Troubleshoot communication issues with Endpoint Protection Manager 12.1

Article:TECH160964  |  Created: 2011-05-26  |  Updated: 2014-11-21  |  Article URL http://www.symantec.com/docs/TECH160964
Article Type
Technical Solution


Issue



This guide describes how to troubleshoot communication issues when Symantec Endpoint Protection Manager 12.1 is logging errors or displaying HTTP error codes.


Solution



The communication channels between all of the Symantec Endpoint Protection components must be open. These channels include, server to client, server to database, and server and client to the content delivery component, such as LiveUpdate.

 

Troubleshooting communication problems between the management server and the client

 

If you have trouble with client and server communication, you should first check to make sure that there are no network problems. You should also check network connectivity before you call Symantec Technical Support. You can test the communication between the client and the management server in several ways.

Look on the client to see if the client connects to the management server

You can check several important connection data values in the client. The dates, times, server address, and port numbers are available for troubleshooting connection problems. To check connection status data values in the client:

  1. On the client, on the program panel, click Help > Troubleshooting.

  2. In the left column, select Connection Status. View the connection status data values.

Enabling and viewing the Access log to check whether the client connects to the management server

You can view the Apache HTTP server Access log on the management server to check whether the client connects to the management server. If the client connects, the client's connection problem is probably not a network issue. Network issues include the firewall blocking access, or networks not connecting to each other. You must first enable the Apache HTTP server Access log before you can view the log.

Note: Disable the log after you view it because the log uses unnecessary CPU resources and hard disk space.

  • To enable the Apache HTTP server Access log:

    1. In a text editor, open the file

    2. C:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf.

    3. In the httpd.conf file, remove the hash mark (#) from the following text string and then save the file:

      #CustomLog "logs/access.log" combined

    4. Using services.msc, restart the Symantec Endpoint Protection Manager Webserver service (Apache)
      Click "Yes" to also restart the SEPM service

  • To view the Apache HTTP server Access log:

    1. On the management server, open

    2. C:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\logs\access.log

    3. Look for a client computer's IP address or host name, which indicates that clients connect to the Apache HTTP server.

    4. Disable the Apache HTTP server Access log when done.

Using the ping command to test the connectivity to the management server

  1. On the client, open a command prompt.

  2. Type the ping command.

  3. For example: ping name

    where name is the computer name of the management server. You can use the server IP address in place of the computer name. In either case, the command should return the server's correct IP address. If the ping command does not return the correct address, verify the DNS service for the client and check its routing path.

 

Using a browser to test the connectivity to the management server on the client computer

  1. On the client computer, open a Web browser, such as Internet Explorer.

  2. In the browser command line, type the following command:

  3. http://management_server_address:8014/secars/secars.dll?hello,secars

    where management_server_address is the management server's DNS name, NetBios name, or IP address. When the Web page appears, look for one of the following results: If the word OK appears, the client computer should be able to connect to the management server--check the client for a problem. If the word OK does not appear, the client computer cannot connect to the management server--the problem is likely at the server's end.

 

Check for any network problems

You should verify that there are no network problems by checking the following items:

  • Test the connectivity between the client and management server first. If the client computer cannot ping or Telnet to the management server, you should verify the DNS service for the client.

  • Check the client's routing path.

  • Check that the management server does not have a network problem.

  • Check that the Symantec Endpoint Protection firewall (or any third-party firewall) does not cause any network problems.

Check the debug logs on the client

You can check the debug log on the client. If the client has communication problems with the management server, status messages about the connection problem appear in the log.
You can check the debug log by using the following methods:

  • In the client, on the Help and Support menu, in the Troubleshooting dialog box, you can click "Edit Debug Log Settings" and type a name for the log. You can then click "View Log".

  • You can use the Windows registry to turn on debugging in the client:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_debuglog_on

 

Check the inbox logs on the management server

You can use a Windows registry key to generate logs about activity in the management server inbox. When you modify the Windows registry key, the management server generates the logs (ersecreg.log and exsecars.log). You can view these logs to troubleshoot client and server communication.

To check the inbox logs on the management server:

  1. On the management server, under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SEPM, set the DebugLevel=3.

  2. Typically, the inbox appears in the following location on the management server computer:

    \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log

  3. Open the log with Notepad.

Recover lost client communication by using the SylinkDrop tool

  1. In the SEPM console, export the communication file (sylink.xml) from the client group to which you want the client computer to connect.

