Endpoint Protection Manager slowness or/and login hangs intermittently
search cancel

Endpoint Protection Manager slowness or/and login hangs intermittently

book

Article ID: 164825

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) slowness or login hangs intermittently. During this hang issue clients gradually start disconnecting from the SEPM. Also the standalone reporting URL doesn't work.

Restarting the SEPM service fixes the issue, but eventually the issue comes back.

 

Environment

SEPM Version: 14.X

 

Cause

Multiple causes:

- Insufficient system resources, or

- Apache performance issues

 

Resolution

To check system resources

  1. At the cmd prompt, to check the number of installed CPUs, type: 
    systeminfo | find "Processor(s) Installed"
  2. To check the amount of memory, type: 
    systeminfo | find "Total Physical Memory:"
  3. To check c: drive for space, type: 
    dir c: | find "bytes free" 
  4. To check other drives for space, repeat step 3 and substitute the drive letter for "c:"
  5. If there are fewer than the recommended 8 CPU cores, 8GB RAM, or less than 40 GB free on either the system disk or the disk where SEPM is installed, address those issues before continuing.

 

 

To improve Apache performance by tuning Apache for client communication and reporting component.

  • Edit the httpd.conf file by increasing the value for "ConnectionsToQueuePerChild" from '500' to '3000', as it was with 12.1.

httpd.conf default location is C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf.

  • Reduce the TIME_WAIT socket connection numbers if you see a buildup of TIME_WAIT connections in the log by creating a following registry entries:

    TcpTimedWaitDelay
    Registry value:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay
    Value Type: REG_DWORD
    Data: 30 (decimal)

    MaxUserPort
    Registry value:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort
    Value type: REG_DWORD
    Data: 65534 (decimal)
     
  • Throttle the agent registration by adding the following 3 parameters in the conf.properties file:
    scm.agentregistration.throttle.low=5
    scm.agentregistration.throttle.high=10
    scm.agentregistration.throttle.leak=100

  • Reduce the objects cache by adding the following to the conf.properties file:
    scm.cache.threshold=600

conf.properties file is located at C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc

  • If possible, reduce the LiveUpdate frequency on the SEPM to 8h and increase the heartbeat interval of all the groups to at least 30min in a pull mode.
     
  • Disable Application Learning temporarily.
     
  • If the SEPM is in a virtual machine, check for the following issue: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2129176
     
  • Check if there are any legacy clients forwarding the logs to the SEPM. If yes disable this option temporarily.
     
  • Restart the SEPM server for changes to take place and confirm that it fixes the issue.

Additional Information

System requirements for Symantec Endpoint Protection (SEP) 14.3 RU8

Powered by Wolken Software