Restoring communication to Symantec Endpoint Protection clients with a new Sylink.xml file

Article:TECH106288  |  Created: 2008-01-17  |  Updated: 2012-06-07  |  Article URL http://www.symantec.com/docs/TECH106288
Article Type
Technical Solution


Environment

Issue



How to associate Symantec Endpoint Protection (SEP) clients to a new Symantec Endpoint Protection Manager (SEPM) in the case of retiring an old one or a disaster, etc.?



 


Error



Symptoms
For whatever reason, the SEPM that clients are associated with is no longer available.  These clients cannot receive new policies or content and their logs do not appear in the new SEPM's console.


Cause



1. The original SEPM has an unrecoverable disaster and there are no backups or disaster recovery preparations. 2. The original SEPM is retired or re-installed without disaster recovery preparation. 3. Client(s) are no longer communicating and as part of troubleshooting clients need to have a new Sylink.xml.


Solution



SEP 12.1:

Please see the article How to change the sylink.xml file in Symantec Endpoint Protection (SEP) 12.1 .  Tools designed for SEP 11 will not successfully change the sylink.xml file on SEP 12.1, and vice-versa.

 

SEP 11 MR3 or later:
First export the Sylink.xml from the group you want your clients to report to initially.

  1. Click the Clients tab in the SEPM and select the group you want. Right click on it and select Export Communication Settings.
  2. Click browse, select a convenient location and name the file "Sylink.xml".
  3. Click Export.

Replacing Sylink file manually on the Client:

1) Click on Start, Run and on the Run command window type smc -stop.

2) Copy the exported Sylink.xml and paste it to the root of the Symantec client install folder.

By default the location is: c:\program files\symantec\symantec endpoint protection

After you've copied the sylink.xml file, click Start, Run and in the Run command window type smc -start.

You should see the client shield appearing in the bottom right corner in the system tray with a green dot on it.

Alternatively, You can use the SylinkDrop.exe tool:

  1. Get the SylinkDrop.exe tool out of Tools\NoSupport\Sylinkdrop on CD2 of the SEP 11 install media set.
  2. Using your management software (Tivoli, SMS, Altiris, etc) you will script it to drop the SylinkDrop.exe and the Sylink.xml to C:\Sylink (or whatever directory you choose) and run the Sylinkdrop.exe.

Note: See the Sylinkdrop readme for argument info. You will use an argument list like: Sylinkdrop.exe -silent C:\Sylink\Sylink.xml

SEP 11, Pre-MR3:
Locate the folder containing the Sylink.xml file for the Temporary (Default) client group:

  1. In the Symantec Endpoint Protection console, click the Clients icon and Select the Temporary (Default) group
  2. Go to the 'Details' tab and note the first 4 Alpha-Numerals for the 'Policy Serial Number'
  3. On the computer that runs Symantec Endpoint Protection Manager, go to: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\"
    You will see folders with 32-character alphanumeric names, each representing a client group.
  4. Find the folder corresponding to the first 4 unique Alpha-Numerals noted for the 'Policy Serial Number'.
  5. Copy the "Sylink.xml" file from that folder, to a convenient location.
  6. Get the SylinkDrop.exe tool out of Tools\NoSupport\Sylinkdrop on CD2 of the SEP 11 install media set.
  7. Using your management software (Tivoli, SMS, Altiris, etc) you will script it to drop the SylinkDrop.exe and the Sylink.xml to C:\Sylink (or whatever directory you choose) and run the Sylinkdrop.exe.

Note: See the Sylinkdrop readme for argument info. You will use an argument list like: Sylinkdrop.exe -silent C:\Sylink\Sylink.xml.
For networked applications, the SylinkReplacer utility can be used by contacting Technical Support. This utility is also provided as a convenience to doing the same thing manually.




Technical Information
Note: The following steps are included if you need to drop the Sylink.xml file manually


For non-English versions of Windows, you may find that either the SylinkDrop.exe is not available or does not work.

In these situations, you may do the following steps manually:

1. Stop the Symantec Management Client (smc.exe) service via Services.msc
i.e. Within Services.msc, right click Symantec Management Client, click Stop

OR

Execute C:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe with the -stop switch
i.e. Start > Run > smc -stop

2. Ensure that you have the correct Sylink.xml that you want to apply (i.e. SEP client to be attached to correct group etc)
Copy the exported SyLink.xml into C:\Program Files\Symantec\Symantec Endpoint Protection\

Exported Sylink.xml can be completed within the SEPM console:
Clients > View clients
Highlight the group in which you require the Sylink.xml from
Right click, & click on "Export Communications Settings ... "

By default, the name of the xml file saved, is in the format of: My Company_Default Group_name of group_sylink.xml
After exporting this xml file, you'll need to rename this in the format sylink.xml, before dropping into SEP folder

It is good practice to always backup the original copy before hand, or to rename the present sylink.xml, before moving or copying over the exported one.

3. After new sylink.xml has been copied to the SEP folder, restart the smc service.

Either:
Start the Symantec Management Client (smc.exe) service via Services.msc
i.e. Within Services.msc, right click Symantec Management Client, click Start

OR

Execute C:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe with the -start switch
i.e. Start > Run > smc -start

After a few minutes or so, you will see the SEP client now attached to the new group as stated within the sylink.xml file

 




Legacy ID



2008101707165348


Article URL http://www.symantec.com/docs/TECH106288


Terms of use for this information are found in Legal Notices