Endpoint Detection and Response (EDR)

 View Only
  • 1.  EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Posted Aug 09, 2022 05:02 AM
    Edited by Tomasz Rajkowski Aug 09, 2022 05:33 AM
    Hello all,
    Suddenly I lost my connection to SEPM. I cannot reconnect.
    SEPM is working fine. Valid user with highest privileges. SEPM restarts don't help.
    There is no error information in EDR. The systems are in one network so nothing is blocking.
    tcp_check -p 443 -t% adressSEPM% -v - connected
    tcp_check -p 8446 -t% adressSEPM% -v - connected

    "Connection error"
    "Sepm unavailable; confirm that your sepm is online and accessible..."

    What else can I check? Thank you.


  • 2.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Broadcom Employee
    Posted Aug 15, 2022 09:43 AM
    Edited by Gavin Fulton Aug 15, 2022 09:43 AM
    Hi Tomasz,
    I'd suggest changing the password for the account that the EDR manager uses to connect to the SEPM and then use that password to reconnect from EDR to SEPM. The EDR appliance uses the credentials to make an initial connection and retrieve an oauth token for future requests so it's possible something is "out of sync" and so this password reset should resolve the situation.
    regards,
    Gavin


  • 3.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Posted Sep 08, 2022 02:06 AM
    Unfortunately it didn't help. I used a local and domain account. System Administrator role. Is that something with API in SEPM? Please help.


  • 4.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Broadcom Employee
    Posted Sep 08, 2022 05:18 AM
    Hi Tomasz,
    I can only recommend that you open a support case so that a support engineer can review the SEPM detailed event logs to determine a root cause.
    The SEPM credentials that EDR requires need to be for an account with System Administrator rights, and we recommend a dedicated account for SEDR to use.
    regards,
    Gavin


  • 5.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Posted Oct 19, 2022 04:07 AM
    Edited by Tomasz Rajkowski Oct 19, 2022 04:17 AM
    Hi All,

    There is a problem with the API in the SEP Manager system.
    Upgrading the Console to RU5 doesn't help.
    What are the ways to fix the API?
    The user has the System Administrator role



  • 6.  RE: EDR Version: 4.6.8-8 > SEPM 14.3 RU3

    Broadcom Employee
    Posted Oct 20, 2022 07:02 AM
    Hi Tomasz,
    The appropriate course of action is to open a support case and our SEP support engineers will be able to assist.

    regards,
    Gavin