SEPM prior to 14.3 RU9 being upgraded to 14.3 RU9

The SEPM upgrade tests connectivity to the existing SEPMs port 8443 to check certificate validity and will fail if the "Symantec Endpoint Protection Manager" service is not running.

There are additional possible causes as well such as the certificate not matching the server name, see the link in the Resolution for additional information on those causes and resolutions.

Ensure the "Symantec Endpoint Protection Manager" service is running before starting the 14.3 RU9 install.

Note that if you have multiple SEPMs in the same site, ie using the same database, the upgrade of the first SEPM will prompt you to stop the services on the other SEPMs and you should do so at that time. When you upgrade those secondary SEPMs the service does not need to be running but the certificate validation check will not take place. If the installed certificate does not match the name defined for that SEPM server then you will have issues logging in after the upgrade on those SEPMs. See the document below for steps to fix that.

Additional possible causes and resolutions are outlined in the following document:

Troubleshooting when the Symantec Endpoint Protection Manager blocks you from logging on or upgrading when the server name does not match the server certificate (14.3 RU9 or later)