Endpoint Protection

Each time I try to edit an existing Intrustion Prevention policy a window will pop-up with the message "Cannot load data correctly. See the console log for details."

Decided to delete the existing policies and create from scratch.   But when I go to the Exceptions screen and click the Add button I got a pop-up window "Cannot load metadata file.  See the console log for details".

This started a few days after upgrading to RU5 (although that may not be related).    Can't find any documents related to this type of error message.

start-run
%temp%
delete all the temp files
restart sepm service
try to create the policy again.
 

I deleted all the temp files, restarted the service, but still have the same error message.

 Run Management server configuration wizard once.

Do a repair for SEPM from add/remove programs.. 

Hi,

Go to start->run-> %temp%

You will find a logfile by the name:  scm-ui.log

Please open that file when you get this error and let us know if you find any errors there.

Aniket

Here are the last few entries from scm-ui.log.  The part of the log I included begins with me clicking on the Policies button and it shows one IPS policy called "test1" and one custom IPS policy.

MainPanel::Button clicked end: [Policies]:  1268158094399, duration: 6.124s (6124.0)
>>> getPoliciesAppliedCount: [5]  1268158094914, duration: 0.515s (515.0)
>>> GetObjectInfo: [2]  1268158100149, duration: 0.451s (451.0)
    [0]:  test1
    [1]:  Sample Custom IPS signature - Block access to Google.com
>>> GetObject(getObjectByGUID): FwIdsLibrary  754970B2AC19505F01BC152774FB9584  1268158101256, duration: 0.81s (810.0)
>>> getPoliciesAppliedCount: [2]  1268158101770, duration: 0.483s (483.0)
Tue Mar 09 13:08:24 EST 2010: Refreshing Timer1
Tue Mar 09 13:08:24 EST 2010: Refreshing Timer2
>>> GetObject(getObjectByGUID): IdsPolicy  25837DD2AC19FB0C011B8540E95B6480  1268158106286, duration: 0.187s (187.0)
>>> getPoliciesAppliedCount: [2]  1268158106535, duration: 0.234s (234.0)
Id :25837DD2AC19FB0C011B8540E95B6480
>>> GetObject(getObjectByGUID): SemClientGroupTree  31A43263AC19FB0C013EC1AEB9FB73A4  1268158107190, duration: 0.141s (141.0)
GroupHandler>> generateGroupTreeRefreshChecksum: checksum=3490071836, time=1268158107190, duration: 0.0s (0.0)
>>> GetObject(getObjectByGUID): LuSesmContentCatalog  B20B6E870A980D7A00AF2A50862A396D  1268158121918, duration: 0.686s (686.0)
>>> GetObject(getObjectByGUID): LuDownloadedContentArray  6028C6E625754ECE4312D41CB963A039  1268158122276, duration: 0.358s (358.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  E1CE467BAC19FB0C00146D8CE3ABDAB2  1268158122619, duration: 0.343s (343.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  AF47797CAC19FB0C0189A7C14F5C2AA1  1268158122931, duration: 0.312s (312.0)
