Solved

Symantec Endpoint Protection Manager Service starts then stops, with Java error in Event Viewer

Posted on 2008-06-25
15
37,103 Views
Last Modified: 2013-12-09
I have just installed Symantec Endpoint Protection Management Console on a brand new SBS 2003 Server, and have been unable to get into it to deploy the client. The Symantec Endpoint Protection Manager Service starts then stops, with an error of "The Java Virtual Machine has exited with a code of -1, the service is being stopped." in the Application Event Log.

I have followed everything in the following post:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/86368136366e1ad78025734e004734d9?OpenDocument

But, none of the suggestions worked. I am using SEP with the built in DB (not SQL) and am running it with IIS running other websites (so Symantec is not set up to run exclusively on IIS). Tried updating Java, but same issue occured.

Any help would be appreciated.
Thanks!

Derek
0
Comment
Question by:coeurdcom
15 Comments
 

Author Comment

by:coeurdcom
ID: 21868397
Enabled logging as described in the Symantec Forum post referenced below, and here is the output from scm-server-0.log:

2008-06-25 11:14:40.730 SEVERE: ================== Server Environment ===================
2008-06-25 11:14:40.730 SEVERE: os.name = Windows 2003
2008-06-25 11:14:40.730 SEVERE: os.version = 5.2
2008-06-25 11:14:40.730 SEVERE: os.arch = x86
2008-06-25 11:14:40.730 SEVERE: java.version = 1.5.0_14
2008-06-25 11:14:40.730 SEVERE: java.vendor = Sun Microsystems Inc.
2008-06-25 11:14:40.730 SEVERE: java.vm.name = Java HotSpot(TM) Server VM
2008-06-25 11:14:40.730 SEVERE: java.vm.version = 1.5.0_14-b03
2008-06-25 11:14:40.730 SEVERE: java.home = C:\Program Files\Symantec\Symantec Endpoint Protection Manager\jdk\jre
2008-06-25 11:14:40.730 SEVERE: catalina.home = C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat
2008-06-25 11:14:40.730 SEVERE: java.user = null
2008-06-25 11:14:40.730 SEVERE: user.language = en
2008-06-25 11:14:40.730 SEVERE: user.country = US
2008-06-25 11:14:40.730 SEVERE: scm.server.version = 11.0.2000.1567
2008-06-25 11:14:40.746 INFO: Server startup
2008-06-25 11:14:42.418 SEVERE: ================== StartClientTransport ===================
2008-06-25 11:14:42.480 SEVERE: Unknown Exception in: com.sygate.scm.server.servlet.StartupServlet
java.lang.Exception: HTTP 302 Object Moved, URL: http://localhost/secars/secars.dll?action=34
      at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:548)
      at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:72)
      at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:99)
      at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
      at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
      at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
      at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
      at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
      at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
      at org.apache.catalina.core.StandardService.start(StandardService.java:450)
      at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
      at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
      at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
      at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)
com.sygate.scm.common.communicate.CommunicationException: Unexpected server error. ErrorCode: 0x10010000
      at com.sygate.scm.common.communicate.Communicator.getRequestInputStream(Communicator.java:569)
      at com.sygate.scm.server.util.ClientTransportHelper.startClientTransport(ClientTransportHelper.java:72)
      at com.sygate.scm.server.servlet.StartupServlet.init(StartupServlet.java:99)
      at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:880)
      at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:768)
      at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3484)
      at org.apache.catalina.core.StandardContext.start(StandardContext.java:3710)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
      at org.apache.catalina.core.StandardHost.start(StandardHost.java:697)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1148)
      at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:311)
      at org.apache.catalina.core.StandardService.start(StandardService.java:450)
      at org.apache.catalina.core.StandardServer.start(StandardServer.java:2213)
      at org.apache.catalina.startup.Catalina.start(Catalina.java:484)
      at org.apache.catalina.startup.Catalina.execute(Catalina.java:371)
      at org.apache.catalina.startup.Catalina.process(Catalina.java:134)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:151)
0
 

Author Comment

by:coeurdcom
ID: 21868424
Here is the output from Catalina.out:

Jun 25, 2008 11:14:39 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-9090
Jun 25, 2008 11:14:40 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Starting service SCM
Apache Tomcat/4.1.37-LE-jdk1.4
Has valid SAV license
Info>> No SNAC license file in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\license
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: ================== Server Environment ===================
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: os.name = Windows 2003
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: os.version = 5.2
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: os.arch = x86
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: java.version = 1.5.0_14
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: java.vendor = Sun Microsystems Inc.
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: java.vm.name = Java HotSpot(TM) Server VM
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: java.vm.version = 1.5.0_14-b03
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: java.home = C:\Program Files\Symantec\Symantec Endpoint Protection Manager\jdk\jre
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: catalina.home = C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: java.user = null
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: user.language = en
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: user.country = US
Jun 25, 2008 11:14:40 AM com.sygate.scm.server.util.ServerLogger writeHeader
SEVERE: scm.server.version = 11.0.2000.1567
0
 

Accepted Solution

by:
coeurdcom earned 0 total points
ID: 21868535
Found the problem. The root Default Web Site had SSL enabled (for some of the other sites on this server). Disabling SSL on the Symantec sites fixed the issue.
0
 

Expert Comment

by:pjnetworks
ID: 22012549
I just disabled SSL on the default web site (and all related sites) as well, and now the Symantec Endpoint Protection Manager service seems to be working properly.

