Endpoint Protection Manager login hangs intermittently after upgrade to 14.0 MP1.

book

Article ID: 164825

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) login hangs intermittently after upgrade to 14.0 MP1. During this hang issue clients gradually start disconnecting from the SEPM. Also the  standalone reporting URL doesn't work.

Restarting the SEPM service fixes the issue, but eventually the issue comes back.

Cause

Apache performance issues.

Environment

Windows Server 2012 Server Standard 64-bit

SEPM Version: 14.0.2332.0100

Resolution

Improve the Apache performance as below by tuning Apache for client communication and reporting component.

  • Edit the httpd.conf file, increasing the value for "ConnectionsToQueuePerChild" from '500' to '3000', as it was with 12.1.
     
  • Reduce the TIME_WAIT socket connection numbers if you see a buildup of TIME_WAIT connections in the log.
    TcpTimedWaitDelay
    Registry value:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay
    Value Type: REG_DWORD
    Data: 30 (decimal)


    MaxUserPort
    Registry value:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort
    Value type: REG_DWORD
    Data: 65534 (decimal)

     
  • Throttle the agent registration by adding the following 3 parameters in conf.properties file:
    scm.agentregistration.throttle.low=5;
    scm.agentregistration.throttle.high=10;
    scm.agentregistration.throttle.leak=100;
     

  • Reduce the objects cache by adding the following to the conf.properties file:
    scm.cache.thereshold=600
  • If possible, reduce the Liveupdate frequency on the SEPM and increase the heartbeat interval of all the groups.
     
  • Disable Application Learning temporarily.
     
  • If the SEPM is in a virtual machine, check for the following issue: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2129176
     
  • Check if there are any legacy clients forwarding the logs to the SEPM. If yes disable this option temporarily.
     
  • Restart the SEPM server and confirm that it fixes the issue.