Symantec Endpoint Protection Manager unable to update over https from distribution center configured in Internet Information Services (IIS)

book

Article ID: 224584

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection Manager unable to update over https from distribution center configured in Internet Information Services (IIS) as per Article : 152461

From Lux.log:

20:43:36.329689 [Component List - END]

20:43:36.330687 [Session Initialization - START]

20:43:36.743717 Result code: 0x00010000

20:43:36.743717 Component Status Changes:

20:43:36.744711 None

20:43:36.744711 [Session Initialization - END]

20:43:36.745718 [Inventory Synchronization - BEGIN]

20:43:39.134901 Result Code: 0x00010000

20:43:39.134901 Result Message: OK

20:43:39.134901 Component Status Changes:

20:43:39.134901 None

20:43:39.135893 [Inventory Synchronization - END]

20:43:39.135893 [Server Selection - START]

*20:43:39.313904 Result Code: 0x80010830

20:43:39.314917 Result Message: FAIL - failed to select server*

20:43:39.314917 [Server - START]

20:43:39.314917 Host ID:

 

{4379D8E9-D658-40C7-B15B-717D81F104D0}

20:43:39.314917 Status Code: 1

20:43:39.314917 Status Message: Server was not selected

*20:43:39.315917 Transport Return Code: 0x80010732

20:43:39.315917 Transport Return Message: FAIL - file not found

20:43:39.315917 Protocol: HTTPS

Packet capture: With Self signed certificate

Connection failure during TLS handshake with Unknown CA error (IIS certificate is imported to Trusted Root CA Authorities in SEPM Server).

Cause

  • Self signed certificate
  • "Request filtering" enabled and extensions required to downloaded for LUA content not in ALLOW list.

Environment

Release : LUA 2.3.9

Component : NA

Resolution

  • Use CA Signed certificate instead of Self signed certificate
  • Add extensions as per Article ID : 223686 to ALLOW list of "Request filtering" in IIS

Additional Information

Related Articles:

Attachments