Symantec Endpoint Protection Manager (SEPM) plays a pivotal role in managing and securing endpoints across hybrid environments. However, synchronization delays with the cloud can disrupt this harmony, raising concerns about security and efficiency. This article delves into the issue of receiving cloud synchronization delay alerts from SEPMs, exploring the environment, potential causes, and steps for resolution.

The environment under consideration includes a hybrid setup where SEPM manage endpoints both locally and through the Cloud. In such a setup, it is crucial for all management servers to maintain continuous and reliable connectivity with various Symantec cloud services.

Symantec Endpoint Protection or Symantec Endpoint Security Enterprise or Complete.
Hybrid 14.3 RU8 +

Cloud Synchronization Delayed Alert Between SEPM and The Cloud Can Stem From Several Factors:

Network Connectivity Issues: All management servers in the site must have uninterrupted access to the required URLs for Symantec services. Any network blockages or restrictions can hinder this access, leading to synchronization delays.

Service Disruptions: The functioning of bridge and SEP services is crucial. Any interruption in these services can cause delays in synchronization.

Certificate Verification Failures: Inadequate SSL/TLS certificate management can result in failed or delayed connections to Symantec cloud services.

Misconfigured JDBC Properties: The jdbc.properties file on the API server needs to be correctly configured. If this file remains in its default state post-SEPM installation, it indicates a configuration lapse, potentially leading to synchronization issues.

Database connectivity issues: All of the cloud bridge services and many SEPM functions require a constant and reliable database connection.

To resolve the cloud synchronization delay alerts in SEPM, follow these steps:

1. Verify Network Access

Ensure that all management servers in the site have access to the necessary URLs:

• Symantec Cloud API Gateway
• Cloud Notification Service (SPOC)
• Cloud Storage Services

Check for any network configurations or firewalls that might be blocking these connections. As a best practice, allow uninterrupted access to these services.

2. Ensure SSL/TLS Certificates Are Up to Date

Verify that the following SSL/TLS certificates are properly installed and up to date:

• DigiCertGlobalCAG2.crl
• DigiCertGlobalCAG2.crl
• ocsp.digicert.com

These certificates are crucial for secure communication with Symantec cloud services.

3. Check Bridge and SEP Services

Ensure that the bridge and SEP services are running without interruptions. Restart these services if necessary to restore normal synchronization processes.

4. Verify and re-configure JDBC Properties

Inspect the jdbc.properties file on the API server. If the file's created and modified dates are identical, it indicates that the file hasn't been updated since installation. This default configuration needs modification, run the SEPM management server configuration wizard again on the SEPM server. This process will reconfigure the SEPM setup, potentially resolving any lingering synchronization issues. After running the wizard, monitor the SEPM API logs (semapisrv_log*.log) for any anomalies or errors that might indicate ongoing problems.

5. Database connectivity issues:

Aside from general network connectivity troubleshooting, if it is determined that there are actual expected database outages then it may be beneficial to add two timeout dampening parameters into the conf.properties files on the SEPM servers.

The two parameters and their default values are:

scm.apiserver.cloudhub.downtime.threshold.minutes=30
scm.apiserver.task.hubcheck.lastuploadtime.error.threshold.hours=4

These parameters are not present by default and would need to be added.
It is advised to increase the values from the defaults to a point that covers the time the database connectivity occurs. Product support can assist with identifying the database outage span of time if SEPM Cloud Bridge debug logs are collected. See the Additional Information section below.

If the Issue Persists, Contact Support and Collect WPP and Enable Debug Logging for Endpoint Protection Manager Cloud Bridge

a) How to collect WPP logs with Symdiag.

b) How to enable Cloud Bridge debug logging.