>>> GetObject(getObjectByGUID): LuContentPolicy  C3C88736AC19FB0C01EB534BE1BD07B3  1268158123180, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  078F2F5EAC19FB0C011FD5937C76622B  1268158123414, duration: 0.234s (234.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  0C4B0F74AC19FB0C01BC370B4AF0F9E9  1268158123663, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  A1D4D029AC19FB0C002231239D2F6C42  1268158123975, duration: 0.312s (312.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  7471C462AC19FB0C0106ED55D6002221  1268158124255, duration: 0.28s (280.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  10D9D612AC19FB0C01697A3DBE9761C1  1268158124520, duration: 0.265s (265.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  C37467D2AC19FB0C007E748CE2C9669C  1268158124645, duration: 0.125s (125.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  E7594254AC19505F011CCE1E4E408574  1268158124863, duration: 0.218s (218.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  22ABC9DDAC19FB0C006163A6837E6D88  1268158125112, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  CC2AC363AC19FB0C01C8BBBDD9CE5957  1268158125315, duration: 0.203s (203.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  49E3E076AC19FB0C01EDA0FA0110BD51  1268158125596, duration: 0.281s (281.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  55AF4FFCAC19FB0C019328343F626ABE  1268158125829, duration: 0.233s (233.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  A351DFCEAC19FB0C0186D9FA09327FCF  1268158125985, duration: 0.156s (156.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  55F7D4A1AC19505F011F0F24D20BA78C  1268158126266, duration: 0.281s (281.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  3E817856AC19505F001BA1F11964EBEC  1268158126515, duration: 0.249s (249.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  34B1F8CEAC19505F013FBF92FCA3F680  1268158126842, duration: 0.327s (327.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  7106921DAC19505F01EB41D216A3472A  1268158127107, duration: 0.265s (265.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  C13F374EAC19505F01F07377E7B792AD  1268158127201, duration: 0.094s (94.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  AC1FF6AAAC19505F009F7916ED5465B1  1268158127434, duration: 0.233s (233.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  E98C1BA1AC19505F014E639CC050500A  1268158127590, duration: 0.156s (156.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  2AE65ED7AC19505F01BD06B0C42F78E3  1268158127824, duration: 0.234s (234.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  003F9C0EAC19505F000BFC865C58F47E  1268158127995, duration: 0.171s (171.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  67853D35AC19505F01D26318190F45D6  1268158128104, duration: 0.109s (109.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  EFCD4BEDAC19505F010E518E8BE53912  1268158128229, duration: 0.125s (125.0)
>>> GetObject(getObjectByGUID): SemGroupPolicy  DB7D3CE0AC19505F00E485042564507E  1268158128354, duration: 0.125s (125.0)
>>> GetObject(getObjectByGUID): SemAgentPolicy  4B177A76AC19505F015AD89976ACEDC1  1268158128556, duration: 0.202s (202.0)


