Endpoint Protection Manager failed to upgrade with error - Failed to set Symantec Endpoint Protection Manager service account ACLs
search cancel

Endpoint Protection Manager failed to upgrade with error - Failed to set Symantec Endpoint Protection Manager service account ACLs

book

Article ID: 205610

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Endpoint Protection Manager (SEPM) failed to upgrade with error - "Failed to set Symantec Endpoint Protection Manager service account ACLs"

The error appears at the stage of creating services (85%/86%) in Management Server Configuration.

Following errors appear in the logs mentioned below:

upgrade-x.log:

202x-12-22 20:30:11.098 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060
202x-12-22 20:30:11.098 THREAD 30 INFO: SemServiceManager> getServiceStatus>> Retrieve status for service SepBridgeUploaderSrv
202x-12-22 20:30:11.285 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060

configurationwizard-X.log :

202x-12-22 23:30:42.700 THREAD 29 WARNING: SemServiceManager> uninstallServiceByName>> Trying to uninstall semsrv service, #: 1
202x-12-22 23:30:42.903 THREAD 29 INFO: SemServiceManager> uninstallServiceByName>> Uninstall service semsrv, return code = 0
202x-12-22 23:30:44.059 THREAD 29 SEVERE: Error code from sc query: 1060
Application event log:

Date Log Event Type Source Computer User Event ID Description Details

12/23/202x 5:49:07 AM Application Error Apache Service <Server Name>.<yourdomain>.com  3299 "The description for Event ID '3299' in Source 'Apache Service' cannot be found.  The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them.  The following information is part of the event:'The Apache service named', '', 'reported the following error:
>>>', '(20024)The given path is misformatted or contained invalid characters: AH00532: Invalid config file path D:\\SEPM\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\apache\\conf\\httpd.conf', '', '', '', '', ''"

Cause

AC Rule 17.1.1 appeared to causing the issue on SEPM client.

SEP Control logs shows all blocked events:

Time Stamp
Event Type
Event Time
Severity
Host Name
Action
Test Mode
Description
API
Encoded API Name
Begin Time
End Time
Rule ID
Rule Name
Caller Process ID
Caller Process Name
Return Address
Return Module
Target
Alert
Send Snmp Trap
User Name
File Size
Device ID
IP Address
Domain Name
Site Name
Server Name
Group Name
Computer Name
Action Type
Repetition
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:54
23/12/202x 11:34:54
 
Windows processes protection | [AC17-1.1] Block writing code
1320
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs
0
0
SEPM
64046
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:54
23/12/202x 11:34:54
 
Windows processes protection | [AC17-1.1] Block writing code
1320
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs
0
0
SEPM
74083
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:55
23/12/202x 11:34:55
 
Windows processes protection | [AC17-1.1] Block writing code
2848
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs
0
0
SEPM
64046
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:55
23/12/202x 11:34:55
 
Windows processes protection | [AC17-1.1] Block writing code
2848
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs
0
0
SEPM
74083
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:55
23/12/202x 11:34:55
 
Windows processes protection | [AC17-1.1] Block writing code
8128
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs
0
0
SEPM
64046
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:55
23/12/202x 11:34:55
 
Windows processes protection | [AC17-1.1] Block writing code
8128
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs
0
0
SEPM
74083
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:56
23/12/202x 11:34:56
 
Windows processes protection | [AC17-1.1] Block writing code
2964
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs
0
0
SEPM
64046
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:57
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:56
23/12/202x 11:34:56
 
Windows processes protection | [AC17-1.1] Block writing code
2964
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs
0
0
SEPM
74083
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:52
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:51
23/12/202x 11:34:51
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\collectLog.cmd
0
0
SEPM
19770
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:52
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:34:51
23/12/202x 11:34:51
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\LogUtils.vbs
0
0
SEPM
4845
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx
0
0
SEPM
137784
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx
0
0
SEPM
143416
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDDateTm.ocx
0
0
SEPM
142392
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPCtls.ocx
0
0
SEPM
514104
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPDlgs.ocx
0
0
SEPM
491576
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ldvpui.ocx
0
0
SEPM
273464
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LotNtsUI.ocx
0
0
SEPM
139320
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx
0
0
SEPM
146152
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1
23/12/202x 14:01:14
Application Control Rules
23/12/202x 11:35:02
Critical
xyz
Block
0
 - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7
File Write
0
23/12/202x 11:33:57
23/12/202x 11:33:57
 
Windows processes protection | [AC17-1.1] Block writing code
5672
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe
0
No Module Name
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx
0
0
SEPM
152808
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100
X.X.X.X
Domainid
Site XYZ
XYZ
My Company\XYZ
XYZ
Block
1

Resolution

Disable the Application control rule 17.1.1 applied to the group, then update the client to take the policy change

Run the Management Server Configuration Wizard

It should proceed, and for the above-mentioned cause, complete successfully