I have been a hardcore Symantec Enterprise/Corporate software fan for many years, too, but Symante Endpoint really does suck.  I think that it's sad that they had to take a great product and mangle it as badly as they have...
0
 

Expert Comment

by:dayron
ID: 22556302
Yes. I was a die hard symantec corporate edition up to 10.x. Then came SEP11. What a disaster. I followed the Syamtec documentation to the letter and it blew out my client's network. The solution they offered was a patch whch basicaly downgraded SEP 11 to 10.x functionality. Thats just the beginning. I began referring to their product on their forums as their paid-beta. It was clear they did little testing. And any solution they offered after that...just as little testing. It's now fairly stable except for the odd IIS outages about once or twice a month (much less frequent the more aspects I disable of SEP11). Bottom line... Symantec all but says the only solution to their screwup is another AV vendor. Enter Eset. Love it. moving to it. Eset.com. Check it out. Kiss Symancrap goodbye.
0
 

Expert Comment

by:primetss
ID: 22856065
I found two issues different from above that solved it for me
IIS Folder Permissions on the EPP Web site was set to Basic only, adding Inntergrated permissions fixed the issue
Also control panel ODBC, the username and password for the database where black, the default user name seems to be DBA and password is what you enter on install
0
 

Expert Comment

by:mdhwoods
ID: 23355972
Can you specify how you corrected the EPP permissions?  Is it the SECARS and the SECREG pages under the default web site?  Also specifically what did you change?  Sorry, but this has been frustrating me for months now, and Symantec has been no help.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Expert Comment

by:scablifter
ID: 23853979
OK we were having the same issue.  We tracked it down to a conflict of port allocation by TomCat.

Found that the service - Symantec Endpoint Protection Manager - would stop about 20 seconds after starting and an error in the event log as listed in this thread.

Searched through the logs at:
Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs

looked at catalina.out and found the message below:
StandardServer.await: create[8005]: java.net.BindException: Address already in use: JVM_Bind

Following advise from a Symantec KB:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e77298b64281e447ca25736800837709?OpenDocument

This stated to:

Cause:
This error, along with any similar error referencing a different port, indicates that another application or process has already been bound to this port. For errors relating to port 8005 or 9090, the conflict is probably the result of another application running it's own Tomcat server on the same machine. Some products that use Symantec Endpoint Protection 11.0 Ports: IM Manager - Port 9090; Sonicwall ViewPoint - Port 8005; Symantec BrightMail AntiSpam 6.0.x Control Center - Port 8005; Symantec Mail Security for SMTP 5.0 Control Center - Port 8005.

Solution:
In order to resolve this issue, you must either change the port that the conflicting application runs on, or alter the Tomcat port.

To alter the Tomcat port, following these steps:

Ensure that the Symantec Endpoint Protection Manager service is stopped.
Right-click the server.xml file and click Edit to modify the file:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml)

For conflicts with port 8005, change the port to another unused port:
port="8005"

For conflicts with port 9090, change the port to another unused port:
port="9090"

Save the changes to the "server.xml" file.
Start the Symantec Endpoint Protection Manager service.
Attempt to login to the Symantec Endpoint Protection Manager.

Restarted the service and was able to logon.
0
 
LVL 2

Expert Comment

by:SacTechGroup
ID: 24165148
Changing the SEP website permissions to integrated and basic also solved it for me.
0
 

Expert Comment

by:Steve_Rogers
ID: 24515059
I tried all the suggestions, but Scablifter's port change on the server.xml worked for me.  I just increased each by one.  This was on version 11 mr4 mp2.
0
 
LVL 1

Expert Comment

by:JCaturia
ID: 24766058
It appears that installations of VMware may actually also conflict. Definitely try following the incrementing ports (8005 and 9090) instructions above if you're running a VMWare server on the same machine!
0
 
LVL 2

Expert Comment

by:Hangulman
ID: 26139559
We had this exact same problem on our server. SEPM was using the embedded database and was installed on a DC (Bad Ju-Ju I know, but we told the boss that and she said to do it anyways). We went through all the different steps INCLUDING a reinstall of SEPM and it didn't fix it.  Then we restarted the server. Problem fixed.  The problem had something to do with some internal security issues. Restarting the server renewed whatever security certificates were needed for the server to talk to itself. I do know that the MS Firewall Client for ISA we were running had a part in it.  A third party service provider performs firewall, outlook web access, and other network services for us and the problem didn't start until they made some changes to their network.
0
 
LVL 5

Expert Comment

by:jhill777
ID: 30728567
The Tomcat server ports were the problem for me, having VMWare installed as well as SEPM.  Changing ports in the XML file to 8006 and 9091 solved my issue.
0
 

Expert Comment

by:Supracom
ID: 32916477
God, this site is great. Disable SSL worked for me! I'm not a fan of all these web based software products these days. Still very buggy and hard to troubleshoot!
0
 

Expert Comment

by:Intuitech
ID: 34503966
Can anyone give a quick how to guide on disabling SSL?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now