Video Screencast Help

Usage of Proxy Settings in SEP 11.x Client Communication

Created: 06 Mar 2011 • Updated: 14 Mar 2011 | 3 comments
Language Translations
Nirav Mistry's picture
+1 1 Vote
Login to vote

 

Overview

When SEP first starts, it attempts to connect to SEPM without using a proxy. Regardless of the proxy setting the client always attempt to connect without a proxy first. If the client is unable to connect to any servers in its management server list, it will rotate its proxy settings at the end of the heartbeat. The next heartbeat will be attempted with proxy settings (if available). Once SEP is able to connect, it will not change its proxy settings until it is restarted. You could say it ‘locks’ the setting once it connects. This means that if the client connects without proxy, it will never connect via the proxy until it is restarted. If the client connects though the proxy, it will never connect directly to SEPM until it is restarted. Whichever one works first, that is the one the client will always use.

The Three Proxy Settings

Sylink has 3 proxy settings. They are settings 1, 2 and 3.

  1. Proxy setting 1 mean no proxy. This is the first setting that is tried.
  2. Proxy settings 2 and 3 both use the proxy. There is a difference in the way the proxy settings are called, but functionally it is very much the same. When the client first starts, it will try to use each proxy setting in turn, starting with setting one, down to setting 3. After that it starts again from setting 1 again.

Sylink Logs

Log entries are created in the Sylink Log when the client sets the proxy settings. Here are some example of the Sylink Log entries.

There logs appear when the client first starts, before the first heartbeat.

06/02 10:51:34 [4260] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

06/02 10:51:34 [4260] <Start>Unable to create Session with 'No Proxies' settings - Error Code: 87

 

In the above log example, no proxy was set, so no proxy settings were detected at startup.

 

This next sample is taken from a system that does have a proxy set. This is a sample from the end of a failed heartbeat. Here you can see that 'proxy setting 1' failed to connect, so the client is going to try 'proxy setting 2' on the next heartbeat.

 

06/28 11:47:30 [1292] <RegHeartbeatProc>Done, Heartbeat=32seconds

06/28 11:47:30 [1292] HeartbeatProcFailed to get profile with proxy setting 1

06/28 11:47:30 [1292] HeartbeatProcWill now use proxy setting 2

06/28 11:47:30 [1292] <CheckHeartbeatTimer>====== Heartbeat loop stops at 11:47:30 ======

Comments 3 CommentsJump to latest comment

_Swami_'s picture

Thanks for sharing, but i was reasding some where that  Proxy Server: Error Code: 87 means a proxy in the system account. Can you pl help me to understand this.

0
Login to vote
Ian_C.'s picture

Another question I have is how this is affected by or affects the SYSTEM account proxy settings?

See http://www.symantec.com/docs/TECH104926 for an example of my problem. With my user credentials I could connect to the GUP & download the deltas. The SYSTEM account that runs everything couldn't.

I guess I'll have to go review my 33MB Sylink log file for these proxy entries.

Please mark the post that best solves your problem as the answer to this thread.
+1
Login to vote
Shaun Vermaak's picture

@_Swami_ :: SEP uses the SYSTEM account's proxy settings (HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings not HKLM)... I would have preferred it to use the winhttp local machine Proxy settings

The SYSTEM account is an "user account" and should not be preferred over HKLM.*

All our other systems are using WinHTTP local machine Proxy settings are not giving us problems

Also see https://www-secure.symantec.com/connect/ideas/sepm-policy-configure-client-proxy-details

"... as this does not allow for firewall/proxy exceptions ..."

*My opinion

+1
Login to vote