Upgrade to SEPM 14.3 RU2 failed during SQL DB Upgrade - Management Service will not start

book

Article ID: 224286

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Upgrade to SEPM 14.3 RU2 failed during SQL DB Upgrade and the Management Service will not start and stay running.

The Upgrade.log shows a sequence of errors:

2021-08-24 15:00:50.828 THREAD 20 SEVERE: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:3d3c7e7d-b289-4182-acb3-1910860e68772021-08-24 15:00:50.828 THREAD 20 SEVERE: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". ClientConnectionId:3d3c7e7d-b289-4182-acb3-1910860e68772021-08-24 15:00:50.828 THREAD 20 SEVERE: at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3151)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1912)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2708)

2021-08-24 15:00:50.828 THREAD 20 SEVERE: Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)

2021-08-24 15:00:50.828 THREAD 20 SEVERE: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.validator.Validator.validate(Validator.java:264)

2021-08-24 15:00:50.828 THREAD 20 SEVERE: Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)2021-08-24 15:00:50.828 THREAD 20 SEVERE: at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)

Environment

Release : 14.3 RU2

Component :

Resolution

Please run content cleanup tool, attached bat file here: ContentCleanupTool.bat
Link: https://ent.box.com/s/cac3qq0y7bfh2ixi795h9apiy4gzsx9k

Run this bat file on all SEPMs to upgrade.

  1. Take sepm db backup.
  2. Stop all sepm services.
  3. Copy attached bat file to <sepm>\Tools
  4. Run bat file.
  5. Run dbvalidator to verify db validation. (https://knowledge.broadcom.com/external/article/151525/)
  6. Restart all sepm services.
  7. Do sepm upgrade.