstall SEPM, selecting the embedded database for the database type.
  4. Re-import the contents of the SEPM database

 

 

To remove and re-add the user account for the mssdbconnector proxy 

  1. Open cmd or powershell
  2. Type: cd
    ...then paste the installation location. Be sure to leave a space after cd
     
  3. To enter the scripts folder, type: cd scripts
  4. To start the configuration console for mssdbconector, type: console.bat
  5. To delete a proxy username account within mssdbconnector, type: 4
  6. At the "Enter IP Address:" prompt, type the IP address of the management interface of the CIU.
  7. At the "Enter User Name:" prompt, type the name of the proxy username shared between mssdbconnector and the CIU.
  8. If any message other than "Successfully deleted SGS user" appears, repeat steps 5-7.
  9. To add a proxy username account within mssdbconnector, type: 1
  10. At the "Enter IP Address:" prompt, type the IP address of the management interface of the CIU.
  11. At the "Enter User Name:" prompt, type the name of the proxy username shared between mssdbconnector and the CIU.
  12. At the "Enter password:" prompt, type the password for the proxy username shared between mssdbconnector and the CIU
  13. At the "Confirm password:" prompt, re-type the same password.
  14. At the "Enter DB user name:" prompt, type: dba
  15. At the "Enter new DB password:" prompt, type the correct password for the dba account within the SEPM embedded database.
  16. At the "Confirm password:" prompt, re-type the correct password for the dba account within the SEPM embedded database.

 

  

To troubleshoot connectivity for SEPM Embedded Database

  1. On the machine where SEPM is installed, open "Programs and Features" within the Control Panel
  2. Examine list of programs looking for any Program whose description includes "SQL". If present, remove before continuing.
  3. Open cmd or powershell prompt
  4. To list running processes with port 8081 open, type: 
    netstat –ao | find “8081”

    The final column of output from this command will include the Process Identifier (PID) for the process with the port open.
     
  5. To identify the processname of the running process, type: 
    tasklist | grep PID

    ...where PID is the number in the final column of output from the netstat command in step 4.
     
  6. If the processname of any running process with port 8081 is something other than prunserv.exe, identify and reconfigure the process to use another port.
  7. In services.msc, Examine Properties of “Symantec DB Connector” service to identify installation location. 
  8. At the admin command line interface (CLI) of the CIU, type: 
    SystemStatusAndConnectivityCheck
     
  9. If the SystemStatusAndConnectivityCheck shows that the Management Port Status is anything other than "Active", troubleshoot and resolve this issue before continuing.
  10. Note the Received Bytes and Transmitted Bytes of the mgmt._port. 
  11. Wait six minutes, then run SystemStatusAndConnectivityCheck again.
  12. Compare the Received Bytes and Transmitted Bytes of the mgmt_port from the second run to the Received Bytes and Transmitted Bytes of the mgmt._port from the first run to see whether these numbers both increase. If these number do not both increase, check the configuration of the upstream device.
  13. If symptoms persist, contact Support for assistance with raising logging level of synapse to debug level to trace through the behavior