Endpoint Protection

hi guys,

Our SEP server isn't sync'ing properly with the AD servers.  We have two domains, both have "old" clients that are not being removed and/or duplicate client names exist because of rebuilds.  SEP will not move the clients into the proper OUs nutil the old entries are removed (I think).

Is there a way to force SEP to re sync absolutely everything?  Do we have to manually edit the databases or something?



thoughts?



thanks in advance!

We have removed the AD entries and restarted the SEP server and then re added the domain entries  ... no change.

We have ensured that sync is stable across entire ADs.

Check this post and run the link, it should clear out the multiple or duplicated entries

https://www-secure.symantec.com/connect/forums/sep-and-ad

http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=CleanClients   doesn't work.  I checked other posts related and none have a working solution for our problem.

We have no choice but to keep waiting on Symantec to get their act together and fix this!!  Seeing that its a huge problem, I wonder if they'll step up their pace a little and get something done about it before 2010.

What  is the vesrsion of SEP that is installed ?

If you don't  have SEP MR4MP2 then upgrade to it


Title: 'SEPM contains duplicated clients when using LDAP sync and user mode.'
Document ID: 2009020213241048
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009020213241048?Open&seg=ent

Upgrade to MR4MP2

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009051906042048

and then

Remove the AD sync from the SEPM and then resync AD