I can't be certain but I think these errors showed up in scm-ui.err about the same time I tried to add exceptions to the policy.

ERROR:GUIManager::getObject(): PhysicalFile   F3FFAD206E1A5EF09547DDB348E0E9E6
ERROR:GUIManager::getObject(): PhysicalFile   F3FFAD206E1A5EF09547DDB348E0E9E6
com.sygate.scm.console.util.ConsoleException: The object cannot be found. [0x16010000]
 at com.sygate.scm.console.util.GUIManager.getObject(GUIManager.java:438)
 at com.sygate.scm.console.util.DataobjectManager.getObjectByGUID(DataobjectManager.java:365)
 at com.sygate.scm.console.util.DataobjectManager.getObjectByGUID(DataobjectManager.java:350)
 at com.sygate.scm.console.util.DataobjectManager.getPhysicalFile(DataobjectManager.java:638)
 at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.initializeData(IdsMetadataObject.java:75)
 at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.<init>(IdsMetadataObject.java:53)
 at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.getCurrentObject(IdsMetadataObject.java:227)
 at com.sygate.scm.console.ui.policy.ids.logicobject.IdsMetadataObject.getIdsMetadataEventList(IdsMetadataObject.java:221)
 at com.sygate.scm.console.ui.policy.ids.dialog.IdsExceptionPanel.addException(IdsExceptionPanel.java:266)
 at com.sygate.scm.console.ui.policy.ids.dialog.IdsExceptionPanel$3.actionPerformed(IdsExceptionPanel.java:250)
 at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
 at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
 at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
 at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
 at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
 at java.awt.Component.processMouseEvent(Component.java:6263)
 at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
 at java.awt.Component.processEvent(Component.java:6028)
 at java.awt.Container.processEvent(Container.java:2041)
 at java.awt.Component.dispatchEventImpl(Component.java:4630)
 at java.awt.Container.dispatchEventImpl(Container.java:2099)
 at java.awt.Component.dispatchEvent(Component.java:4460)
 at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4574)
 at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4238)
 at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
 at java.awt.Container.dispatchEventImpl(Container.java:2085)
 at java.awt.Window.dispatchEventImpl(Window.java:2475)
 at java.awt.Component.dispatchEvent(Component.java:4460)
 at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
 at com.sygate.scm.console.util.KeepAlive$1.dispatchEvent(KeepAlive.java:42)
 at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
 at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
 at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:178)
 at java.awt.Dialog$1.run(Dialog.java:1045)
 at java.awt.Dialog$3.run(Dialog.java:1097)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.awt.Dialog.show(Dialog.java:1095)
 at java.awt.Component.show(Component.java:1563)
 at java.awt.Component.setVisible(Component.java:1515)
 at java.awt.Window.setVisible(Window.java:841)
 at java.awt.Dialog.setVisible(Dialog.java:985)
 at com.sygate.scm.console.ui.policy.explorer.ids.IDSLibraryHandler.getEditPolicy(IDSLibraryHandler.java:397)
 at com.sygate.scm.console.ui.policy.explorer.common.BasePolicyHandler.editPolicy(BasePolicyHandler.java:128)
 at com.sygate.scm.console.ui.policy.explorer.common.PolicyPoolPane.executeTask(PolicyPoolPane.java:127)
 at com.sygate.scm.console.ui.policy.explorer.ids.IDSLibsPoolPane.executeTask(IDSLibsPoolPane.java:94)
 at com.sygate.scm.console.ui.policy.explorer.common.PolicyPoolPane$PolicyTableCellListener.mouseClicked(PolicyPoolPane.java:464)
 at java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:253)
 at java.awt.Component.processMouseEvent(Component.java:6266)
 at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
 at java.awt.Component.processEvent(Component.java:6028)
 at java.awt.Container.processEvent(Container.java:2041)
 at java.awt.Component.dispatchEventImpl(Component.java:4630)
 at java.awt.Container.dispatchEventImpl(Container.java:2099)
 at java.awt.Component.dispatchEvent(Component.java:4460)
 at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4574)
 at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4247)
 at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
 at java.awt.Container.dispatchEventImpl(Container.java:2085)
 at java.awt.Window.dispatchEventImpl(Window.java:2475)
 at java.awt.Component.dispatchEvent(Component.java:4460)
 at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
 at com.sygate.scm.console.util.KeepAlive$1.dispatchEvent(KeepAlive.java:42)
 at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
 at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
 at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
 at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
 at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
 at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)

open IE
type: http://localhost:9090
will download a console install it
try loggin in , try creating a policy, are you able to create ?
if so try increasing the java heap size as per this doc.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101309471148 

I had already modified Java heap sizes back when I first installed SEPM.  Minimum is 512mb and maximum is 1024mb.  This is on a server with 2GB physical memory.

How many clients are managed using this SEPM?
What is OS and what is the database?
Do you tried by repairing?
Just for testing increase the physical RAM to 4 GB.. 

>>How many clients are managed using this SEPM?
140 clients
2 SEPM servers (primary and backup doing once-daily replication)


>> What is OS and what is the database?
Windows 2003 Server R2 Standard Edition w/SP2 (32bit)
Embedded database


Do you tried by repairing?
If you are referring to a repair from Add/Remove Programs as suggested by Aravind the answer is no, I have not tried that yet.


>> Just for testing increase the physical RAM to 4 GB.. 
Increasing RAM is not an option right now.  I don't understand how increasing the RAM is going to fix a problem like this.  The operating system runs fine.  The rest of SEPM runs fine.  I have another ten to twelve policies (AV, firewall, etc) that all work fine.

are you able to add new IPS policy? 

>> are you able to add new IPS policy? 
Not exactly.  I can click on Add An Intrusion Prevention Policy, but when I go to the Exceptions screen and click on the Add button I get a pop-up window with the error "Cannot load metadata file. See the console log file for details".

