Compliance log entry details in Endpoint Protection Manager are missing compliance check results
search cancel

Compliance log entry details in Endpoint Protection Manager are missing compliance check results

book

Article ID: 172337

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Compliance log entry details in SEPM (Symantec Endpoint Protection Manager) are missing compliance check results. Normally, the details dialog for a compliance log event will include a link at the top ("Go to compliance check results") which will take you to a "Compliance Check Results" section at bottom of dialog, where you can see the details of conditions that were checked and how they failed or passed. In some cases, this link and the check results section are entirely missing from this dialog.

The following error will be seen in [SEPM_Installation_Folder]\apache\logs\reporting.log when you view details of a compliance log entry:

ERROR:php_sqlsrv_71_nts_x86.dll driver missing

Environment

Windows

SEP

Cause

The cause of this is due to third-party issues outside of Symantec's control. Microsoft has dropped support for its generic SQL Server driver and Symantec cannot ship the appropriate driver with SEP. Additionally, there is a bug in PHP7; ODBC is supposed to be supported in the core but isn't at this time.

Resolution

A work-around involves downloading the SQL PHP driver from Microsoft and adding it to the SEPM installation:

  1. Download php_sqlsrv_71_nts_x86.dll from Microsoft - available in self-extracting archive of Microsoft Drivers 5.3 for PHP for SQL Server.
  2. Copy php_sqlsrv_71_nts_x86.dll into [SEPM_Installation_Folder]\Php\ext\
  3. Enable this extension in [SEPM_Installation_Folder]\Php\Php.ini  - add the following line near top of file, in [PHP] section with other extension settings:
    extension=php_sqlsrv_71_nts_x86.dll
  4. Log out of SEPM, restart Apache, and login to SEPM and retry viewing compliance log event details.

If you still do not see compliance check results in log event details and the php_sqlsrv_71_nts_x86.dll error is no longer appearing in reporting.log, it is likely that you also need to install Microsoft's ODBC driver for SQL (various versions linked here). Close the compliance log event details and install ODBC driver - no logoff or restart of SEPM services should be necessary - and re-open event details and you should see compliance check results. The ODBC driver and older SQL native client can be installed together. Note that the SEPM still requires the native client - the SEPM installer will throw an error it is not present: "Failed to create the ODBC data source"