After upgrading a Symantec Endpoint Protection Manager (SEPM) to 14.3 RU3 build 5427 REST API requests are failing. In the semapisrv_log.YYY-MM-DD.log the error below may be present.
021-12-17 21:40:52,251 [https-openssl-apr-0.0.0.0-8446-exec-10] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: No subject alternative DNS name matching <name> found.
javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching <name> found.
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
Additional scenario - SEPM and EDR integration issue due to "Incorrect username, password, or domain provided for SEPM" error message.
In the semapisrv_log.YYY-MM-DD.log the error below may be present:
2022-02-16 16:56:45,583 [https-openssl-apr-0.0.0.0-8446-exec-2] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: Account is locked or invalid username, password, or domain.
com.symantec.sepm.core.exception.InvalidArgumentException: Account is locked or invalid username, password, or domain.
SEPM version 14.3.5427.3000
This occurs when the certificate does not include a host name entry SAN entry. Starting with 14.3.5427.3000, the host used for the connection must now match one of the subject names in the certificate.
Endpoint Protection Manager 14.3 (RU4) version 14.3.7388.4000 added the option to disable this verification. To download the latest version see KB: Download Symantec Enterprise Security software
To disable certificate validation on RU4, perform the following:
If your certificate does not match the hostname it is recommended that you update the certificate:
Generate a new SEPM server certificate using the Manage Server Certificate Wizard. See the following link for more information.