Troubleshooting Symantec Protection Center communication problems

Article:TECH92268  |  Created: 2009-01-09  |  Updated: 2010-08-13  |  Article URL http://www.symantec.com/docs/TECH92268
Article Type
Technical Solution


Issue



You want to troubleshoot Symantec Protection Center communication problems.

 


Solution



This document provides information about troubleshooting communication problems that may arise between the Symantec Endpoint Protection Small Business Edition server and clients.

About checking the communication between the management server and the client
If you have trouble with client and server communication, you should first check to make sure that there are no network problems. You should also check network connectivity before you call Symantec Technical Support.

You can test the communication between the client and the management server in several ways:

 

What to check Description
Check the client Health State status in the Symantec Protection Center console The health state shows whether the client and the server communicate.

For more information, see the section, "Viewing the client health state in the management console" in this document.
Check the client status icon on the client. The client status icon shows whether the client and the server communicate.

For more information, see the section, “About the client status icon in the client” in this document
Check the connection status on the client Use the Troubleshooting utility on the client to check dates, times, server, and port numbers for recent client-server connections.

For more information, see the section, "Viewing the client connection status" in this document.
Check the policy serial number in the client and in the management console The serial number should match if the client can communicate with the server and receives regular policy updates.

You can perform a manual policy update and then check the policy serial numbers against each other.

For more information, see the section, “Performing a manual policy update to check the policy serial number” in this document.
Test the connectivity between the client and the
management server.
You can issue several commands on the client to test the connectivity to the management server:
  • Ping the management server from the client computer. See "Using the ping command to test the connectivity to the management server" in this document.
  • Telnet to the management server from the client computer. See Using Telnet to test the connectivity to the management server" in this document.
  • Use a Web browser on the client to connect to the management server. See, "Using a browser to test the connectivity to the management server" in this document.
Check for any network problems You should verify that there are no network problems by checking the following items:
  • Test the connectivity between the client and the management server first. If the client computer cannot ping or Telnet to the management server, verify network connections and services for the client.
  • Check the client's routing path.
  • Check that the management server does not have a network problem.
  • Check that the Symantec Endpoint Protection firewall (or any third-party firewall) does not cause any network problems.
Check the debug log on the client You can use the debug log on the client to determine if the client has communication problems.

For more information, see “Checking the debug log on the client computer” in this document.



About checking the communication between the management server and the console or the database
If you have a connection problem with the console or the database, you may see one of the following symptoms:

    • The management server service (semsrv) stops.
    • The management server service does not stay in a started state.
    • The Home, Monitors, and Reports pages display an HTTP error.
    • The Home, Monitors, and Reports pages are blank.
    • The Home, Monitors, and Reports pages display a continuously loading progress bar, without displaying any content.


All of these issues display a Java -1 error in the Windows Event log. To find the specific cause for the Java -1 error, look in the scm-server log. The scm-server log is typically located in the following location: C:\Program Files\Symantec\Symantec Protection Center\tomcat\logs\scm-server-0.log


 

What to check Description
Test the connectivity between the database and the management server. You can verify that the management server and the database communicate properly.

See “Verifying the connection with the database” in this document.
Check that the management server heap size is correct. You may need to adjust the heap size that is appropriate for the management server's operating system. If you cannot log in to the management server's remote console, or if you
see an out-of-memory message in the smc-server log, you may need to increase the heap size. The default heap size for Symantec Protection Center is 256 MB.

For more information on system requirements, see the Implementation Guide for Symantec Endpoint Protection Small Business Edition.
Check the system requirements You can check whether both the client and the management server run the minimum or recommended system requirements.

For more information, see the Implementation Guide for Symantec Endpoint Protection Small Business Edition.


Viewing the client health state in the management console
You can check the client health state in the management console to determine whether the client and the server communicate.

To view the client health state in the management console

    1. In the console, click Computers.
    2. On the Computers page, select the group in which the client belongs.
    3. On the Computers tab, in the list of clients, look for the client name.
    4. In the row with the client name, the Health State column shows the client connection status.


About the client status icon in the client
You can find the client status icon in the notification area on the client computer. The icon appears as a yellow shield icon with a green dot when the client can communicate with the management server. For more information on the client status icons, see the Client Guide for Symantec
Endpoint Protection Small Business Edition.

Viewing the client connection status in the client
You can check several important connection data values in the client. The dates, times, server address, and port numbers are available for troubleshooting connection problems.

To check connection status data values in the client

    1. On the client, on the program panel, click Help > Troubleshooting.
    2. In the left column, select Connection Status.
    3. Check the connection status data values.


