Good day readers,
This post is one of my “pure frustration” posts, in which I try to save you from the same frustrations I had.
In short, the issue is the following:
- Re-installation of a Win2003 R2 machine as DC, F&P, with Symantec backup Exec 11D and Symantec Endpoint Protection Manager. All went fine, until I installed the Endpoint protection Mgr. For some unknown reason, the installation and configuration of SEPM reported everything was oke, but when opening the console, I discovered to issues.
a) Symantec Endpoint Protection Manager Service start and immediately stops with error “The Java virtual machine has exited with a code of –1”.
b) Symantec Endpoint Protection Manager console starts up, but after logging on, I get an error message “unable to communicate with reporting component”.
After multi-day searching on the internet, I found the solution for both issues, by using trial-and-error :); Although it is not completely clear for which part of the issue my steps guided to the solution, below settings solved it as well; I assume, as this is a fresh install, all steps are necessary :)
- On all KB pages of Symantec, you will find the ApplicationPool should run under the Local System or Network Service Account; however, as I’m used to create a service account for each “server application”, I will explain the steps I followed to make this error go away, by using a service account
1) create a new user (domain or local doesn’t really matter; as I was running SEPM on a DC, I only have domain user possibility), eg. called svc_sepm; make this user member of local machine administrators.
2a) link this user to the Default ApplicationPool in IIS (using identity tab)
2b) give the user appropriate permissions on the Symantec SQL database as follows:
- open SQL Mgmt Studio, goto Security / logins, and add the svc_sepm user account to the list of users
- double-click the specific user, goto User Mapping, and make this user “db_owner” of the SEM5 database (I know db_owner means the service account has full rights, but as I had already such a lot of sh***t with this install, it is not up to me to investigate what “lower rights” the service account could have to still have this software work.
3) validate the Symantec Web Site is using anonymous credentials, and SSL is disabled for this website.
4) Update the Java Virtual Machine to the latest version (at time of writing this post, the latest edition is Java Runtime Environment 6u13)
5) edit the “port=” settings in the server.conf file at the following location: “C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf” to any available number; the default is 8005; I modified it to 8006. (this is one of the reasons for the error, as the Backup Exec is using the same port)
6) Walk through the Management Configuration Wizard, where you again have to modify the suggested Server Port Number to any available number; The default is 8443, I modified it to 9443
7) Manually restart the “Symantec Endpoint Protection Manager Console” service; if all is owkay, it should keep on running (at least, in my situation, it did!!)
=> for a reference, the following official Symantec KB can be used as a partial background:
Although I don’t have any clue why this installation was that hard, I’m glad I found a working system after 4 days of investigating.
apr 26 2009, 05:19
Peter De Tender