Solved

Symantec endpoint unable to communicate with the reporting component

Posted on 2011-03-17
26
2,427 Views
Last Modified: 2013-12-09
So the topic has been covered before:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Server_Anti-Virus/Q_24151300.html?sfQueryTermInfo=1+10+30+commun+compon+report+unabl

I looked through all the KB's and verified that everything was complient. The only thing I did was add the network service and local service to the GPO in my domain. However, nothing changed.

I verifed the OBDC settings were correct but the connections to the database still fails. I check a few things out in IIS like the KB's mentioned ie make sure anonymous user was checked..

I am running out of options and I still received the message unable to communicate with the reporting component after attemping to log in to the SEPM.

The DB is embeded and we are running version 11.0.2; maybe this helps.

Thanks and regards,

Robert
0
Comment
Question by:tobe1424
  • 12
  • 10
  • +1
26 Comments
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 35160826
This is slightly off topic, but you should run at least 11.05 of SEP since it was rewritten with that release and takes up way less resources.
0
 

Author Comment

by:tobe1424
ID: 35165878
Do you think this will take care of my issue?
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35180032
All of the below steps are performed on the SEPM server.

Verify that the DefaultAppPool identity is set to "Network Service."
1. Open the IIS Administrator
2. Expand <server name> > Application Pools
3. Right-click DefaultAppPool and select Properties
4. Under Identity, verify the Predefined radio button is selected and that the Network Service is selected in the drop-down list.

Verify User Rights.
1. Click Start> Run.
2. Type gpedit.msc.
3. Expand Computer Configuration> Windows Settings> Security Settings> Local Policies.
4. Select User Rights Assignment.
5. Double-click on Adjust memory Quotas for a Process and Replace a process-level token and verify that the "NETWORK SERVICE" is listed.
Note: If the "Add User or Group..." option is disabled, it is possible that this policy is locked by a domain GPO (group policy object) which will require an assessment of domain GPOs.
6. Restart the "IIS Admin" service to update any changes.
         
Verify Authentication and Access Control.
1. Open the IIS Administrator
2. Expand <server name> > Web Sites
3. Right-click on Default Web Site and select Properties
4. Select Directory Security.
5. Under "Authentication and Access Control" select Edit.
6. Verify that Enable Anonymous Access is checked.
7. Please check the appropriate setting if you are utilizing Authenticated Access.

Verify Secure Communications is not selected (if SSL is not implemented).
1. Open the IIS Administrator
2. Expand <server name> > Web Sites
3. Right-click on Default Web Site and select Properties
4. Select Directory Security
5. Under "Secure Communications", select Edit
6. Verify that Require Secure Channel (SSL) is not selected.

http://www.symantec.com/business/support/index?page=content&id=TECH102681
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35180099
If the above doesn't work for you, please attach the following log files:

\Program Files\Symantec\Symantec Endpoint Protection Manager\db\err.log
\Program Files\Symantec\Symantec Endpoint Protection Manager\db\out.log
0
 

Author Comment

by:tobe1424
ID: 35181431
I've already tried those things.

I could not see a err.log but i have the out.log attached.

Keep in mind that the server is a DC and it is running backup exec and other apps.

This is driving me insane. I need this solved so I can move on to other things. What do you guys think?

Thanks and regards,

Robert out.log
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35182942
The log doesn't indicate anything that would cause this specific issue. Any chance the drive you have the SEPM installed on is near capacity? Run dbvalidator.bat in the \Program Files\Symantec\Symantec Endpoint Protection Manager\Tools folder and post back results.

How long has this issue been going on for, and do you have a current maintenance contract?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35184145
Since the current version is 11.0.6, I would recommend updating to the that version to see if it resolves your issue. At the very least, this will upgrade all of the components and may fix your issue by reinstalling something that has gotten corrupted in your current installation. In working with Symantec over the years, I have found that this is always the first thing they recommend when you call them for support. The application, particularly the management components, has been buggy and, although it's in a "good phase" currently, it still never hurts to be sure you have the most recent updates.
0
 

Author Comment

by:tobe1424
ID: 35184754
I have close to 5GB available. Is that sufficient or do you think this can be causing these types of behaviors?

Regards,

Robert
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35185173
No, 5GB is good. How did dbvalidator turn out? From the out.log I would anticipate it to be successful, but I'd like to make sure.
0
 

Author Comment

by:tobe1424
ID: 35191152
I can't tell you when it stopped working. Ever since I came into the company this has been an issue that no one has tackled.

I can't really update the version due to the lack of a maintenance plan.

So in IIS in the defaultapppool identity tab. I verified that Network Service is listed.

However, I think the instructions are misleading. It first states:

-Verify the defaultapppool identity is set to network service

Step 5 states the following:
-If Network Service is listed then try adding the Local System.

I went ahead and changed it to local system and the message is not showing up anymore.

However, I think step 5 is a bit confusing. Does it mean I should keep network service or change it to local system? How do they differ?

I also noticed that although it is working. The console is sluggish.
0
 

Author Comment

by:tobe1424
ID: 35193259
Like mentioned before, I now log in and don't receive the message. However, I still feel like things are not right.

I've tried to run the SEP Support tool and it still generates the same errors:


Error No IIS web sites were found with a port matching that configured for the Symantec Endpoint Protection Manager. Check the report "Is the Symantec Endpoint Protection Manager using its configured ports?"

