Unexpected Server alerts are being received every 10 minutes
Last Updated May 06, 2019
Prevalent e-mail alerts from the Symantec Endpoint Protection Manager (SEPM) repeat every 10 minutes, indicating that an "Unexpected Server Error" has occurred. This behavior occurs without any specific trigger that the user or administrator can identify.
SEP 14.2, with managed SEP Clients
Unexpected Server Error messages should be diagnosed with Tomcat debugging.
com.sygate.scm.common.configobject.ValidationException: The entity name must immediately follow the '&' in the entity reference. at com.sygate.scm.common.configobject.XMLHelper.parseSAX(XMLHelper.java:563) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:168) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:179) at com.sygate.scm.common.configobject.AbstractSchema.readXML(AbstractSchema.java:214) at com.sygate.scm.server.agentmanager.actions.AgentRegisterHandler.handleRegistrationRequest(AgentRegisterHandler.java:288)
To match the AgentHandler issue, it is necessary to review the AgentRegisterHandler log. The AgentRegister-x.log reveals:
THREAD 82116 WARNING: com.sygate.scm.common.configobject.ValidationException: The reference to entity "M" must end with the ';' delimiter.
The SEPM does not allow certain characters, such as "&" in a group name. Normally, the SEPM UI will block a group from being created with an invalid character.
In cases where AD import is utilized for groups, it is possible that an invalid character such as "&" may be imported, and cause this issue.
SEPM presently does not have a validation mechanism for non-supported characters imported via Active Directory Import.
If an upgrade to 14.2 RU1 is not an option at this time, the following steps must be taken to remediate this issue:
Rename the group in SEPM, such that it is not using the '&' or other unsupported characters.
The clients in the group will contain cached group name information containing the '&'. For resolution of this issue, move the clients to another SEPM group that does not contain an ampersand character. This will update the preferred group entry in the client's opstate info, which will clear the opstate of the cached special character. The client can then safely move the clients back into it's original group, which has been renamed.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe