UPDATE: SEPM 12.1.5 and higher
A few kind people reported that this doesn’t seem to work with 12.1.5. I have tested the script with 12.1.6 and it still works however you might need to set the JRE_HOME system variable first.
To do this:
- Navigate to the “Advanced System Settings” section of the Control Panel.
- In the “System variables” section of the Environment Variables window that opens, ensure that the JRE_HOME environment variables are pointed at the following location: C:\Program Files\Java\jre<version>
- Click OK and Apply to close the System Properties Window.
You can check it worked if you try going to %JRE_HOME% and end up in the folder you’ve just set.
If you run into any problems do comment below.
UPDATE: Download the script from here: https://www.dropbox.com/s/sofc89su1552rj4/resetpass.bat?dl=0
I’ve spent some time today trying to reset the admin account for Symantec Endpoint Protection Manager. In earlier versions you could use resetpass.bat file as detailed in http://www.symantec.com/business/support/index?page=content&id=HOWTO18134. However for greater security Symantec haven’t included this utility in version 12.1. Instead you can use the Forgotten Password link on the logon screen. The main problem is that if you haven’t set up email server settings in the Manager console previously this won’t be any help to you.
Quite a few forum posts suggest logging a support case with Symantec to obtain a new version of the resetpass.bat file but I couldn’t find anybody actually offering this up for download so I thought I’d share the love and save other people logging support calls:
@echo off
setlocal
set CATALINA_HOME=%CD%..\tomcat
set JRE_HOME=%CD%..\jre
“%JRE_HOME%\bin\java.exe” -Xms64m -Xmx256m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=40 -classpath “%CD%..\bin\inst.jar;%CD%..\bin\inst-res.jar” -Dcatalina.home=”%CATALINA_HOME%” -Djava.library.path=”%CATALINA_HOME%\bin;%CATALINA_HOME%..\ASA\win32″ com.sygate.scm.tools.DatabaseFrame setpassword admin admin
endlocal
You can download the file here: resetpass.bat or just copy and paste into notepad and save as resetpass.bat in \Program Files\Symantec\Symantec Endpoint Protection Manager\Tools folder
You will need to run this from command prompt with admin priviledges and your admin login will be set to:
username: admin
password: admin
What Kat Did 
didnt work for me 😦
When i tried to save it as a batch it said something about unicode vs asci
when I ran it it didnt run right…
The copy and paste can be a pain with batch files. I think the formatting adds some funky characters at the beginning of each line. You could always try typing it in which should definitely work but will be a bit painful.
It didn’t work for me either…neither did typing it in.
I’ve just tried running it again and it works fine. Try downloading the file from here: https://dl.dropboxusercontent.com/u/12211262/resetpass.bat. Otherwise let me know what errors you’re getting and I’ll take a look.
thanks so much , its very great-full ,and work
but copy and past not work , must be make download the file from link
It worked like a charm. Thank you !!
Folks, the pasted resetpass.cmd content in the blog post isn’t working because the trailing backslash is missing after the %CD% variable throughout the script. If you do a search and replace and change all ‘%CD%’ to ‘%CD%\’ then it should work. But I recommend downloading the file instead, as that is correct.
Thanks Nev. Agree that downloading the file is the easiest way.
Hey,
Thanks very much mate. worked perfectly…
Love ya buddy.
Works great for me Thank You!!!!!!!!!!!!!!
Works great!
Thank you very much, saved my bacon!
We real appreciate buddy for your unselfishness!
Anyone tried this with latest SEPM 12.1.5 to see if it still works?
Thanks for amazing tool you saved my Life.
thanks it worked for me.
thank you!
thanks worked for me
downloaded and ran it…worked great….Thanks!
Yes, great, thanks for this file. Saved my butt!
Thank you, this saved me!
YOU DA MAN
thank you it works!
You are awesome Kat. This just saved my bacon.
Saved my day! Thanks!
Thanks Kat!
work like a charm! saved me having to call symantec support.
Symantec removed the Resetpass.bat from ver 12.** but this script is working so well also for the new version. have no idea why to make our life harder.
anyway – thank you for the link
Thanks !!! Works Great!!!