  2. Deploy the communication file to the client computer:

  3. On the product disc, locate the \Tools\NoSupport\SylinkDrop folder, and open SylinkDrop.exe.

    You can run the tool remotely or save it and then run it on the client computer. If you use the tool on the command line, read the SylinkDrop.txt file for a list of the tool's command parameters.

     

Additional Option in SEP 12.1.2 - RU2 and Above is the Communication Update Package Deployment:

Refer to the KB Article:
Restoring client-server communications with Communication Update Package Deployment
Article URL http://www.symantec.com/docs/HOWTO81109

Note:
Please ensure the Computer Browser Service is running on the Server
 

Troubleshooting communication problems between the management server and the console or the database

If you have a connection problem with the console or the database, you may see one of the following symptoms:

  • The management server service (semsrv) stops.

  • The management server service does not stay in a started state.

  • The Home, Monitors, and Reports pages display an HTTP error.

  • The Home, Monitors, and Reports pages are blank.

  • The Home, Monitors, and Reports pages display a continuously loading progress bar, without displaying any content.

All of these issues display a Java -1 error in the Windows Event log. To find the specific cause for the Java -1 error, look in the scm-server log. The scm-server log is typically located in the following location:

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\scm-server-0.log

 

Test the connectivity between the database and the management server

If the management server runs the embedded Sybase database, perform the following steps:

  • Verify that the Symantec Embedded Database service runs and that the dbsrv11.exe or dbsrv12.exe process listens to TCP port 2638.

  • Test the ODBC connection.

If the management server runs the remote SQL database, perform the following actions:

  • Verify that you have specified a named instance when you installed and configured Symantec Endpoint Protection Manager.

  • Verify that SQL Server runs and is properly configured.

  • Verify that the network connection between management server and the SQL database is correct.

  • Test the ODBC connection.

To verify ODBC connection with the embedded database:

  1. Click Start button and select Run.

    • If the Operating System is 32 bit, enter "%systemroot%\system32\odbcad32.exe"

    • If the Operating System is 64 bit, enter "%systemroot%\syswow64\odbcad32.exe"

  2. In the ODBC Data Source Administrator dialog box, click System DSN.

  3. On the System DSN tab, double-click SymantecEndpointSecurityDSN.

  4. On the ODBC tab, verify that the Data source name drop-down list is SymantecEndpointSecurityDSN and type an optional description.

  5. Click Login.

  6. On the Login tab, in the User ID text box, type dba.

  7. In the Password text box, type the password for the database. This password is the one that you entered for the database when you installed the management server.

  8. Click Database.

  9. On the Database tab, in the Server name text box, type<\\servername\instancename>. If you use the English version of Symantec Endpoint Protection Manager, type the default, sem5. Otherwise, leave the Server name text box blank.

  10. On the ODBC tab, click "Test Connection" and verify that it succeeds.

  11. Click OK.

  12. Click OK.

To verify ODBC connection to the SQL database:

  1. Click Start button and select Run.

    • If the Operating System is 32 bit, enter "%systemroot%\system32\odbcad32.exe"

    • If the Operating System is 64 bit, enter "%systemroot%\syswow64\odbcad32.exe"

  2. In the ODBC Data Source Administrator dialog box, click System DSN.

  3. On the System DSN tab, double-click SymantecEndpointSecurityDSN.

  4. In the Server drop-down list, verify that the correct server and instance is selected.

  5. Click Next.

  6. For Login ID, type sa.

  7. In the Password text box, type the password for the database.

  8. This password is the one that you entered for the database when you installed the management server.

  9. Click Next and make sure that sem5 is selected for the default database.

  10. Click Next.

  11. Click Finish.

  12. Click "Test Data Source" and look for the result that states: TESTS COMPLETED SUCCESSFULLY!

 

Check that the management server heap size is correct

You may need to adjust the heap size that is appropriate for the management server's operating system. If you cannot log in to the management server's remote console, or if you see an out-of-memory message in the smc-server log, you may need to increase the heap size. The default heap size for Symantec Endpoint Protection Manager is 256 MB.

 

Check that the management server is not running multiple versions of PHP

You can check whether the management server runs multiple software packages that use different versions of PHP. PHP checks for a global configuration file (php.ini). If there are multiple configuration files, you must force each product to use its own interpreter. When each product uses the correct version of PHP associated with it, the management server operates properly.

 

Check the system requirements

You can check whether both the client and the management server run the minimum or recommended system requirements.





Article URL http://www.symantec.com/docs/TECH160964


Terms of use for this information are found in Legal Notices