SEPM failed to upgrade with error - Failed to set Symantec Endpoint Protection Manager service account ACLs

book

Article ID: 205610

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

SEPM failed to upgrade with error - "Failed to set Symantec Endpoint Protection Manager service account ACLs"

The error appears at the stage of creating services (85%/86%) in Management Server Configuration.

From logs:

in error-upgrdation.log:

020-12-22 20:30:11.098 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060
2020-12-22 20:30:11.098 THREAD 30 INFO: SemServiceManager> getServiceStatus>> Retrieve status for service SepBridgeUploaderSrv
2020-12-22 20:30:11.285 THREAD 30 SEVERE: SemServiceManager> getServiceStatus>> Error code from sc query: 1060

and in configurationwizard-0.log I can see:

2020-12-22 23:30:42.700 THREAD 29 WARNING: SemServiceManager> uninstallServiceByName>> Trying to uninstall semsrv service, #: 1
2020-12-22 23:30:42.903 THREAD 29 INFO: SemServiceManager> uninstallServiceByName>> Uninstall service semsrv, return code = 0
2020-12-22 23:30:44.059 THREAD 29 SEVERE: Error code from sc query: 1060

Application event log:

Date Log Event Type Source Computer User Event ID Description Details
12/23/2020 5:49:07 AM Application Error Apache Service <Server Name>.axisb.com  3299 "The description for Event ID '3299' in Source 'Apache Service' cannot be found.  The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them.  The following information is part of the event:'The Apache service named', '', 'reported the following error:
>>>', '(20024)The given path is misformatted or contained invalid characters: AH00532: Invalid config file path D:\\SEPM\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection Manager\\apache\\conf\\httpd.conf', '', '', '', '', ''"

Cause

It was identified as AC Rule 17.1.1 applied to the group where this SEP client was reporting.

SEP Control logs shows all blocked events:

Time Stamp Event Type Event Time Severity Host Name Action Test Mode Description API Encoded API Name Begin Time End Time Rule ID Rule Name Caller Process ID Caller Process Name Return Address Return Module Target Alert Send Snmp Trap User Name File Size Device ID IP Address Domain Name Site Name Server Name Group Name Computer Name Action Type Repetition
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:54 23/12/2020 11:34:54   Windows processes protection | [AC17-1.1] Block writing code 1320 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs 0 0 SEPM 64046 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:54 23/12/2020 11:34:54   Windows processes protection | [AC17-1.1] Block writing code 1320 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs 0 0 SEPM 74083 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:55 23/12/2020 11:34:55   Windows processes protection | [AC17-1.1] Block writing code 2848 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs 0 0 SEPM 64046 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:55 23/12/2020 11:34:55   Windows processes protection | [AC17-1.1] Block writing code 2848 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs 0 0 SEPM 74083 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:55 23/12/2020 11:34:55   Windows processes protection | [AC17-1.1] Block writing code 8128 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs 0 0 SEPM 64046 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:55 23/12/2020 11:34:55   Windows processes protection | [AC17-1.1] Block writing code 8128 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs 0 0 SEPM 74083 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:56 23/12/2020 11:34:56   Windows processes protection | [AC17-1.1] Block writing code 2964 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\FIPSMode.vbs 0 0 SEPM 64046 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:57 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:56 23/12/2020 11:34:56   Windows processes protection | [AC17-1.1] Block writing code 2964 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\IISConfig.vbs 0 0 SEPM 74083 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:52 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:51 23/12/2020 11:34:51   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\collectLog.cmd 0 0 SEPM 19770 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:52 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:34:51 23/12/2020 11:34:51   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\LogUtils.vbs 0 0 SEPM 4845 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx 0 0 SEPM 137784 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx 0 0 SEPM 143416 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDDateTm.ocx 0 0 SEPM 142392 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPCtls.ocx 0 0 SEPM 514104 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LDVPDlgs.ocx 0 0 SEPM 491576 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\ldvpui.ocx 0 0 SEPM 273464 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\93843b9ab15fd5687f9a146365980e1b\FULL\Program Files\Symantec\Name\Version\Bin\LotNtsUI.ocx 0 0 SEPM 139320 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\ExchngUI.ocx 0 0 SEPM 146152 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1
23/12/2020 14:01:14 Application Control Rules 23/12/2020 11:35:02 Critical xyz Block 0  - Caller MD5=57835fc149cef44bc1c6276a1d7e12c7 File Write 0 23/12/2020 11:33:57 23/12/2020 11:33:57   Windows processes protection | [AC17-1.1] Block writing code 5672 D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SetACL.exe 0 No Module Name D:\SEPM\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\a5453c30623a2c9ef51bb9c28389206d\full\Program Files\Symantec\Name\Version\Bin\IMailUI.ocx 0 0 SEPM 152808 SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000100 X.X.X.X Domainid Site XYZ XYZ My Company\XYZ XYZ Block 1

Environment

Release :SEP 14.3 MP1

Component :

Resolution

Disable the Application control rule 17.1.1 applied to the group and update client to take the policy change.

Run the Management server configuration. It should proceed and complete successfully, for the above mentioned cause.

Attachments