Unable to log into the Symantec Endpoint Protection Manager [SEPM] , with "Unexpected error 0x1001000" displayed.
Additionally, Following Error are seen in the different logs:
"%Program Files%\Symantec\Symantec Endpoint Protection Manager\apache\logseporting.log"
2025-05-15 10:07:05Z ERROR: fatal error at login: \nEXCEPTION block1: Error message: <b>Source:</b> Microsoft OLE DB Provider for ODBC Drivers<br/><b>Description:</b> [Microsoft][ODBC Driver 13 for SQL Server]SSL Provider: The target principal name is incorrect.
\nError code: -2147352567\nFile and line: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Php\Include\Common\ado.php(89)\n
2025-05-15 10:07:06Z ERROR: could not find valid username in session
2025-05-15 10:07:06Z ERROR: request authentication check failed, retryTimes: 1, will retry! - file: homepage.php
2025-05-15 10:07:07Z ERROR: could not find valid username in session
2025-05-15 10:07:07Z ERROR: request authentication check failed, retryTimes: 2, will retry! - file: homepage.php
2025-05-15 10:07:08Z ERROR: could not find valid username in session
2025-05-15 10:07:08Z ERROR: request authentication check failed, maxRetryTimes: 3 - file: homepage.php
2025-05-15 10:09:11Z ERROR: updateLicenseState failed: Response code is not 0, return xml=<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Response/>
2025-05-15 10:09:11Z INFO: Ssl client verification not successful so not getting the client certificate
2025-05-15 10:09:12Z ERROR: updateLicenseState failed: Response code is not 0, return xml=<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Response/>
2025-05-15 10:09:12Z INFO: Ssl client verification not successful so not getting the client certificate
2025-05-15 10:09:19Z INFO: Login start
2025-05-15 10:09:20Z WARNING: warning: error at login. will retry, retryTimes: 1. Error message: <b>Source:</b> Microsoft OLE DB Provider for ODBC Drivers<br/><b>Description:</b> [Microsoft][ODBC Driver 13 for SQL Server]SSL Provider: The target principal name is incorrect.
"%Program Files (x86)%\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\scm-server-0.log"
2025-05-20 15:08:28.288 THREAD 58 SEVERE: Unexpected parameter value. in: com.sygate.scm.server.task.ScheduledReportingTask
com.sygate.scm.server.util.ServerException: Unexpected parameter value.
at com.sygate.scm.server.task.ScheduledReportingHelper.doIntegratedLogin(ScheduledReportingHelper.java:675)
at com.sygate.scm.server.task.ScheduledReportingTask.execute(ScheduledReportingTask.java:464)
at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:56)
at java.base/java.util.TimerThread.mainLoop(Timer.java:556)
at java.base/java.util.TimerThread.run(Timer.java:506)
"%Program Files (x86)%\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\Upgrade-0.log"2025-05-15 16:06:30.635 THREAD 28 WARNING: tryGetSQLExpressDbaConnection: can not get exception for: sa due to: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:32fda511-1adb-494b-aa45-82bee587912c
2025-05-15 16:06:30.635 THREAD 28 INFO: getDatabaseConnectionWithNTLMv2Retry, jdbcURL: jdbc:sqlserver://SEPM_Server_Name:2638;instanceName=SQLEXPRESSSYMC;integratedSecurity=false;encrypt=true;trustServerCertificate=false, user: DBA
SEPM with an embedded database, likely with a custom SSL certificate. Either configured with only IP addresses, or customized to work within a dmz.
The issue is with a broken communication link between the web server (meaning php running on Apache) and the database. In this case the certificate presented by the database cannot be trusted due to the Target Principal name being invalid.
In an embedded SQL Express database, SEPM is configured to connect to the database with the host name. If, for example, the certificate used by the database has only the IP address in the CN, then it will not be able to verify the certificate.
Take a backup of "ROOT.XML" file present in "%Program Files (x86)%\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost"
Make the following changes in the "ROOT.XML"
encrypt=true
to
encrypt=false
Set the ForceEncryption to No (https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver1)
Restart the SEPM services