Clients are unable to connect to SEPM - ersecreg error: Data invalid - Unable to parse decrypted data

book

Article ID: 197304

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Clients are unable to connect to SEPM after adding a replication server, or new SEPM to the environment. 

ersecreg-a.log example:  
08/10 05:02:43 [461336:466208] 4 Bad format. 
08/10 05:02:43 [461336:466208] xxx.xxx.xxx.xxx--FAILED 
08/10 05:08:10 [461336:457880] <CHttpReg::ProcessReq> [xxx.xxx.xxx.xxx] Processing Reg request from Client,TotalRegistrationsProcessed: 1 
08/10 05:08:10 [461336:457880] <CHttpReg::ProcessReq> Post Data ContentLength = 2272, Configured MaxPostDataLength = 8192. 
08/10 05:08:10 [461336:457880] <CHttpReg::ParseData> Data invalid - Unable to parse decrypted data: ¾[email protected]<ý¹ˆ®$"ÖÙ]){t«=ƒô"C”ÐÍZø¥kÃ`e’›œ0nŒ¿óӘ쑒T(w+h€|«OÊôýòvߧÅ`ÙF­    yò‡•iz¯â¹â¼—92§âõ„°Ÿ“Œéày6äK@ÒÇMf¸» C*×ÁDpåÉò-[:G*    oͧ*«Ld‘1

Secars,hello test on clients fail. 

Cause

New server replicated incorrect KCS values.

Verify server KCS values. If it is found that the client's sylink, and the sylink found in %Program Files%\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent are the same, however the KCS value in the conf.properties are incorrect, follow the resolution in this article. 

Resolution

  1. Stop the SEPM services.
  2. Create a copy of the conf.properties file located here: %Program Files%\Symantec\Symantec Endpoint Protection Manager\Tomcat\etc to another location.
  3. Look for the KCS entry in the file.
    example: 
    scm.agent.kcs=3169**********************26F59D 
  4. Replace this entry with the correct entry from another SEPM, or the KCS value found in the clients sylink. 
  5. Once replaced save the file, then cut and paste the new file to back to: %Program Files%\Symantec\Symantec Endpoint Protection Manager\Tomcat\etc
  6. Choose "replace conf.properties" when prompted that another file with the same name exist. 
  7. Start the SEPM services