Within the Symantec Endpoint Protection Manager (SEPM) logs or console, it can be seen that a SEP client is trying to register with an invalid Domain ID.
Examples of SEPM tomcat\logs\scm-server log entries (FINEST logging may need to be enabled to see all details):
Unexpected server error / Unknown Exception
java.lang.IllegalArgumentException: Client is trying to register with invalid Domain ID 45A7120CC0A8ECFE013AFAC794DDE8E0 from xxxxxxxxx
com.sygate.scm.server.agentmanager.InvalidDomainIdRegistrationException: Client xxxxxx is trying to register with invalid Domain ID AD8FED1CC0A801EA202DF86C3BB4DE7E
The sylink.xml file being used by one or more clients refers to a Domain ID that no longer exists. This could occur if the SEPM was reinstalled or a former Domain has been deleted.
There are two different solutions for this issue. The first solution should be sufficient.
When this issue occurs a file called InvalidDomainChange.properties should be created within the <SEPM Install>\tomcat\etc folder. If you have never had this issue then the file will not be present. Edit the InvalidDomainChange.properties file. You should see something that looks similar below:
#Contains Invalid Domain ID and the corresponding Domain ID to be used to move a client #Wed Jun 07 17:58:24 CDT 2017 HWI83LM21M9S932AAPWGG524YTW99= L27AAA45MND2U1JK564786DDDF87611=
Edit the file to include the current Domain ID in use on the SEPM found when going to Admin > Domains. Below is an example edit of the properties file which will re-direct clients to use the B9D51233C0A8C5A6007AEB8641A0EB46 Domain ID. Again, every SEPM domain will be different so check Admin > Domains to find the correct Domain ID to use.
#Contains Invalid Domain ID and the corresponding Domain ID to be used to move a client #Wed Jun 07 17:58:24 CDT 2017 HWI83LM21M9S932AAPWGG524YTW99=B9D51233C0A8C5A6007AEB8641A0EB46 L27AAA45MND2U1JK564786DDDF87611=B9D51233C0A8C5A6007AEB8641A0EB46
Save the InvalidDomainChange.properties file after making the change and then restart the SEPM and SEPM Webserver services. This will redirect clients containing the two Domain IDs on the left to the Domain ID noted on the right.
... or replace the sylink.xml file on all problem clients (using the SylinkReplacer utility) with one that is currently in use by the SEPM (found in \Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent)
NOTE: The domain ID is just an identifier related to administrative domains under SEPM, it is NOT related to windows domain groups.
Imported Document ID: TECH90852
Subscribing will provide email updates when this Article is updated. Login is required.