Symantec Endpoint Protection Manager (SEPM) was recently upgraded to version 12.1 RU5 or higher.
Since then, SEP clients are not communicating with the SEPM and some features (e.g. LiveUpdate, remote deployment, client install package export) are failing. Errors appear in %SEPM%\Tomcat\logs\scm-server-0.log, highlighting a disk space issue whereas there are gigabytes of free disk space available on system and SEPM drives.
SEP client connection status displays the error "503 Service Unavailable".
2014-10-23 03:50:29.525 THREAD 130 INFO: Request from sesmlu. Authorization passed
2014-10-23 03:50:29.525 THREAD 130 FINE: requestData.getRemoteIP()=127.0.0.1
2014-10-23 03:50:29.915 THREAD 130 FINE: lockProcessState start for owner:ConfigServerHandler.processLUContent toWaitForUnlock:false
2014-10-23 03:50:29.931 THREAD 130 FINE: markProcessState return state:1
2014-10-23 03:50:29.931 THREAD 130 FINE: lockProcessState return state:1 for process owner:ConfigServerHandler.processLUContent toWaitForUnlock:false
2014-10-23 03:50:29.978 THREAD 130 SEVERE: Your hard disk space is less than <512>MB. Symantec Endpoint Protection Manager requires more disk space to complete certain tasks. Please delete some files to free up some space. Symantec recommends that you have a minimum of 1GB of free disk space.
2014-10-23 03:50:29.994 THREAD 130 SEVERE: in: com.sygate.scm.server.consolemanager.requesthandler.ConfigServerHandler
java.io.IOException: There is not enough disk space!
2014-10-28 08:40:30.512 THREAD 31 SEVERE: Disk space below critical, Updating server health
2014-10-28 08:40:30.542 THREAD 31 SEVERE: Stop ClientTransport.
2014-10-28 08:40:30.542 THREAD 31 SEVERE: There is not enough disk space, Stopping Client Transportion.
In previous versions, SEPM services ("semsrv" - Tomcat and "semwebsrv" - Apache) were running under local system account.
As per security Best Practices, services should run with the lowest privileges necessary. Therefore it has been decided in 12.1 RU5 to change accounts used to run Tomcat and Apache:
- Network Service account is now used in Windows Server 2003/2008 and Windows XP
- Virtual accounts NT SERVICE\semsrv and NT SERVICE\semwebsrv are now used in Windows Server 2008 R2/Windows 7 or higher
NOTE - Because some SEPM features do require elevated privileges, a new service named "Symantec Endpoint Protection Launcher" has been created.
If the account under which Tomcat is running doesn't have READ access to root of drives involved (system and SEPM), the function used to calculate free disk space available would return incorrect values and cause SEPM tasks to be wrongly terminated.
Based on SEPM OS (see Cause section above), give READ access to system drive and SEPM drive for Network Service or NT SERVICE\semsrv.