Viewing the policy serial number
You should check the policy serial number on the client to see if it matches the serial number that appears in the management console. If the client communicates with the management server and receives regular policy updates, the serial numbers should match. If the policy serial numbers do not match, you can try to manually update the policies on the client computer and check the troubleshooting logs.

To view the policy serial number

    1. On the management server, in the console, click Computers.
    2. Under Computers, select the relevant group. The policy serial number and policy date appear in the upper right corner of the program window.
    3. On the client computer, in the client, click Help > Troubleshooting.
    4. On the Management tab, look at the policy serial number. The serial number should match the serial number of the policy that the management server pushes to the client.


Performing a manual policy update to check the policy serial number
You can perform a manual policy update to check whether or not the client receives the latest policy update. If the client does not receive the update, there might be a problem with the client and server communication. After you run a manual policy update, make sure that the policy serial number that appears in the client matches the serial number that appears in the management console.

To perform a manual policy update

    1. On the client, click Help > Troubleshooting.
    2. In the Troubleshooting dialog box, in the left column, select Management.
    3. On the Management panel, under Policy Profile, click Update.


Using the ping command to test the connectivity to the management server
You can try to ping the management server from the client computer to test connectivity.

To use the ping command to test the connectivity to the management server

    1. On the client, open a command prompt.
    2. Type the ping command. For example:

      ping <name>

      where <name> is the computer name of the management server. You can use the server IP address in place of the computer name. In either case, the command should return the server's correct IP address. If the ping command does not return the correct address, verify network connections, and that the network services are running on the client computer.
       

Using a browser to test the connectivity to the management server
You can use a Web browser to test the connectivity to the management server.

To use a browser to test the connectivity to the management server

    1. On the client computer open a Web browser, such as Internet Explorer.
    2. In the browser address line, type:

      http://<management server IP address>:8014/reporting/index.php

      where <management server IP address> is the IP address of the management server. If the reporting logon Web page appears, the client can communicate with the management server.
       

If a Web page does not appear, verify network connections, and that the network services are running on the client computer.

Using Telnet to test the connectivity to the management server
You can use Telnet to test the connectivity to the management server. If the client can Telnet to the management server's HTTP port, the client and the server can communicate. The default HTTP port is 8014.

Note: You might need to adjust your firewall rules so that the client computer can Telnet into the management server.

To use Telnet to test the connectivity to the management server

    1. On the client computer, make sure the Telnet service is enabled and started.
    2. Open a command prompt and enter the Telnet command. For example:

      telnet <IP address> 8014

      where <IP address> is the IP address of the management server.
       

If the Telnet connection fails, verify network connections, and that the network services are running on the client computer.

Checking the inbox logs on the management server
Two logs that are useful for troubleshooting are enabled by default when the product is installed. You can find the logs in the log directory of the inbox on the management server.

The inbox appears in the following location on the management server computer:

\Program Files\Symantec\Symantec Protection Center\data\inbox\log

You can open the logs with a text application such as Notepad.

Checking the debug log on the client computer
You can check the debug log on the client. If the client has communication problems with the management server, status messages about the connection problem appear in the log.

To check the debug log on the client

    1. In the client, click Help > Troubleshooting
    2. On the Troubleshooting dialog box, in the column on the left, select Debug Logs.
    3. On the Debug Logs panel, click Edit Debug Log Settings.
    4. Enter a name for the debug log and then click OK.


You can then click View Log to view the log files.

Verifying the connection with the database
The management server and the database may not communicate properly. You should verify that the database runs and then test the connection between the server and the database.
Perform the following steps:

    • Verify that the Symantec Embedded Database service runs and that the dbsrv9.exe process listens to TCP port 2638.
    • Test the ODBC connection.
       

To verify communication with the embedded database

    1. On the management server, click Start > Control Panel > Administrative Tools.
    2. In the Administrative Tools dialog box, double-click Data Sources (ODBC).
    3. In the ODBC Data Source Administrator dialog box, click System DSN.
    4. On the System DSN tab, double-click SymantecEndpointSecurityDSN.
    5. On the ODBC tab, verify that the Data source name drop-down list is SymantecEndpointSecurityDSN and type an optional description.
    6. Click Login.
    7. On the Login tab, in the User ID text box, type dba.
    8. In the Password text box, type the password for the database. This password is the one that you entered for the database when you installed the management server.
    9. Click Database.
    10. On the Database tab, in the Server name text box, type <\\servername\instancename>. If you use the English version of Symantec Protection Center, type the default, sem5. Otherwise, leave the Server name text box blank.
    11. On the ODBC tab, click Test Connection and verify that it succeeds.
    12. Click OK.
    13. Click OK.





 



Legacy ID



2009020909321648


Article URL http://www.symantec.com/docs/TECH92268


Terms of use for this information are found in Legal Notices