Error The Local Security Policy 'Replace a process level token' does not list the user(s):
LOCAL SERVICE,NETWORK SERVICE

Thanks,

Rob
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35193495
You probably have the SEPM service configured to run under the local SYSTEM account. That's why DefaultAppPool in IIS needed to be updated.

The SST checks for the website on port 8014. Is that the port you're using?

Open the local security policy on the SEPM server (under Admin Tools) and check that privilege. Make sure those 2 accounts are listed. If you need to add them, restart the SEPM service afterwards.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:tobe1424
ID: 35201218
How can I check if SST is on port 8014. The server itself with a domain controller. I know it's not best practice but it is what we need to work with.

By the local securiyt policy on the SEPM server do you mean the console or the actual servers group policy?

Although the console works now, I want to run the SEP tool and receive no messages.

Thanks,

Rob
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35201747
It's not the SST that runs on 8014, but the Symantec Web Server web site in IIS. To check the port being used...

1. Logon to the SEPM server and open IIS Manager.
2. Expand the Web Sites folder on the left.
3. Right-click on Symantec Web Server and choose Properties.
4. Under the 'Web site information' section on the Web Site tab, look at TCP port.

Whether it's 8014, 80 or something entirely different doesn't matter as long as your clients know how to communicate with the SEPM. If they're checking in, getting policy and content updates, then that part is fine.

Local security policy: Referring to the Windows policy under Administrative Tools\Local Security Policy.

1. Open Local Security Policy.
2. Expand Local Policies on the left and choose User Rights Assignment.
3. Double click on the 'Replace a process level token' policy and confirm LOCAL SERVICE and NETWORK SERVICE are listed.
4. If the above accounts are not listed, add them. Then restart the SEPM service.

With regards to the comment you made about the console being sluggish, I suspect this is mostly going to be due to the other tasks this server is doing, in addition to the console being written in Java. Java can be a memory hog and competing with Active Directory isn't going to leave much system resources depending on the hardware being used.

Upgrading to a later version of SEP may resolve some of the sluggishness as there have been improvements in the code and version of JRE used. But as you mentioned earlier, you don't have a current maintenance contract that would give you access to the newer versions. So you have to do the best with what you got. :)
0
 

Author Comment

by:tobe1424
ID: 35243052
Thanks for the help.

I was able to remove to errors relating to the network and local service.

However, I still receive the message:

No IIS web sites were found ith a port matching that configured for the symantec endpoint protection manager....

I am not sure what else to check. I have the ports configured to port 80

Thanks,

Rob
0
 

Author Comment

by:tobe1424
ID: 35324659
Anyone?
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35324903
Sorry, got caught up working another issue. In IIS Admin, do you have a Symantec Web Server web site, or is it configured under the Default web site? If you don't see Symantec Web Server listed, that's what the SST is complaining about. To fix that you would have to reinstall the SEPM software and choose the custom website option that defaults to port 8014.
0
 

Author Comment

by:tobe1424
ID: 35325996
Thanks for the response.

I am still having trouble. The Symantec Web Server is listed and is using port 80.

I also noticed that when i go into OBDC to test the connection to the database, the test fails.


Thanks,

Rob
0
 
LVL 12

Accepted Solution

by:
jmlamb earned 250 total points
ID: 35329619
Can you attach the SST output please?

Here are the steps to make sure the ODBC connection is configured correctly.

o Verify that the "Symantec Embedded Database" service is running and that the dbsrv9.exe process is listening on TCP port 2638.

1. In the Windows Control Panel, open Data Sources (ODBC).
2. On the System DSN tab click Symantec Endpoint Security DSN.
3. Click Configure.
4. On the Login tab, enter the User ID DBA and the Symantec Endpoint Protection database password configured during installation (this is the same as the Endpoint Protection Manager login password by default).
5. On the Database tab enter the name of the computer that runs Symantec Endpoint Protection Manager into the "Server name:" field.
6. Under Database Name, enter the following: sem5
7. On the Network tab ensure TCP/IP is checked.
8. Enter the IP address of the computer that runs Symantec Endpoint Protection Manager into the TCP/IP field.
9. On the ODBC tab, click Test Connection and ensure it states Connection successful
10. Click OK.
0
 

Author Comment

by:tobe1424
ID: 35353445
After using netstat  I don't see port 2638 open. Again, I ran the test and connection failed.

What is SST?

HELP!

-Thanks
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35355097
SST is the SEP Support Tool you've been running to discover your errors. It generates an output file for Symantec support. Please attach the file here so I can review it.

Is the "Symantec Embedded Database" service running and you see dbsrv9.exe in the process list?
0
 

Author Comment

by:tobe1424
ID: 35383911
Yes. The service is on the I see the process.

The only warning I get in the SST is the following:

Click for more -> unable to communicate with the reporting component after logging to the Symantec Endpoint Protection Manager

Status Error

Test Error -  No IIS web site were found with a port matching that  configured for the Symantec Endpoint Protection Mangaer. Check the report "Iis the Symantec Endpoint Protection Manager using its configured ports?"


This is the only red flag that the SST picks up.

Thanks,

Rob
0
 

Author Comment

by:tobe1424
ID: 35392840
I need to get this resolved in order to move on to the next project.

Please advise.

T
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 35403841
You still haven't attached the SST output for me to review. If you're unable to do so, please contact Symantec Support as I won't be able to provide further troubleshooting steps without the output.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

To Remove Security Suite for Windows Malware from a Windows XP Machine:  Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p) Login as Administrator Go to My Computer /Tools/ Folder Options/ View/  check mark the selectio…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now