Problem Symantec Endpoint Protection Manager - Broken!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Everyone,

Just thought I'd ask on here to see if anyone has come across a similar problem. In work we have SEPM 11.05, using embedded database, on a Windows Server 2003 server, which is pretty old. Now it has been functioning fine mostly for ages now, but today, for some reason it has just stopped working - to be more specific, it wont connect to the database. Tried a few fixes, and had symantec on the phone for about 3 hours today, who ran through several more fixes, although still no joy - the other main problem seems to be that the SEPM service just seems to stop on its own, a few seconds after I start it.

This has just started this morning, and I have spent most of the day trying to fix it, obviously if it can't be fixed I will have to reinstall, but this isn't the preferred option just yet!

Would appreciate any ideas.

 

Well theres about a million entries in Application logs, of Source secars, event ID 4096, and the error states initialise server configuration error.

After starting the service, and it subsequently stopping, theres no error, just a warning, event ID 1202 "no mapping between account names and security IDs was done"

Under the system logs, it just says the service has started, then the service is running, then the service has stopped...

So dont think there is anything particularly pertinent in there

 

Have you checked to see if the service account has expired or been locked out?

 

One thing I would check is that you've got the ports reserved in the regisitry so that DNS is not grabbing them. (Edit: if you're running DNS on that server, I'm so used to SBS boxes it's an automatic assumption)

Run a "netstat -o > sepmtest.log" on the server and check through the log file to see if you've got anything listening on any ports listed on this page: http://service1.symantec.com/SUPPOR...edda0cd89141a6788025734e004b6a02?OpenDocument

If you do, and even if you don't in fact as good practice, add the ports shown to the reserved list as per this KB: How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server

It might not even be DNS thats using one of the ports, it could be something else you've installed or updated on the server, or it might not even be related to the ports but it's worth a look! The netstat output should show whats in use.

Further Reading: You experience issues with UDP-dependent network services after you install DNS Server service security update 953230 (MS08-037) - for interest, the first KB does reserve TCP and UDP ports although the orginal problem stemmed from the above DNS update.

Further further reading on 2003/2008 port range changes: The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008

 

Did you do any updates to the server yesterday?