After successful upgrade no SEPMs will log in correctly with any account.
search cancel

After successful upgrade no SEPMs will log in correctly with any account.


Article ID: 227704


Updated On:


Endpoint Protection


After a successful upgrade of a Symantec Endpoint Protection SITE and DATABASE with no errors in the install.out logs you are unable to log onto any SEPM for that specific site. Login attempts time out slowly. 

If you join a fresh Symantec Endpoint Protection Manager to that site or a Symantec Endpoint Protection Manager from a different site it will log in normally.


Windows 2012, Windows 2016, Windows 2019 on all Builds and Service packs


ODBC and or SQL Tools were recently updated in a Windows Update session.  This update requires rebooting and until the reboot(s) can occur the SEPM login will make incorrect calls to the new installed ODBC\SQL tools and throw the below error in the SCM Server logs.

This error will only occur AFTER a SQL timeout limit is reached.

Caused by: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Unexpected rethrowing".
Caused by: Unexpected rethrowing
Caused by: SQL Server did not return a response. The connection has been closed. ClientConnectionId:30588a22-17e9-4190-9ca8-5518da9d7129
Caused by: The TCP/IP connection to the host (System Name), port 1445 has failed. Error: "connect timed out. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".


Until two reboots are completed the ODBC\SQL calls may still be sent to the incorrect internal local resource timing out the login request. 

In the observed case that created this KB the 2016 device required one reboot to finalize the KB install from Microsoft Update,  and still produced the listed error above until a second subsequent reboot occurred.   No changes were made to the observed device except the two reboots and login tests in between.