Not able to add Symantec Endpoint Protection Manager (SEPM) controller to the Symantec Endpoint Detection & Response (SEDR)
If we login to SEPM API e.g: https://<SEPMIP>:8446/sepm/
EDR logs:
Central Manager;
2023-08-09 08:42:09,278 ERROR org.springframework.scheduling.concurrent.ScheduledExecutorFactoryBean#0-10 (GetDomains.java:getSepmDomains:122) Failed to retrieve domains from <<SEPMIP>>:8446, 400 - InboundJaxrsResponse{ClientResponse{method=GET, uri=https://<SEPMIP>:8446/sepm/api/v1/domains, status=400, reason=}}
Atpapp log:
2023-08-09 09:06:38,446 ERROR http-nio-127.0.0.1-8010-exec-12 (CentralManagerServiceImpl.java:validateSepm:5092) Error when trying to connect to SEPM. Exception : {"errorCode":"500","appErrorCode":"","errorMessage":"Internal Server Error"}:name=EROR_SEPM_INTERNAL_ERROR, description=SEPM internal error
com.symantec.atp.central_manager.rmi.exception.SepmCommunicationException: {"errorCode":"500","appErrorCode":"","errorMessage":"Internal Server Error"}:name=EROR_SEPM_INTERNAL_ERROR, description=SEPM internal error
From semapisrv_log.*.log
2023-08-09 18:40:55,574 [HubInstallTask] WARN c.s.s.c.d.mydbcp.SepmBasicDataSource - Could not connect to the database, wait for 1 second to retry... caller: getConnection 2023-08-09 18:40:56,574 [HubInstallTask] DEBUG c.s.s.c.d.mydbcp.SepmBasicDataSource - SepmBasicDataSource >> executor: 733863480, borrowing connection, connectionBorrowTimeout: 60000, maxWaitMillis: 30000, MaxTotal: 20, MaxIdle: 10, NumActive: 0, NumIdle: 0. 2023-08-09 18:40:56,590 [HubInstallTask] DEBUG c.s.s.c.d.mydbcp.SepmBasicDataSource - SepmBasicDataSource >> executor:733863480, Connection borrowed: null! 2023-08-09 18:40:56,590 [HubInstallTask] WARN c.s.s.c.d.mydbcp.SepmBasicDataSource - SepmBasicDataSource> handleSQLException>> retryCount: 20 2023-08-09 18:40:56,590 [HubInstallTask] WARN c.s.s.c.d.mydbcp.SepmBasicDataSource - SepmBasicDataSource> handleSQLException>> errorCode: 0 2023-08-09 18:40:56,590 [HubInstallTask] WARN c.s.s.c.d.mydbcp.SepmBasicDataSource - SepmBasicDataSource> handleSQLException>> sqlState: null 2023-08-09 18:40:56,590 [HubInstallTask] WARN c.s.s.c.d.mydbcp.SepmBasicDataSource - SepmBasicDataSource> handleSQLException>> cause: java.util.concurrent.ExecutionException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty". ClientConnectionId:34efbef3-b071-4e17-a69f-13db898123d7)
EDR version : 4.8.0
SEPM version: 14.3 RU7
While SEPM upgrade "trustServerCertificate" is false in the file <SEPM>\tomcat\instances\sepm-api\conf\Catalina_WS\localhost\jdbc.properties. However, in root.xml trustServerCertificate was true.
jdbc.password=<PASSWORD> jdbc.username=DBA jdbc.connectionInitSqls=SELECT 1 jdbc.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver jdbc.url=jdbc:sqlserver://SEPMIP:2638;instanceName=SQLEXPRESSSYMC;databaseName=sem5;integratedSecurity=false;encrypt=true;trustServerCertificate=false;;useUnicode=yes;characterEncoding=utf8;
Follow the below steps:-
1. Edit <SEPM>\tomcat\instances\sepm-api\conf\Catalina_WS\localhost\jdbc.properties
2.Change trustServerCertificate to true
3. Restart all SEPM services