Endpoint Protection Manager displays an error which reads "Datastore error"

book

Article ID: 224739

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Admin > Servers page within the Symantec Endpoint Protection Manager (SEPM) displays an error which reads "Datastore error" on a regular basis.

Scm-server-0.log
2021-09-22 03:08:50.776 THREAD 11767 SEVERE: Datastore error in: com.sygate.scm.server.task.AgentAVLogCollector$ExecutorTask
java.lang.StringIndexOutOfBoundsException: start 1, end 0, length 1
 at java.base/java.lang.AbstractStringBuilder.checkRangeSIOOBE(AbstractStringBuilder.java:1724)

2021-09-22 03:08:50.919 THREAD 11769 SEVERE: Datastore error in: com.sygate.scm.server.task.AgentAVLogCollector$ExecutorTask
java.lang.StringIndexOutOfBoundsException: start 1, end 0, length 1

Cause

One or more Symantec Endpoint Protection clients is forwarding invalid logs to the SEPM. The SEPM is unable to process the invalid logs which generates the "Datastore error" AgentAVLogCollector$ExecutorTask error messages.

Resolution

The Scm-server-0.log and AgentAVLogCollector-ExecutionPool-1-0.log will allow you to isolate which client is sending invalid log record causing the SEVERE: Datastore error in: com.sygate.scm.server.task.AgentAVLogCollector$ExecutorTask java.lang.StringIndexOutOfBoundsException.

Location of the Tomcat logs: 
<Drive>:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs

Note:  You will need to enable finest logging (scm.log.loglevel=FINEST) in the conf.properties (\tomcat\etc) for verbose logging.

Enabling Tomcat server debugging for the Endpoint Protection Manager

Capture the Datastore error events from scm-server-log

  1. Open the scm-server-0.log.
  2. Locate the DataStore Error
  3. Take note of the Timestamp and THREAD ID for the for the Severe error

Example:

2021-09-22 03:08:50.776 THREAD 11767 SEVERE: Datastore error in: com.sygate.scm.server.task.AgentAVLogCollector$ExecutorTask
java.lang.StringIndexOutOfBoundsException: start 1, end 0, length 1
 

Locate the client(s) that sent Invalid Log Record

  1. Open the AgentAVLogCollector-ExecutionPool-1-0.log
  2. Search for the THREAD ID that you captured from the step 3 above
  3. Correlate the Timestamp and THREAD ID. Locate the Client


Example:

2021-09-22 03:08:50.764 THREAD 11767 WARNING: Error during AV record processing: com.sygate.scm.server.logreader.ParseException (3): Invalid log record:  Invalid dates found in log line. 33001C060F27,45,4,14,<CLIENT_COMPUTER_NAME>,SYSTEM,,,,


After you locate the client in question, upgrade to the latest version of SEP or cleanwipe and reinstall.