SEPM Controller cannot connect after configuration settings import

book

Article ID: 208385

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You exported the EDR configuration settings. You are able to successfully import the configuration settings file, but when you open the SEPM Controller Connection dialog box and add the SEPM password, you see the following error message:

SEPM communication has encountered an unexpected error

Cause

After you exported the configuration settings file, one or more SEPM groups were removed from your SEPM server or rename before you imported the configuration settings file onto the EDR appliance.

Environment

Symantec EDR 4.6 and later.

Resolution

Do the following on current EDR appliance before importing the EDR configuration settings file:

  1. In the EDR appliance console, click Settings > Global.
  2. Scroll down to Endpoint Communication Channel, SEP Policies, and Endpoint Activity Recorder label.
  3. Beside the Symantec Endpoint Protection Manager (SEPM) Web Servers list, click the kebab menu (three vertical dots), and select SEPM Group Inclusions.
  4. Click Refresh SEPM Groups.  
  5. Click the delete icon beside every SEPM group that was removed.  
  6. Click Save.
  7. Re-export the EDR configuration settings again.  
  8. Delete the SEPM Controller from the new EDR appliance.  

You can now re-import the new configuration settings to the new EDR appliance.

Additional Information

If the original EDR appliance is not available to perform the above task, you can do the following:

If the SEPM Controller configuration settings are not yet imported to the new EDR appliance:

  1. Exact the exported zip file into a "settings" folder.   
  2. Edit both the edr.json and sedr.json (which contains the SEPM Controller settings) and delete the groups that were removed or change the names of the groups that had been renamed.  Important:   Carefully edit the .json files to avoid syntax errors.  
  3. Save the .json files, create a new zip file for the "settings" folder.  Use the new zip file for the import.

If the SEPM Controller configuration settings were successfully imported, do the following:

  1. Delete the SEPM Controller configuration from new EDR appliance.
  2. Edit the edr.json and sedr.json files to delete the removed groups or rename groups. 
  3. Then re-import the SEPM Controller configuration settings.