Symptoms With Symantec Endpoint Protection Manager MR4 installed, you notice that client status reports do not reflect the current status of your client computers, possibly as far back as a few days. You will also notice a buildup of .DAT files in the following locations:
If you enable Symantec Endpoint Protection Manager extended logging (details in the Technical Information section of this document), you will see the following line repeated multiple times in the AgentLogCollector-0.log:
2009-01-12 15:29:02.008 FINE: SQLException: Using batch handler
This will only occur on Symantec Endpoint Protection Manager MR4 when using a Microsoft SQL database.
Symantec Endpoint Protection manager utilizes the BCP.exe SQL client tool for bulk processing and insertion of logs. This tool will move logs to the database that was described in the initial run of the Management Server Configuration Wizard. If the SQL instance isn't properly referenced (see Installation_Guide.pdf, page 70, which is included in the MR4 CD1 download), BCP.exe will attempt to access the database with an incorrect connection configuration . This will cause BCP.exe to wait for a timeout before attempting to connect again in a less efficient manner, dramatically affecting log parsing performance.
One potential solution is to re-run the Management Server Configuration Wizard on any/all affected Symantec Endpoint Protection Manager computers. Be sure to fill in the correct database server\instance name as indicated in the Installation_Guide.pdf. Once the Manager restarts, it may take some time for the large amount of unparsed logs to catch up and resume expected operations.
References Installation_Guide.pdf, page 70 (included with Symantec Endpoint Protection distribution files)
Technical Information To enable Symantec Endpoint Protection Manager extended logging:
Stop the service named "Symantec Endpoint Protection Manager"
Go to the following location: ..\Symantec Endpoint Protection Manager\tomcat\etc (depending upon installation settings chosen)
Find file name 'conf.properties'. Open it in notepad.exe or another non-formatting text editor.
Add the following line to the bottom: scm.log.loglevel=fine
Save the changes and close the file
Start the Symantec Endpoint Protection Manager service.
Logs will be generated in the folder: ..\Symantec Endpoint Protection Manager\tomcat\logs
Imported Document ID: TECH91835
Subscribing will provide email updates when this Article is updated. Login is required.