Database schema is not upgraded during upgrade to Endpoint Protection Manager 14.3 RU1

book

Article ID: 204664

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

During the upgrade to Symantec Endpoint Protection Manager (SEPM) 14.3 RU1 you are prompted to upgrade the schema of the database. Once you click "Yes" the progress bar flashes up and then disappears and all windows are closed. There is no indication that the upgrade is taking place. The upgrade of the database never happens. Furthermore, when you try to log into the SEPM you are greeted with a message:

"Failed to connect to the server.

Make sure that server is running and your session has not timed out.

If you can reach the server but cannot log on, make sure that you provided the correct parameters.

If you are experiencing network issues, contact your system administrator."

Upgrade-0.log

2020-12-07 16:49:12.069 THREAD 1 SEVERE: Exception in thread "Upgrade" 
2020-12-07 16:49:12.069 THREAD 1 SEVERE: java.lang.NoClassDefFoundError: com/rsa/jsafe/provider/JsafeJCE
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at com.sygate.scm.server.util.RecoveryData.composeRecoveryDataFile(RecoveryData.java:618)
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at com.sygate.scm.server.upgrade.ui.Main.createRecoveryFile(Main.java:874)
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at com.sygate.scm.server.upgrade.ui.Main.executePreLaunchSteps(Main.java:534)
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at com.sygate.scm.server.upgrade.ui.Main.<init>(Main.java:421)
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at com.sygate.scm.server.upgrade.ui.Main.main(Main.java:1142)
2020-12-07 16:49:12.084 THREAD 1 SEVERE: Caused by: java.lang.ClassNotFoundException: com.rsa.jsafe.provider.JsafeJCE
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
2020-12-07 16:49:12.084 THREAD 1 SEVERE:  ... 5 more

Install_log.err

Dec 7, 2020 4:46:57 PM STDERR: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:6e1cbaa4-96e8-42db-944e-531d9949aa44
Dec 7, 2020 4:46:57 PM STDERR: at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3151)
Dec 7, 2020 4:46:57 PM STDERR: at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1912)
Dec 7, 2020 4:46:57 PM STDERR: at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2708)
Dec 7, 2020 4:46:57 PM STDERR: at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2362)
Dec 7, 2020 4:46:57 PM STDERR: at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2213)
Dec 7, 2020 4:46:57 PM STDERR: at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1276)
Dec 7, 2020 4:46:57 PM STDERR: at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:861)
Dec 7, 2020 4:46:57 PM STDERR: at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
Dec 7, 2020 4:46:57 PM STDERR: at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:228)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.server.db.util.DBConnectionProxy.getConnectionFromDriverManager(DBConnectionProxy.java:414)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.server.db.util.MSJDBCDriver.getConnection(MSJDBCDriver.java:182)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.server.db.util.JDBCDriver.getDatabaseConnectionWithNTLMv2Retry(JDBCDriver.java:192)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.server.db.util.DatabaseUtilities.getDatabaseConnectionWithNTLMv2Retry(DatabaseUtilities.java:617)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.server.db.util.DatabaseUtilities.getDatabaseConnectionWithNTLMv2Retry(DatabaseUtilities.java:596)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.server.db.util.DbUtil.isServerCertTrusted(DbUtil.java:3025)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.server.db.util.DbUtil.checkTrustServerCert(DbUtil.java:2955)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.install.ui.SqlPropPanel.checkTrustServerCert(SqlPropPanel.java:1989)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.install.ui.SqlPropPanel.getNextStage(SqlPropPanel.java:845)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.install.ui.MainFrame.nextBtnActionPerformed(MainFrame.java:4693)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.install.ui.MainFrame$5$1.construct(MainFrame.java:4383)
Dec 7, 2020 4:46:57 PM STDERR: at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:151)
Dec 7, 2020 4:46:57 PM STDERR: at java.base/java.lang.Thread.run(Thread.java:834)
Dec 7, 2020 4:46:57 PM STDERR: Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

 

Cause

This issue can occur if cryptoj.jar is missing from the \jre11\lib folder during the database schema upgrade.

Resolution

This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 RU1 (14.3.3385). For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

Workaround:

As a workaround, you can rerun the FIPSMode.vbs script to restore cryptoj.jar and perform the upgrade.  Use the following steps. 

  1. Verify the database schema issue is specifically for the missing cryptoj.jar file by looking for the "java.lang.NoClassDefFoundError: com/rsa/jsafe/provider/JsafeJCE" error in upgrade.log
    • In addition, verify cryptoj.jar is missing from C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\jre11\lib.

  2. Once you've confirmed these things: open a command prompt with admin and change directory to the SEPM's bin directory (e.g. C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin)

  3. Run the following command from the bin folder:
    FIPSMode.vbs -install

  4. Check jre11\lib folder to verify the cryptoj.jar is now there.

  5. Open services and ensure that all the SEPM services are stopped.  (Symantec Endpoint Protection Launcher, Manager, Manager API Service, and Webserver.) 

  6. Relaunch the database schema upgrade wizard by running the following command from the SEPM's bin directory: 
    Upgrade.bat