Endpoint Detection and Response (EDR)

 View Only
  • 1.  EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Posted Aug 09, 2022 05:02 AM
    Edited by Tomasz Rajkowski Aug 09, 2022 05:33 AM
    Hello all,
    Suddenly I lost my connection to SEPM. I cannot reconnect.
    SEPM is working fine. Valid user with highest privileges. SEPM restarts don't help.
    There is no error information in EDR. The systems are in one network so nothing is blocking.
    tcp_check -p 443 -t% adressSEPM% -v - connected
    tcp_check -p 8446 -t% adressSEPM% -v - connected

    "Connection error"
    "Sepm unavailable; confirm that your sepm is online and accessible..."

    What else can I check? Thank you.


  • 2.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Broadcom Employee
    Posted Aug 15, 2022 09:43 AM
    Edited by Gavin Fulton Aug 15, 2022 09:43 AM
    Hi Tomasz,
    I'd suggest changing the password for the account that the EDR manager uses to connect to the SEPM and then use that password to reconnect from EDR to SEPM. The EDR appliance uses the credentials to make an initial connection and retrieve an oauth token for future requests so it's possible something is "out of sync" and so this password reset should resolve the situation.
    regards,
    Gavin


  • 3.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Posted 22 days ago
    Unfortunately it didn't help. I used a local and domain account. System Administrator role. Is that something with API in SEPM? Please help.


  • 4.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Broadcom Employee
    Posted 22 days ago
    Hi Tomasz,
    I can only recommend that you open a support case so that a support engineer can review the SEPM detailed event logs to determine a root cause.
    The SEPM credentials that EDR requires need to be for an account with System Administrator rights, and we recommend a dedicated account for SEDR to use.
    regards,
    Gavin