Unable to Enroll SEP Manager to ICDM to enable Adaptive protection
Article ID: 371029
Updated On:
Products
Issue/Introduction
After following the article for enrolling the SEP manager to cloud. Unable to enroll the SEP manager to connect to cloud.
Error: Unable to connect to cloud services.
This error occurred even after the Port and URL is allowed.
Environment
Symantec Endpoint Protection Manager 14.3 RU8 , Windows server 2016
Cause
Java error encountered while accessing the Java trust store, as reported by the JVM ('Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty'), the issue was not related to a connection problem due to firewall or proxy server restrictions. Instead, it was identified as a Java certificate store issue.
Logs:
Error trying to get:https://usea1.r3.securitycloud.symantec.com/r3_epmp_i/v2/bootstrap/configuration?server-api-version=1&server-api-revision=2
kong.unirest.UnirestException: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at kong.unirest.DefaultInterceptor.onFail(DefaultInterceptor.java:43)
Resolution
1) Need to check if all three Hosting URL in external firewall and proxy for the SEP Manager server is reachable.
https://sep.securitycloud.symantec.com
https://sep.eu.securitycloud.symantec.com
https://sep.in.securitycloud.symantec.com
2) Need to add the SSL certificate for 'usea1.r3.securitycloud.symantec.com' and its corresponding CA and intermediate SSL certificates to the SEP Manager JRE trust store (Article),
3) As mentioned in this article, Need to upgrade the the SEP Manager JRE from version 11.0.10 to the latest version, 11.0.21, followed by a restart of all SEPM services.
The SEPM will enroll with the cloud server.
Feedback
