SEDR UI reports "SEPM connection token refresh failed; verify SEPM login credentials"

book

Article ID: 198868

calendar_today

Updated On:

Products

Advanced Threat Protection Platform Endpoint Detection and Response

Issue/Introduction

The Symantec Endpoint Detection and Response (SEDR) User Interface (UI) reports "SEPM Connection token refresh failed; verify SPEM login credentials".  The issue may resolve itself, however will return within a couple of hours.

Cause

The token used to by SEDR to access the SEPM is not being refreshed properly.

Environment

Release :

Component :

Resolution

Option 1 - Remove and refresh the the SEPM token:

  1. Log in to SEPM Web Service Application Registration page using admin credentials and the URL: https://<IP_OF_SEPM>:8446/sepm
  2. Select the SEDR web service application (it will be labeled "Default/<SEPM_ADMIN_LISTED_IN_SEDR>:web")
  3. Click "Delete application"
  4. Refresh the SEPM credentials from within SEDR
    1. Login to the SEDR GUI
    2. Navigate to Settings -> Global -> Endpoint Communication Channel, SEP Policies, and Endpoint Activity Recorder ->
    3. Click the three ellipses next to the SEPM Controller and select  SEPM Controller Connection
    4. Re-enter the SEPM admin password
    5. Click "Save"

Option 2 - Remove the SEPM connection and configure a new connection:

  1. IMPORTANT: Copy information on the inclusions, exceptions, and all other settings configured before proceeding.
  2. In EDR's web user interface go to Settings > Global > Endpoint Communication Channel, SEP Policies, and Endpoint Activity Recorder  click on the three dots and click "remove."
  3. Click add server to re-add the SEPM controller connection.
    1. For specific steps and considerations on re-configuring the SEPM connection as a new connection see the latest version of the EDR documentation by searching for
      Configuring the Endpoint Communications Channel (ECC) after going to the Tech Docs Portal and entering Endpoint Detection and Response.  There you will be able to perform your search and review the needed documentation.

Additional Information

If this symptom happens once every 60 days because the password for the SEPM account expired, changing the password reset interval within SEPM may be needed. See:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/managing-groups-clients-and-administrators/managing-administrator-accounts-v17364367-d1e6/enabling-logon-passwords-to-never-expire-v109355090-d1e2062.html

Attachments