SESC event process has failed over to the secondary site WARNINGs
search cancel

SESC event process has failed over to the secondary site WARNINGs

book

Article ID: 277337

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

The SEPM administrator might be observing many Warning messages like in screenshot below "Symantec Endpoint Security Complete event processing has failed over to the secondary site"

Conditions of the issue to happen including but not limited to below:

The deployment has multiple SEPM sites.

The deployment has lite enrollment initiated per the following technical documentations Enabling Adaptive Protection in Symantec Endpoint Protection.

SEPM replication is configured hourly in a production environment and within a specific window for example between 16:00 to 20:59

Screenshot of the warning messages is below:

In logs semapisrv_log.***.log you will see similar to below logs:

2023-10-30 01:29:32,657 [SyncTaaIncidentsTask] WARN  c.s.s.s.m.c.cloud.epmp.CloudManagerImpl - shouldITakeOver: yes, the master site has not replicated for 2 cycles. 
2023-10-30 03:19:33,239 [LicenseUsageTask] WARN  c.s.s.s.m.c.cloud.epmp.CloudManagerImpl - shouldITakeOver: yes, the master site has not replicated for 2 cycles. 
2023-10-30 03:29:33,296 [SyncTaaIncidentsTask] WARN  c.s.s.s.m.c.cloud.epmp.CloudManagerImpl - shouldITakeOver: yes, the master site has not replicated for 2 cycles. 
2023-10-30 05:29:33,923 [SyncTaaIncidentsTask] WARN  c.s.s.s.m.c.cloud.epmp.CloudManagerImpl - shouldITakeOver: yes, the master site has not replicated for 2 cycles. 
2023-10-30 07:19:34,516 [LicenseUsageTask] WARN  c.s.s.s.m.c.cloud.epmp.CloudManagerImpl - shouldITakeOver: yes, the master site has not replicated for 2 cycles. 
2023-10-30 07:29:34,572 [SyncTaaIncidentsTask] WARN  c.s.s.s.m.c.cloud.epmp.CloudManagerImpl - shouldITakeOver: yes, the master site has not replicated for 2 cycles. 
2023-10-30 09:29:35,206 [SyncTaaIncidentsTask] WARN  c.s.s.s.m.c.cloud.epmp.CloudManagerImpl - shouldITakeOver: yes, the master site has not replicated for 2 cycles. 

 

Environment

SEPM 14.3 RU1+

Cause

The replication from the first site to the second site or the vice versa was not completing within the one-hour interval, and after two consecutive failing replication attempts these warnings are being generated.

The time interval is causing the master site to think that it has not replicated for two cycles, outside the time window when the replication should happen.

Resolution

Solution 1:
Reconfigure your replication interval to Daily, since you have production environment, and we do not recommend replicating hourly per the replication best practices. 

Replication best practices for Endpoint Protection

 

Solution 2:
If the SEPM administrator doesn't want to switch the replication frequency from Hourly to Daily, then it is possible to stay in Hourly, however there will be a need to change the "Time interval."
From example change the replication interval from 16:00-20:59 to "00:00"-"23:59"

 

Solution3 (The least preferred):
If you are not using the API functionality in SEPM, you can go ahead and disable the API service "Symantec Endpoint Protection Manager API Service".
This shouldn't impact any other functionality since it is used mainly for the SEPM to Cloud communication and the handling of the API requests if the SEPM administrator is utilizing any.

Powered by Wolken Software