In Add/Remove Programs I ran a repair today.  There appear to be two 'parts' to this repair.  The first part doesn't require any user input, and it finished without any problems.  The second part is similar to what I see when I run Management Server Configuration Wizard.  I tried to run through that part but I think I have lost my password for the embedded database.    I have a password that works for the embedded database on the secondary SEPM - I even ran the Management Server Configuration Wizard successfully on the secondary SEPM - but that password is not working for the primary SEPM embedded database.

I should point out that on the secondary SEPM I am able to add/edit IPS policies without any problems, including adding exceptions.   This problem only happens on the primary SEPM.  But even if I create the policy on the second SEPM, then replicate, the problem continues to happen on the primary SEPM.

 What is the version of SEPM ..there was similar issue fixed in MR4.

Well you can try this
Copy sesm.xml file from the other working SEPM from %temp% of that SEPM server to %temp% of your SEPM Manager.

Try repairing SEPM again..then check if it works.

How to find the Database password for Embedded Database 

Check the ODBC connection also
Click Start> Control Panel
Open Administrator Tools
Double-click Data Sources (ODBC)
Select the System DSN tab
Double-click the SymantecEndpointSecurityDSN and go through the wizard to ensure the following settings:
Name: SymantecEndpointSecurityDSN
Description: <Anything>
Server: Servername\InstanceName (Can be blank as it is localized, otherwise specify default "sem5")
Login ID: dba
Password: <password>

Leave the default settings for the remaining items and click Finish
Click Test Data Source, and verify that it states "Success"
Click OK

The version is RU5.
Tried copying sesm.xml but that did not help.

I have been able to recover the embedded database password.
Ran Add/Remove Programs and did another Repair.  Was able to complete the entire thing without any problems.  But still having the exact same problem creating/editing IPS policies on the primary SEPM.

I ran the DB Validation Tool (described in KB2008050810375848)
These lines seem like they are indicating a problem:
2010-03-13 20:45:14.974 INFO: *********************************************
2010-03-13 20:45:14.974 INFO: Following ids are not present in the database.
2010-03-13 20:45:14.974 INFO: *********************************************
2010-03-13 20:45:14.974 INFO: Link is broken for [2] target ids :
2010-03-13 20:45:14.974 INFO: TargetId:[F3FFAD206E1A5EF09547DDB348E0E9E6]

That last line is the same string that appears in the scm-ui.err log:
ERROR:GUIManager::getObject(): PhysicalFile   F3FFAD206E1A5EF09547DDB348E0E9E6

Does this indicate a problem?

Do you checked the ODBC connection status?
If yes whether it was Success?

Yes, the ODBC connection was succesful. 

 Have you tried Editing/Modifying the database. As it looks the entry of the file is missing from the database.

You can try disaster recovery procedure once. Or else you might have to do a Un-install -Re-install-SylinkReplacer..

Uninstall SEPM with database reinstall it .Then do a disaster recovery .Refer below doc

Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

I used the Best Practices for Disaster Recovery document listed by AravindKM, but no luck.

Just for a confirmation have a look in the doc and assure that you are having all sufficient permissions.
Troubleshooting Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection installations: Checking rights and permissions

Whether you was able to edit the policy before the database restore?(Install SEPM,run management server configuration wizard)

Solved.

I was able to find a solution and thought I would record it here in case anyone else has the same problem in the future.

1. On the secondary SEPM (the one that did not have the problem editing IPS policies) I deleted its replication parter.
2. On the primary SEPM I uninstalled SEPM, the SEP client, and then ran CleanWipe. Rebooted.
3. Re-installed SEPM, during installation I selected the option for "Install an additional site for replication"
4. Replication took about thirty to forty-five minutes to complete.
5. After the installation was finished I was able to create a new IPS policy on the primary SEPM server.
6. On the primary SEPM I followed the instructions found in the disaster recovery document to restore the Keystore server certificate on the primary SEPM.