Endpoints in authentication pending status due to incomplete GetComputer API response
search cancel

Endpoints in authentication pending status due to incomplete GetComputer API response

book

Article ID: 275305

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Symantec Endpoint Protection (SEP) clients are found to be in authentication pending state on Endpoint Detection and Response (EDR) console.

On checking the EDR logs, below messages are observed in this scenario:


2023-08-29 05:52:28,893 WARN SimpleAsyncTaskExecutor-1 (EnrollmentService.java:filterSupportedEndpoints:456) Skipping device_uid [XXXX] from EDR 2.0 enrollment because either its version or its SEPM version is not known

2023-08-29 07:01:08,467 WARN SimpleAsyncTaskExecutor-1 (EnrollmentService.java:syncMdrDevice:662) Found mismatch between provisioned endpoints in couchbase and enrollment info in trackDB for XXXX

2023-08-29 07:01:07,505 INFO SimpleAsyncTaskExecutor-1 (EnrollmentService.java:isEncryptedPasswordMatched:1470) mismatch detected, no encrypted password from SEPM [XXXX]
2023-08-29 07:01:07,505 INFO SimpleAsyncTaskExecutor-1 (EnrollmentService.java:isAtpDeviceUidMatched:1501) mismatched atpDeviceUid, null from SEPM, for device [XXXX]
2023-08-29 07:01:07,505 INFO SimpleAsyncTaskExecutor-1 (EnrollmentService.java:isNewEnrollmentNeededOnGroupChange:1758) SEPM Group mismatch detected. Device [XXXX], SEPM group [My Company\.] id [XXXX], ATP group [] id [], Current enrollment status [DeviceUnenrolled]. Checking if re-enrollment is needed
2023-08-29 07:01:07,505 INFO SimpleAsyncTaskExecutor-1 (EnrollmentService.java:isNewEnrollmentNeededOnGroupChange:1765) Device [xxxx] has not completed enrollment. Should trigger re-enrollment on group change
2023-08-29 07:01:07,505 INFO SimpleAsyncTaskExecutor-1 (EnrollmentService.java:correctEnrollmentStatus:1675) public key / encrypted password / atpDeviceUid / sepGroupId mis-match detected for [Computer_Name] [XXXX]
2023-08-29 07:01:07,505 INFO SimpleAsyncTaskExecutor-1 (EnrollmentService.java:correctEnrollmentStatus:1681) Generating new password for device Computer_Name deviceId: XXXX.   Connect token based agent? false

Environment

EDR version 4.8 or below

Cause

Known issue

Resolution

This issue is fixed in EDR version 4.9.

For EDR version 4.8, atp-patch2-4.8.0-1 can be installed to fix it as follows:

  1. Run the below command through EDR command-line interface (CLI) to verify that "atp-patch2-4.8.0-1" is available.
    patch list
  2. To install this patch:
    patch install atp-patch2-4.8.0-1
Powered by Wolken Software