Troubleshooting Client Communication with SEPM

Article:TECH95789  |  Created: 2009-01-26  |  Updated: 2014-10-09  |  Article URL
Article Type
Technical Solution



What is the data flow while Troubleshooting Client Communication with the Symantec Endpoint Protection Manager (SEPM)?












Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager

Clients stop communicating with Symantec Endpoint Protection Manager (SEPM) with HTTP 401 error in Sylink log and HTTP 401.1 error in IIS log

Client is not appearing in Symantec Endpoint Protection Manager (SEPM), error: HTTP returns status code=407

How to Replace the sylink on the SEP 11.x Client :

1. Copy of the file Sylink.xml from the server from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\

2. On the client computer , click Start > Run, type smc -stop, and click OK.

3. Copy the Sylink.xml into the C:\Program Files\Symantec\Symantec Endpoint Protection folder, and replace any existing Sylink.xml file.

4. Click Start > Run, type smc -start, and click OK.

How to Replace the sylink on the SEP 12.1 Client :

The location of the Sylink.xml has changed in 12.1:

Vista/Win7/Server 2008: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config

XP: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config

Server 2008 R2:  C:\Users\All Users\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Config

Method 1

Import the sylink.xml using SylinkDrop.exe.  This tool is located in the installation folder.  By default: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Bin\SylinkDrop.exe.

Method 2 


Import the sylink.xml within the client by going to Help > Troubleshooting > Click on Import... under Communication Settings. 


Method 3


If you would still like to manually replace the sylink.xml, you will need to disable Tamper Protection. 


You can do this on the client by going to:

Change Settings >

Click Configure Settings under Client Management >

Tamper Protection (Tab) >

Then uncheck the box that says Protect Symantec security software from being tampered with or shut down.


Once Tamper Protection is disabled:


1.     Stop the SMC service by going to Start > Run > type in > smc -stop.

2.     Once the service is stopped copy the sylink.xml file from the new SEPM and on

the client side put that sylink.xml file under:

      "\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Data\Config"

3.      Replace the existing file and restart the SMC service with Start > Run > smc -start

Steps to edit the SYSTEM account proxy settings through using a Scheduled Task:


          Click Start > Run
          Type cmd and click OK
          Type in this the following command and press Enter:

          at 12:00 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe"

          You should receive a confirmation stating "added a new job..."

          Navigate to the Control Panel and open Scheduled Tasks
          Right-click the new task just created in the previous step (probably named "At1") and click Run.
          This will open an Internet Explorer window that will now be running under the SYSTEM account.
          Go to the Tools menu and select Internet Options
          Select the Connections tab and click the LAN Settings button.
          Uncheck Use a proxy server for your LAN
          Click OK twice
          Click Start > Run
          Type SMC -stop and click OK.
          The Symantec Endpoint Protection icon should disappear from the system tray.
          Click Start > Run
          Type in SMC -start and click OK.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices