SEPM Unexpected server error - java.util.zip.ZipException: zip END header not found
search cancel

SEPM Unexpected server error - java.util.zip.ZipException: zip END header not found

book

Article ID: 280048

calendar_today

Updated On:

Products

Endpoint Security Complete Advanced Endpoint Defense (with SEP) Complete Endpoint Defense (with SEP) Symantec

Issue/Introduction

SEPM administrator might start receiving periodically below in system events

 

Event type:

An unexpected exception has occurred

Event description:

Unexpected server error.

Error message:

Unexpected server error.

Error code:

Unexpected server error.

Stack trace:

java.util.zip.ZipException: zip END header not found at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1607) at java.base/java.util.zip.ZipFile$Source.findEND(ZipFile.java:1497) at java.base/java.util.zip.ZipFile$Source.initCEN(ZipFile.java:1504) at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1308) at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1271) at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:733) at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:248) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:177) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:191) at com.sygate.scm.server.task.ReportWriter.generateHTMLReport(ReportWriter.java:95) at com.sygate.scm.server.task.notification.EmailHelper.doMail(EmailHelper.java:147) at com.sygate.scm.server.task.notification.EmailWorker.doAction(EmailWorker.java:44) at com.sygate.scm.server.task.notification.ActionPerformer.takeActions(ActionPerformer.java:215) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7712) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7638) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7619) at com.sygate.scm.server.task.SecurityAlertNotifyTask.contentOutOfDate(SecurityAlertNotifyTask.java:5936) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processNotifications(SecurityAlertNotifyTask.java:1772) at com.sygate.scm.server.task.SecurityAlertNotifyTask.execute(SecurityAlertNotifyTask.java:1195) at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:56) at java.base/java.util.TimerThread.mainLoop(Timer.java:556) at java.base/java.util.TimerThread.run(Timer.java:506) com.sygate.scm.server.util.ServerException: Unexp

Site:

<Site>

Server:

<SEPM Server name>

Date:

02/22/2024 20:04:50

Severity:

Error

and

Event type:

An unexpected exception has occurred

Event description:

Unexpected server error.

Error message:

Unexpected server error.

Error code:

Unexpected server error.

Stack trace:

com.sygate.scm.server.task.notification.NotificationSystemException: java.util.zip.ZipException: zip END header not found at com.sygate.scm.server.task.notification.EmailWorker.doAction(EmailWorker.java:46) at com.sygate.scm.server.task.notification.ActionPerformer.takeActions(ActionPerformer.java:215) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7712) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7638) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7619) at com.sygate.scm.server.task.SecurityAlertNotifyTask.contentOutOfDate(SecurityAlertNotifyTask.java:5936) at com.sygate.scm.server.task.SecurityAlertNotifyTask.processNotifications(SecurityAlertNotifyTask.java:1772) at com.sygate.scm.server.task.SecurityAlertNotifyTask.execute(SecurityAlertNotifyTask.java:1195) at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:56) at java.base/java.util.TimerThread.mainLoop(Timer.java:556) at java.base/java.util.TimerThread.run(Timer.java:506) Caused by: java.util.zip.ZipException: zip END header not found at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1607) at java.base/java.util.zip.ZipFile$Source.findEND(ZipFile.java:1497) at java.base/java.util.zip.ZipFile$Source.initCEN(ZipFile.java:1504) at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1308) at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1271) at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:733) at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:248) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:177) at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:191) at com.sygate.scm.server.task.ReportWriter.generateHTMLReport(ReportWriter.java:95)

Site:

<Site>

Server:

<SEPM Server name>

Date:

02/22/2024 20:04:50

Severity:

Error

Environment

This error was so far noticed in SEPM 14.3 RU7+

Cause

The issue is happening when SEPM is attempting to send below malformed call to the reporting service 

2024-02-29 12:07:46.573 THREAD 64 FINE: ReportWriter: generating HTML report for https://<SEPM Server Name or IP>:8445/Reporting/?Notag_IDX=<THIS VALUE WAS INTENTIONALLY REMOVED>&view=generic&FavoriteFilterName=Default&token=<THIS VALUE WAS INTENTIONALLY REMOVED>

 

and it starts generating exceptions as a result of sending above malformed call.

