Endpoint Protection Manager (SEPM) failed to upgrade with error - "Failed to set Symantec Endpoint Protection Manager service account ACLs"
The error appears at the stage of creating services (85%/86%) in Management Server Configuration.
Following errors appear in the logs mentioned below:
upgrade-x.log:
202x-12-22 20:30:11.098 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060
202x-12-22 20:30:11.098 THREAD 30 INFO: SemServiceManager> getServiceStatus>> Retrieve status for service SepBridgeUploaderSrv
202x-12-22 20:30:11.285 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060
configurationwizard-X.log :
202x-12-22 23:30:42.700 THREAD 29 WARNING: SemServiceManager> uninstallServiceByName>> Trying to uninstall semsrv service, #: 1
202x-12-22 23:30:42.903 THREAD 29 INFO: SemServiceManager> uninstallServiceByName>> Uninstall service semsrv, return code = 0
202x-12-22 23:30:44.059 THREAD 29 SEVERE: Error code from sc query: 1060
Application event log:
Date Log Event Type Source Computer User Event ID Description Details
12/23/202x 5:49:07 AM Application Error Apache Service <Server Name>.<yourdomain>.com 3299 "The description for Event ID '3299' in Source 'Apache Service' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'The Apache service named', '', 'reported the following error:
>>>', '(20024)The given path is misformatted or contained invalid characters: AH00532: Invalid config file path D:\\SEPM\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\apache\\conf\\httpd.conf', '', '', '', '', ''"
AC Rule 17.1.1 appeared to causing the issue on SEPM client.
SEP Control logs shows all blocked events:
Time Stamp |
Event Type |
Event Time |
Severity |
Host Name |
Action |
Test Mode |
Description |
API |
Encoded API Name |
Begin Time |
End Time |
Rule ID |
Rule Name |
Caller Process ID |
Caller Process Name |
Return Address |
Return Module |
Target |
Alert |
Send Snmp Trap |
User Name |
File Size |
Device ID |
IP Address |
Domain Name |
Site Name |
Server Name |
Group Name |
Computer Name |
Action Type |
Repetition |
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:54 |
23/12/202x 11:34:54 |
Windows processes protection | [AC17-1.1] Block writing code |
1320 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs |
0 |
0 |
SEPM |
|
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:54 |
23/12/202x 11:34:54 |
Windows processes protection | [AC17-1.1] Block writing code |
1320 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs |
0 |
0 |
SEPM |
74083 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:55 |
23/12/202x 11:34:55 |
Windows processes protection | [AC17-1.1] Block writing code |
2848 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs |
0 |
0 |
SEPM |
64046 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:55 |
23/12/202x 11:34:55 |
Windows processes protection | [AC17-1.1] Block writing code |
2848 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs |
0 |
0 |
SEPM |
74083 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:55 |
23/12/202x 11:34:55 |
Windows processes protection | [AC17-1.1] Block writing code |
8128 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs |
0 |
0 |
SEPM |
64046 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:55 |
23/12/202x 11:34:55 |
Windows processes protection | [AC17-1.1] Block writing code |
8128 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs |
0 |
0 |
SEPM |
74083 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:56 |
23/12/202x 11:34:56 |
Windows processes protection | [AC17-1.1] Block writing code |
2964 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs |
0 |
0 |
SEPM |
64046 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:57 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:56 |
23/12/202x 11:34:56 |
Windows processes protection | [AC17-1.1] Block writing code |
2964 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs |
0 |
0 |
SEPM |
74083 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:52 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:51 |
23/12/202x 11:34:51 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\collectLog.cmd |
0 |
0 |
SEPM |
19770 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:52 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:34:51 |
23/12/202x 11:34:51 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\LogUtils.vbs |
0 |
0 |
SEPM |
4845 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx |
0 |
0 |
SEPM |
137784 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx |
0 |
0 |
SEPM |
143416 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDDateTm.ocx |
0 |
0 |
SEPM |
142392 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPCtls.ocx |
0 |
0 |
SEPM |
514104 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPDlgs.ocx |
0 |
0 |
SEPM |
491576 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ldvpui.ocx |
0 |
0 |
SEPM |
273464 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LotNtsUI.ocx |
0 |
0 |
SEPM |
139320 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx |
0 |
0 |
SEPM |
146152 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
|
23/12/202x 14:01:14 |
Application Control Rules |
23/12/202x 11:35:02 |
Critical |
xyz |
Block |
0 |
- Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 |
File Write |
0 |
23/12/202x 11:33:57 |
23/12/202x 11:33:57 |
Windows processes protection | [AC17-1.1] Block writing code |
5672 |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe |
0 |
No Module Name |
D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx |
0 |
0 |
SEPM |
152808 |
SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 |
X.X.X.X |
Domainid |
Site XYZ |
XYZ |
My Company\XYZ |
XYZ |
Block |
1 |
Disable the Application control rule 17.1.1 applied to the group, then update the client to take the policy change
Run the Management Server Configuration Wizard
It should proceed, and for the above-mentioned cause, complete successfully