Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/docs/TECH105894

Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager

http://www.symantec.com/docs/TECH102682

Clients stop communicating with Symantec Endpoint Protection Manager (SEPM) with HTTP 401 error in Sylink log and HTTP 401.1 error in IIS log

http://www.symantec.com/docs/TECH104479

Client is not appearing in Symantec Endpoint Protection Manager (SEPM), error: HTTP returns status code=407

http://www.symantec.com/docs/TECH104926

How to Replace the sylink on the SEP 11.x Client :
 

1. Copy of the file Sylink.xml from the server from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\

2. On the client computer , click Start > Run, type smc -stop, and click OK.

3. Copy the Sylink.xml into the C:\Program Files\Symantec\Symantec Endpoint Protection folder, and replace any existing Sylink.xml file.

4. Click Start > Run, type smc -start, and click OK.

How to Replace the sylink on the SEP 12.1 Client :

The location of the Sylink.xml has changed in 12.1:

Vista/Win7/Server 2008: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config

XP: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config

Server 2008 R2:  C:\Users\All Users\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Config

Method 1

Import the sylink.xml using SylinkDrop.exe.  This tool is located in the installation folder.  By default: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Bin\SylinkDrop.exe.

Method 2 

Import the sylink.xml within the client by going to Help > Troubleshooting > Click on Import... under Communication Settings. 

Method 3

If you would still like to manually replace the sylink.xml, you will need to disable tamper protection. 

You can do this on the client by going to:

Change Settings >

Click Configure Settings under Client Management >

Tamper Protection (Tab) >

Then uncheck the box that says Protect Symantec security software from being tampered with or shut down.

Once tamper protection is disabled:

1.     Stop the SMC service by going to Start > Run > type in > smc -stop.

2.     Once the service is stopped copy the sylink.xml file from the new SEPM and on

the client side put that sylink.xml file under:

      "\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Data\Config"

3.      Replace the existing file and restart the SMC service with Start > Run > smc -start


Steps to edit the SYSTEM account proxy settings through using a Scheduled Task:
 

Click Start > Run
Type cmd and click OK
Type in this the following command and press Enter:

at 12:00 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe"

You should receive a confirmation stating "added a new job..."

Navigate to the Control Panel and open Scheduled Tasks
Right-click the new task just created in the previous step (probably named "At1") and click Run.
This will open an Internet Explorer window that will now be running under the SYSTEM account.
Go to the Tools menu and select Internet Options
Select the Connections tab and click the LAN Settings button.
Uncheck Use a proxy server for your LAN
Click OK twice
Click Start > Run
Type SMC -stop and click OK.
The Symantec Endpoint Protection icon should disappear from the system tray.
Click Start > Run
Type in SMC -start and click OK.