EDR UI shows Sepm returned non 200 HTTP response
search cancel

EDR UI shows Sepm returned non 200 HTTP response

book

Article ID: 164230

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When trying to setup EDR "Endpoint Detection and Response" in the E UI customer gets a "Sepm returned non 200 HTTP response".

Note: See the Error Message section for the error.

 

EDR central_manager.log will show this:

SepmAuthenticator - Error HTTP Response from SEPM for authentication. Response : 401
SepmCommunicationMgrImpl - Failed to connect to SEPM. Most probably because of bad/invalid certificate
SepmCommunicatorRemoteImpl - Error when trying to connect to SEPM. Exception : {"errorCode":"401","errorMessage":"Domain ''{0.EN_US}'' is disabled."}:name=ERROR_HTTP_RESPONSE_NOT_OK, description=Sepm returned non 200 HTTP response. There was an error.

 

SEPM catalinaws.out will show this:

ERROR com.symantec.sepm.server.common.exception.handler.GlobalControllerExceptionHandler - EXCEPTION: error.login.domainDisabledcom.symantec.sepm.core.exception.AuthorizationException: error.login.domainDisabled

Cause


 

Resolution

  • Collect EDR Logs and SEPM logs.
  • Review the logs (Note: See Error Message section for exact Error Messages.)
  • Solution

Review the logs:

  1. Review the EDR central_manger.log and perform a search for "Error when trying to connect to SEPM".
  2. Verify that it matches the exact error messages in the Error Message Section in the KB.
  3. Review the SEPM catalinaws.out log and perform a search on "domainDisabled".
  4. Verify that it matches the exact error messages in the Error Message Section in the KB.
  5. Log into the SEPM UI and verify what domain is listed there.
    1. Click on Admin tab in the SEPM UI.
    2. Click on Domains
    3. Look what is displayed in Domain Name. This is what you will used to configure the domain on the EDR UI for Endpoint Detection and Response.

Solution:

  1. Log into the EDR UI and click on Settings>Global
  2. Scroll down to Endpoint Detection and Response
  3. Click on Add server
  4. Key in all of the appropriate info.
  5. In the Domain section you will want to input the Domain that you listed in the SEPM or if the domain is default then leave it as default.