After no apparent changes, the Symantec Protection Engine (SPE) UI can no longer be accessed via a web browser.

If a netstat is run, port 8004 and 8005 are no longer listening.

If installed to Windows, in the Program Files\Symantec\Scan Engine directory, the Certificate.pem, keyStore.private and keyStore.public are missing.

If installed to Linux, in the /opt/SYMCScan/bin directory, the Certificate.pem, keyStore.private and keyStore.public are missing.

Normally, during install and service starts, the Certificate.pem, keyStore.private and keyStore.public are generated or re-generated if missing. If this process is not happening, it indicates that SPE is unable to resolve the IP address of the fully qualified domain name (FQDN) of the local system via Domain Name System (DNS). If DNS is no longer providing forward and reverse name resolution of the local system, SPE will be unable to generate the certificate and keystore files used to encrypt the console web page.

Troubleshoot and resolve the DNS issues encountered around the time the console stopped working.

Workaround

Add a hosts file entry in one of the following locations.

• Windows: C:\Windows\System32\etc\hosts
• Linux: /etc/hosts

This entry should be in a format similar to the following: <IP address of SPE server>     <FQDN of SPE server>

For example: 
192.0.2.1    testhost.example.com

Once this entry is created in the host file, restart the Symantec Protection engine service. The Certificate.pem, keyStore.private and keyStore.public files should now be created and the website should be accessible.