Endpoint Protection Manager (SEPM) failed to upgrade with error - "Failed to set Symantec Endpoint Protection Manager service account ACLs"
The error appears at the stage of creating services (85%/86%) in Management Server Configuration.
Following errors appear in the logs mentioned below:
upgrade-x.log:
020-12-22 20:30:11.098 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060
2020-12-22 20:30:11.098 THREAD 30 INFO: SemServiceManager> getServiceStatus>> Retrieve status for service SepBridgeUploaderSrv
2020-12-22 20:30:11.285 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060
configurationwizard-X.log :
2020-12-22 23:30:42.700 THREAD 29 WARNING: SemServiceManager> uninstallServiceByName>> Trying to uninstall semsrv service, #: 1
2020-12-22 23:30:42.903 THREAD 29 INFO: SemServiceManager> uninstallServiceByName>> Uninstall service semsrv, return code = 0
2020-12-22 23:30:44.059 THREAD 29 SEVERE: Error code from sc query: 1060
Application event log:
Date Log Event Type Source Computer User Event ID Description Details
12/23/2020 5:49:07 AM Application Error Apache Service <Server Name>.axisb.com 3299 "The description for Event ID '3299' in Source 'Apache Service' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'The Apache service named', '', 'reported the following error:
>>>', '(20024)The given path is misformatted or contained invalid characters: AH00532: Invalid config file path D:\\SEPM\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\apache\\conf\\httpd.conf', '', '', '', '', ''"
AC Rule 17.1.1 appeared to causing the issue on SEPM client.
SEP Control logs shows all blocked events:
Time Stamp | Event Type | Event Time | Severity | Host Name | Action | Test Mode | Description | API | Encoded API Name | Begin Time | End Time | Rule ID | Rule Name | Caller Process ID | Caller Process Name | Return Address | Return Module | Target | Alert | Send Snmp Trap | User Name | File Size | Device ID | IP Address | Domain Name | Site Name | Server Name | Group Name | Computer Name | Action Type | Repetition |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:54 | 23/12/2020 11:34:54 | Windows processes protection | [AC17-1.1] Block writing code | 1320 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs | 0 | 0 | SEPM | 64046 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:54 | 23/12/2020 11:34:54 | Windows processes protection | [AC17-1.1] Block writing code | 1320 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs | 0 | 0 | SEPM | 74083 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:55 | 23/12/2020 11:34:55 | Windows processes protection | [AC17-1.1] Block writing code | 2848 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs | 0 | 0 | SEPM | 64046 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:55 | 23/12/2020 11:34:55 | Windows processes protection | [AC17-1.1] Block writing code | 2848 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs | 0 | 0 | SEPM | 74083 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:55 | 23/12/2020 11:34:55 | Windows processes protection | [AC17-1.1] Block writing code | 8128 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs | 0 | 0 | SEPM | 64046 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:55 | 23/12/2020 11:34:55 | Windows processes protection | [AC17-1.1] Block writing code | 8128 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs | 0 | 0 | SEPM | 74083 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:56 | 23/12/2020 11:34:56 | Windows processes protection | [AC17-1.1] Block writing code | 2964 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs | 0 | 0 | SEPM | 64046 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:57 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:56 | 23/12/2020 11:34:56 | Windows processes protection | [AC17-1.1] Block writing code | 2964 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs | 0 | 0 | SEPM | 74083 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:52 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:51 | 23/12/2020 11:34:51 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\collectLog.cmd | 0 | 0 | SEPM | 19770 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:52 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:34:51 | 23/12/2020 11:34:51 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\LogUtils.vbs | 0 | 0 | SEPM | 4845 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx | 0 | 0 | SEPM | 137784 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx | 0 | 0 | SEPM | 143416 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDDateTm.ocx | 0 | 0 | SEPM | 142392 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPCtls.ocx | 0 | 0 | SEPM | 514104 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPDlgs.ocx | 0 | 0 | SEPM | 491576 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ldvpui.ocx | 0 | 0 | SEPM | 273464 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LotNtsUI.ocx | 0 | 0 | SEPM | 139320 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx | 0 | 0 | SEPM | 146152 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 | |
23/12/2020 14:01:14 | Application Control Rules | 23/12/2020 11:35:02 | Critical | xyz | Block | 0 | - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 | File Write | 0 | 23/12/2020 11:33:57 | 23/12/2020 11:33:57 | Windows processes protection | [AC17-1.1] Block writing code | 5672 | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe | 0 | No Module Name | D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx | 0 | 0 | SEPM | 152808 | SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 | X.X.X.X | Domainid | Site XYZ | XYZ | My Company\XYZ | XYZ | Block | 1 |
Disable the Application control rule 17.1.1 applied to the group and update client to take the policy change.
Run the Management server configuration. It should proceed and complete successfully, for the above mentioned cause.