 

2024-02-29 12:07:46.651 THREAD 64 SEVERE:  in: com.sygate.scm.server.task.notification.EmailHelper
java.util.zip.ZipException: zip END header not found
        at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1607)
        at java.base/java.util.zip.ZipFile$Source.findEND(ZipFile.java:1497)
        at java.base/java.util.zip.ZipFile$Source.initCEN(ZipFile.java:1504)
        at java.base/java.util.zip.ZipFile$Source.<init>(ZipFile.java:1308)
        at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1271)
        at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:733)
        at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850)
        at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:248)
        at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:177)
        at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:191)
        at com.sygate.scm.server.task.ReportWriter.generateHTMLReport(ReportWriter.java:95)
        at com.sygate.scm.server.task.notification.EmailHelper.doMail(EmailHelper.java:147)
        at com.sygate.scm.server.task.notification.EmailWorker.doAction(EmailWorker.java:44)
        at com.sygate.scm.server.task.notification.ActionPerformer.takeActions(ActionPerformer.java:215)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7712)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7638)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7619)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.contentOutOfDate(SecurityAlertNotifyTask.java:5936)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processNotifications(SecurityAlertNotifyTask.java:1772)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.execute(SecurityAlertNotifyTask.java:1195)
        at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:56)
        at java.base/java.util.TimerThread.mainLoop(Timer.java:556)
        at java.base/java.util.TimerThread.run(Timer.java:506)
2024-02-29 12:07:46.651 THREAD 64 SEVERE:  in: com.sygate.scm.server.task.notification.ActionPerformer
com.sygate.scm.server.task.notification.NotificationSystemException: java.util.zip.ZipException: zip END header not found
        at com.sygate.scm.server.task.notification.EmailWorker.doAction(EmailWorker.java:46)
        at com.sygate.scm.server.task.notification.ActionPerformer.takeActions(ActionPerformer.java:215)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7712)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7638)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processResponses(SecurityAlertNotifyTask.java:7619)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.contentOutOfDate(SecurityAlertNotifyTask.java:5936)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.processNotifications(SecurityAlertNotifyTask.java:1772)
        at com.sygate.scm.server.task.SecurityAlertNotifyTask.execute(SecurityAlertNotifyTask.java:1195)
        at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:56)
        at java.base/java.util.TimerThread.mainLoop(Timer.java:556)
        at java.base/java.util.TimerThread.run(Timer.java:506)

 

 

The correct URL query should look like below:

2023-07-05 21:43:01.792 THREAD 33 FINE: ReportWriter: generating HTML report for *https://<SEPM Server name or IP>:8445/Reporting/inventory/response_events.php?notagType=ID&Notag_IDX=<THIS VALUE WAS INTENTIONALLY REMOVED>&view=generic&FavoriteFilterName=Default&token=<THIS VALUE WAS INTENTIONALLY REMOVED>

 

When querying the SQL DB for the missing HYPERLINK2 field using below query, you should see an empty HTYPERLINK2 field 

Select * from NOTIFICATION where TYPE = 'ID'

Resolution

It was found that the PHP file and notagType is missing in the SEPM logs. This means in this particular environment hyperlink is missing from notification table in the DB side.
 
Step 1: Backup the SEPM database per the following KB article Symantec Endpoint Protection Manager database backup and restore explained (broadcom.com)

Step 2: Open Microsoft SQL Server Management Studio

Open Microsoft SQL Server Management Studio (SSMS). You can usually find it in your Windows Start menu or search for it.

Step 3: Connect to the Database

In SSMS, connect to your SQL Server instance where the Symantec Endpoint Protection Manager database is hosted. You'll need to provide the authentication method (Windows Authentication or SQL Server Authentication), and credentials.

Step 4: Run the following query on the database:
 
Update HYPERLINK2 entry in NOTIFICATION table
 
Update NOTIFICATION set HYPERLINK2 = '/inventory/response_events.php?notagType=ID' where TYPE = 'ID'
 
 
 
Monitor your SEPM if it will generate these notifications after a day or more.
Powered by Wolken Software