When attempting to add a SPE server as a managed device in the SPE Console for Windows the attempt fails with a warning box:

Failed to add following server(s): server.example.com. Reason: An existing connection was forcibly closed by the remote host.

An examination of the SPE_REST_API.log file contained an error similar to the following:

2024-02-25 02:49:50,756 [http-nio-8008-exec-2] ERROR symantec.spe.business.SpeRestManagement:122 - Failed to update. Missing required permissions on policy directory
2024-02-25 02:49:50,757 [http-nio-8008-exec-2] ERROR symantec.spe.business.SpeRestManagement:132 - 500 INTERNAL_SERVER_ERROR "Failed to update the specified configurations. 

Protection Engine for Linux 9.1

The server was deployed in Amazon Marketplace as an AMI, and the administrator had manually upgraded it from SPE version 8.2.2 to version 9.1.   During the upgrade permissions to newly replaced files were not granted access to the account (other than root) used for SPE auxiliary functions as established during the original AMI installation.

As of the time of this publication upgrading SPE that deployed via an AMI--to a different version is not supported.  Moving to a newer version of SPE must be done by deploying the new version of SPE (via a newer AMI version) and adding it into a group (via the SPE for Windows Console) which has the server's previous settings applied/preserved.

The following work-around may be an option:

1. Edit the startup script file /etc/init.d/symcscan
2. Find where the user account is set "User=", usually near line 35
3. Set the account as root
4. Save the changes
5. Restart the SPE service by running /etc/init.d/symcscan restart