Prevalent e-mail alerts from the Symantec Endpoint Protection Manager (SEPM) repeat every 10 minutes, indicating that an "Unexpected Server Error" has occurred. This behavior occurs without any specific trigger that the user or administrator can identify.
Unexpected Server Error messages should be diagnosed with Tomcat debugging.
After Enabling Tomcat server debugging for Endpoint Protection Manager, the following exception can be observed in scm-server log files:
com.sygate.scm.common.configobject.ValidationException: The entity name must immediately follow the '&' in the entity reference. at com.sygate.scm.common.configobject.XMLHelper.parseSAX(XMLHelper.java:563) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:168) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:179) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:214) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.handleRegistrationRequest(AgentRegisterHandler.java:288)
THREAD 82116 WARNING: com.sygate.scm.common.configobject.ValidationException: The reference to entity "M" must end with the ';' delimiter.
The SEPM does not allow certain characters, such as "&" in a group name. Normally, the SEPM UI will block a group from being created with an invalid character.
In cases where AD import is utilized for groups, it is possible that an invalid character such as "&" may be imported, and cause this issue.
SEPM presently does not have a validation mechanism for non-supported characters imported via Active Directory Import.
This issue is fixed in Symantec Endpoint Protection 14.2 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.
If an upgrade to 14.2 RU1 is not an option at this time, the following steps must be taken to remediate this issue: