ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

EDR displays "Connection Error: SEPM returned 500 internal error status code" when attempting to connect to SEPM 14.3 RU2

book

Article ID: 216600

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Detection and Response

Issue/Introduction

 After upgrading or attempting connect to a 14.3 RU2 SEPM, the connection appears Healthy and later fails within minutes after saving the settings.  

Cause

Possible parsing error when retrieving saved "Group Inclusions".

Environment

SEPM 14.3 RU2
EDR 4.6.0-666

Resolution

This issue is fixed in Symantec Endpoint Protection 14.3 RU3.  For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

If updating is not possible then please use the steps below as a temporary workaround.

  • On the SEPM extract the contents of "14_3_ru2_4618_rest-api.zip" below.
  • Navigate to the "...\Symantec Endpoint Protection Manager\tomcat\instances\sepm-api\webapps\sepm\WEB-INF\lib"
  • Replace the file "sepm-rest-api-1.0.0.jar" with the extracted contents (See note)
  • Restart the SEPM API service.
    • Run the SERVICES.MSC from the start menu.
    • Locate the service "Symantec Endpoint Protection Manager API Servers".
    • Restart the service by right clicking on the service and selecting "Restart"
  • From the EDR console
    • Remove the previous connection
    • Add the SEPM server connection

Note:  It is recommended to replace the file.  Avoid renaming the file in the same directory since the server loads all the .jar files in "...\WEB-INF\lib" folder, which may not even fix the issue.

Additional Information

Please note that if you have multiple connected SEPM instances at a site (that is, the SEPM instances share a database), create a connection to only one SEPM per site in the EDR appliance console. If multiple SEPMs from the same site attempt to connect to the same Symantec EDR management platform, they compete for authentication credentials and might not operate properly. 

See the section About configuring the connection to SEPM in the EDR documentation https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-6.html where it states this. 

This same error could be seen if a second SEPM is configured that shares a database with a SEPM that is already configured in EDR.

Attachments

1623251828504__14_3_ru2_4618_rest-api.zip get_app