When adding an Active Directory server in the Symantec Endpoint Protection Manager (SEPM) you receive the error despite having entered the server name properly:

AD URL is malformed [path=LDAPS://example.123:636, user=example, error={3}

Symantec Endpoint Protection Manager

This issue occurs if your hostname or domain uses a non-standard format such as using an underscore in the hostname or using a non-standard TLD (ie not .com/.net/etc...) as Java has tightened their URL parsing rules and will not recognize these non-standard formats.

To resolve this issue perform the following on all SEPMs that will need to contact this server:

1. Stop the "Symantec Endpoint Protection Manager" service
2. Open regedit and go to the following key:
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\semsrv\Parameters
3. Take a backup of this key by right-clicking on it and Exporting, this is just for recovery purposes in case it is needed
4. Look a the "JVM Option Number" entries and note what the current highest value is
5. Add a new String Value within Parameters with the following properties:
     Name: JVM Option Number <next number in sequence, if 24 was the highest in step 4 then it would be "JVM Option Number 25">
     Data: -Dcom.sun.jndi.ldapURLParsing=legacy
6. Edit the "JVM Option Count", select Decimal, and increase it by 1. Note that it will be 1 higher than the number you set above since it starts from zero.
7. Start the "Symantec Endpoint Protection Manager" service
8. Add your Active Directory server

CRE-17601