Symantec Download Manager unable to reach cloud resources
search cancel

Symantec Download Manager unable to reach cloud resources

book

Article ID: 221136

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete Endpoint Protection

Issue/Introduction

You created the Symantec Endpoint Security (SES) Cloud agent (Symantec_Agent_setup.exe) from the Integrated Cyber Defense Manager (ICDm). When you launch the Symantec Endpoint Security (SES) Cloud agent installation (Symantec_Agent_setup.exe) on a Windows system, it failed with the following error messages.

Environment

SES, SEP 14.x

Cause

FSDLauncher.Log
2021-06-12-01-31-22-146 : 0x15B0 : Error : Unable to connect https://usea1.r3.securitycloud.symantec.com/r3_epmp_i/status, hr 0x80072F8F

Resolution

Use PSEXEC.EXE to SPOC Test with SYSTEM account and determine if Symantec Endpoint Security (SES) is able to communicate with Symantec the ICDm cloud console and connect specific URLs that Symantec owns to perform multiple functions.   The following procedure is provided as an example of how you can use the Microsoft SysInternal tool PsExec.exe to test the connections.  

For a free download of PsExec.exe, and information about this tool, visit PsTools Jump on the Windows Sysinternals website on TechNet.
 
Download PSExec from Microsoft Sysinternal tools
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

We will use the PSExec tool here to do a SPOC Test with the SYSTEM account.  SPOC is the Cloud notification service that gets used to notify the client to check into the cloud services.

1. Copy or move the psexec.exe to a new folder ‘Ex: C:\test’

2. Go to the DOS Command Prompt as the local Administrator

3. Run Powershell.exe

4. Type the following command to launch a second Powershell cmdlet

Start-Process -FilePath cmd.exe -Verb Runas -ArgumentList '/k C:\Path\To\psexec.exe -i -s powershell.exe'

Note: The path to the psexec.exe should be C:\test\psexec.exe

5. Type the command to validate the SYSTEM account

whoami

Expected result - NT authority\system

6. Invoke the following test commands

Test-NetConnection sep.securitycloud.symantec.com -Port 443
Test-NetConnection usea1.r3.securitycloud.symantec.com -Port 443
Test-NetConnection us.spoc.securitycloud.symantec.com -Port 443
Test-NetConnection usea1.r3.securitycloud.symantec.com -Port 443
Test-NetConnection liveupdate.symantec.com -Port 443
Test-NetConnection liveupdate.symantecliveupdate.com -Port 443

 

Example of the results you will get:

  Test-NetConnection us.spoc.securitycloud.symantec.com -Port 443
  Expected result
  ComputerName     : us.spoc.securitycloud.symantec.com
  RemoteAddress    : <REMOTE IP>
  RemotePort       : 443
  InterfaceAlias   : tap91327765-c0
 SourceAddress    : <Local IP>
 TcpTestSucceeded : True

7. Type Exit to quit

If any of the above tests fail, please consult your local network administrator to help determine why.  A failure of the above is a result of a bad network path.

Additional Information

External URLs required for Symantec Endpoint Protection (SEP) and Symantec Endpoint Security (SES)


Firewall requirements

Another cause for the same error could be a missing certificate.

Please verify that the certificate for usea1.r3.securitycloud.symantec.com is installed as per this article: Installing root certificates

Powered by Wolken Software