Endpoint Protection

 View Only

  • 1.  Vague System Event Notifications

    Posted Jun 11, 2009 12:45 PM
    We keep getting these error notifcation emails:

    Number of system events detected: 1
    System events included:
    Server,
    Replication,
    Backup/Restore,
    Errors.



    See attached report for more details.


    We open the attached report and it says

    Severity:  severe
    Event Type: An unexpected exception has occurred
    Description:  (This is usually blank)


    The last time there was actually some info in the description and it says:  Connection refused: connect

    We have MR4MP2 and  use the embedded database
    We only have one SEPM server, so there isn't anything to replicate to.
    If we backup the database manually there is no error.

    The OBDC configuration tests successfully.

    What is the cause of this?


  • 2.  RE: Vague System Event Notifications

    Posted Jun 11, 2009 04:59 PM
    Run the Management Server Configuration Wizard.

    If that does not resolve it, examine the scm-server-0.log for possible indications of the cause. By default, this log is located in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\.

    See KB - http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009040215230748

    Thomas



  • 3.  RE: Vague System Event Notifications

    Posted Jun 11, 2009 08:06 PM
    I found one of the reports that has a more detailed but cryptic description:

    [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece


    I don't know what that means.


  • 4.  RE: Vague System Event Notifications
    Best Answer

    Posted Jun 12, 2009 12:42 AM
    Do you have AD or Ldap integrated with SEPM console for users or group?


     A full DN must be used here, something like:

    CN=FName LName,OU=OrgUnit_the_user_stored_in,DC=Domain_name,DC=Domain_suffix


    The error shown below is similar each time there is an LDAP authentication issue.
    "The exception is [LDAP: error code 49 - 80090308: LdapErr: DSID-0Cxxxxxx, comment: AcceptSecurityContext error, data xxx, vece ]."

    However, there are several values that can indicate what LDAP function is causing the issue. Here are some general references for Microsoft Active Directory:

    The AD-specific error code is the one after "data" and before "vece" or "v893" in the actual error string returned to the binding process

    525 user not found
    52e invalid credentials
    530 not permitted to logon at this time
    531 not permitted to logon at this workstation
    532 password expired
    533 account disabled
    701 account expired
    773 user must reset password
    775 user account locked

    So in our case it is Invalid credentials


  • 5.  RE: Vague System Event Notifications

    Posted Jun 12, 2009 12:07 PM
    Run the Management Server Configuration Wizard.

    If that does not resolve it, examine the scm-server-0.log for possible indications of the cause. By default, this log is located in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs


  • 6.  RE: Vague System Event Notifications

    Posted Jun 12, 2009 04:05 PM
    We are using LDAP and we have been using domain\username in that field for nearly a year without this error showing until recently, so I don't see why we would need to change it now.  The user is several levels deep in the OU structure.
    We ran the management Server Configuration Wizard yesterday, so we will see if that solves it.