search cancel

Status of SEPM Controller connection is "Authentication error"

book

Article ID: 225661

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Status of SEPM Controller connection is "Authentication error".

Previously, the status was "Healthy" and no changes were made to the configuration of the SEPM Controller connection on the Settings > Global page of EDR UI.

Cause

Multiple possible causes: 

  • cannot connect from EDR to SEPM,
  • name resolution fails
  • cannot create an SSL connection from EDR to SEPM,
  • SSL certificate expired
  • invalid credentials for connecting to SEPM

Resolution


To test for basic TCP connectivity, use tcp_check -t IP_OF_SEPM
To check name resolutions, use tcp_check -t NAME_OF_SEPM
To test for SSL connectivity, use tcp_check -s NAME_OF_SEPM
To test SEPM credentials, use those credentials to login to SEPM

DNS checks, check certificate for SAN entries and expiration date. 

record pcap while editing and saving SEPM Controller connection