Troubleshooting Client Communication with SEPM
|Article:TECH95789|||||Created: 2009-01-26|||||Updated: 2012-01-03|||||Article URL http://www.symantec.com/docs/TECH95789|
What is the data flow while Troubleshooting Client Communication with the Symantec Endpoint Protection Manager (SEPM)?
Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity
Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager
Clients stop communicating with Symantec Endpoint Protection Manager (SEPM) with HTTP 401 error in Sylink log and HTTP 401.1 error in IIS log
Client is not appearing in Symantec Endpoint Protection Manager (SEPM), error: HTTP returns status code=407
How to Replace the sylink on the SEP 11.x Client :
1. Copy of the file Sylink.xml from the server from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\
2. On the client computer , click Start > Run, type smc -stop, and click OK.
3. Copy the Sylink.xml into the C:\Program Files\Symantec\Symantec Endpoint Protection folder, and replace any existing Sylink.xml file.
4. Click Start > Run, type smc -start, and click OK.
How to Replace the sylink on the SEP 12.1 Client :
The location of the Sylink.xml has changed in 12.1:
Vista/Win7/Server 2008: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
XP: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
Server 2008 R2: C:\Users\All Users\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Config
Import the sylink.xml using SylinkDrop.exe. This tool is located in the installation folder. By default: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Bin\SylinkDrop.exe.
Import the sylink.xml within the client by going to Help > Troubleshooting > Click on Import... under Communication Settings.
If you would still like to manually replace the sylink.xml, you will need to disable tamper protection.
You can do this on the client by going to:
Change Settings >
Click Configure Settings under Client Management >
Tamper Protection (Tab) >
Then uncheck the box that says Protect Symantec security software from being tampered with or shut down.
Once tamper protection is disabled:
1. Stop the SMC service by going to Start > Run > type in > smc -stop.
2. Once the service is stopped copy the sylink.xml file from the new SEPM and on
the client side put that sylink.xml file under:
"\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Data\Config"
3. Replace the existing file and restart the SMC service with Start > Run > smc -start
Steps to edit the SYSTEM account proxy settings through using a Scheduled Task:
- Click Start > Run
Type cmd and click OK
Type in this the following command and press Enter:
at 12:00 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe"
You should receive a confirmation stating "added a new job..."
Navigate to the Control Panel and open Scheduled Tasks
Right-click the new task just created in the previous step (probably named "At1") and click Run.
This will open an Internet Explorer window that will now be running under the SYSTEM account.
Go to the Tools menu and select Internet Options
Select the Connections tab and click the LAN Settings button.
Uncheck Use a proxy server for your LAN
Click OK twice
Click Start > Run
Type SMC -stop and click OK.
The Symantec Endpoint Protection icon should disappear from the system tray.
Click Start > Run
Type in SMC -start and click OK.
Article URL http://www.symantec.com/docs/TECH95789