Glad it helped!
AN error occured when i hav executed the script : could not connect to the database.
please help
Sorry Afiffe, I didn’t manage to replicate your error. Did you get it sorted in the end? Maybe have a look at the latest update on the post to see if it helps even though I suspect your issue may be different.
No longer works with Server 2012R2 with SEPM 2.1.5 Build 5337
Seems to work, goes through all the actions. but no change to the password.
I too tried it on 12.1.5 running on a 2008r2 server, and it doesn’t work.
I’m not a programmer, but I put pauses into the script to troubleshoot, and the first 2 ‘set directory’ commands work. On the next set of commands where it is defining JRE_HOME and CATALINA_HOME it says the path is not found, or not available, I forget.
My server is in a secure lab without connection to outside so I have to keep running back and forth. Symantec says I have to save a recovery file and then uninstall/reinstall. If I have to do that, I will, but I’d prefer to just reset the PW.
That’s really rubbish. Did you end up logging a support case with Symantec?
Right I’ve got it to work with 12.1.6 but had to set the system variable for JRE_HOME first. Check out the edit in the article for details and let me know if it does the trick for you.
Sorry for the delay, but wanted to come back and give you an update. My install didn’t have a java directory in program files. SEPM must have been using java from it’s own directory (I didn’t do the original install). I had the person who did the original install look at it and he tried to hardcode the script to point to the proper paths, but we never got it running and finally threw up our hands and did a reinstall.
I did originally open a trouble ticket with Symantec, but their answer was ‘do a reinstall’. I was trying to avoid that, but in the end it wasn’t as painful as I thought, just grab the security key backup directory from the SEPM folder before you start, and during the reinstall it will ask you for the backup file. Once you’re back in SEPM, if any of the clients fail to reconnect you can generate an executable to run on the clients that will point them back to the server.
Nice to hear the end of the story Tom even if it didn’t quite work out as planned. I guess the main thing is you’ve got it all back again and as you said the reinstall isn’t too painful. I wonder if installing Java separately on the server would have done the trick. In my case it’s a management server with a lot of different tools so perhaps one of them required Java . I’m sure you’ve configured the smtp server settings already anyway so hopefully won’t need it again.
You are awesome! Karma will bring good things your way.
Had to leave a comment because this was so clutch. Worked on 12.1.5 after creating JRE_HOME variable. Thank you so much!
Thanks Buddy…………..you save me from lot of pain ………….
Thank you Very much for guide us
You are awesome. Symantec wanted me to do a clean wipe and reinstall.
Very helpful. Thank you!
this worked for me ver 12.1.6 RU6 thanks — phewwww
Any chance of re-uploading the file
Dowwnload link didn’t work for me. Is it still available
link not working please update
Apologies everyone – the link has now been fixed!
Worked Great thanks so much. Symantec support wouldn’t help at all.
When I ran the batch file but didn’t get a changed password I looked though the logs at Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs and notice a few of the logs were saying it couldn’t find dbjdbc16 or something like that. From the batch I could see that it wanted the dbjdbc16.dll file to be at the -Djava.library.path=”%CATALINA_HOME%\bin;%CATALINA_HOME%\..\ASA\win32 location. it wasn’t there. however I DID see a dbjdbc16.dll file in the win64 folder. I modified that in the resetpwd.bat file and viola. Worked like a champ.
HI This works but you need to edit the %CD% environmental variable because its not correct. I basically removed the %CD% and based on the command figured out where inst.jar and inst-res.jar live.
This is how my version looks like
#@echo off
setlocal
set CATALINA_HOME=C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat
set JRE_HOME=C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\jre
“%JRE_HOME%\bin\java.exe” -Xms64m -Xmx256m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=40 -classpath “%CATALINA_HOME%\..\bin\inst.jar;%CATALINA_HOME%\..\bin\inst-res.jar” -Dcatalina.home=”%CATALINA_HOME%” -Djava.library.path=”%CATALINA_HOME%\bin;%CATALINA_HOME%\..\ASA\win32″ com.sygate.scm.tools.DatabaseFrame setpassword admin admin
endlocal
After those corrections it worked like a charm.