Cannot issue remote commands to clients - SEP 11
Hello,
Using SEP 11.0.5, running the management console on an SBS 2003 server. Everything seems to work as expected, including the gathering of client information. I'm not terribly knowledgeable about all of the SEP functions or where things are located in the management console; however, I have never been able to issue commands to clients remotely (such as "Scan", "Scan and Update Content", etc.) When I do, I can look under the "Monitors" section in the console, and on the "Command Status" tab, it always says that the command was "not received" under the Status column. So for whatever reason, clients aren't receiving my commands from the console. Is there something that I haven't done on the server side, or on the client side, that is preventing my remote commands from executing on the clients? I thought that when the SEP client was remotely deployed to a machine (which I always do), it automatically configured the client. My usual method for remotely installing the SEP client is to disable the client's firewall, remotely deploy the SEP client to the machine, then re-enable the firewall when it's done installing.
Any help would be appreciated.
Thanks!
Comments
Well..try changing any policy
Well..try changing any policy and check if the policy is updated on the client ( for eg. Enable Liveupdate button )
also make sure port 8014 or if your SEPM was installed before mR3 them port 80 is open in the Windows Firewall.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
First lets start by making
First lets start by making sure that the clients are indeed checking in with the SEPM correctly. If you could view this page http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008091215040048 which talks about troubleshooting client/server connectivity and let us know how it goes. Also please report back on if the clients are showing the green dot on the shied in the system tray.
Thanks
Grant
Please don't forget to mark your thread solved with whatever answer helped you : )
Thanks for the replies. I
Thanks for the replies. I seem to be able to update/change a policy on a remote client from the SEPM without any issue. I also see green dots on all the shield icons in the SEPM (except, of course, for the clients who are on laptops and are out of the office), as well as the client computers. I have about 20-something computers (all Windows XP, SP3), mostly laptops, and I seem to have green dots on all of the shields whenever they are connected inside the office.
Using a test desktop computer, I specifically went into the Windows Firewall and I opened port 8014 (TCP and UDP). Then I tried to issue a command remotely (scan) to that machine again, and it still failed. I didn't attempt to open Port 80, but wouldn't opening port 80 be dangerous to do? Surely I wouldn't have to open 80, would I?
Which brings me to my 2nd question - I'm pretty sure I have SEPM MR3, but I'm not 100% certain. Is there an easy way to tell (within the SEPM) if I'm running MR2 or MR3?
Thanks
Jim
In SEPM on the Top right
In SEPM on the Top right corner click on About..
11.0.3000.xxxx ( 11.0.3) is MR3 11.0.5 (11.0.5002.333)is MR5.
Check if your SEPM is on port 80 or 8014.
Open IIS manager and check if you have Symantec Webserver listed under websites-go to its properties it should show port 8014..if its installed under default website then it would be on port 80
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
When you give a command it
When you give a command it goes to
Program FIles\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\command
folder check in this folder if you have any files or not.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hello, I have
Hello,
I have 11.0.5002.333, so I must be on MR5. I seem to remember now, during installation, I installed SEPM on the default website, because I did not fully understand how to install it on its own website. I checked IIS manager, and it is on the default website.
Also, when I check Program FIles\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\command, I see many files, all from today. The file extensions are ".dax", ".dax.sig", and many ".xml" files.
Well if its on default
Well if its on default website then it would be using port 80..
Just go to the properties of default website and check is it on port 80 or 8014.
If its 80 then you will have to allow port 80 on your firewall.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Delete everything inside that
Delete everything inside that folder ( not the folder )
make sure SEPM is on port 8014 ..if on 80 make sure it is excluded in Firewall.
Then try giving a new command from SEPM.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
I am having the same issue.
I am having the same issue. I am running MR5 and I looked inside the Program FIles\Symantec\Symantec Endpoint Protection Manager folder, I do not have a "data" folder.
@Tivo
Are you on a closed network? Do your clients have any connectivity or accessibility to the internet? If so, than port 80 is already open.
Windows XP SP3, with Windows Firewall enabled. Unless you specifically allowed ICMP traffic to those machines, you should not even be able to ping them. Have you enabled ICMP traffic on the Windows Firewall on each of those machines?
* * * *
On a Single client open ports 135, 136 and 137
Try issuing commands again.
I am on a domain, so Windows
I am on a domain, so Windows Firewall is turned off. SEPM is on port 8014. I am able to ping the workstations...
I am also able to verify connection to the SEPM, the policy and virus definitions are up to date. Able to connect using 8014 and 9090. Still not able to issue commmands.
Would you like to reply?
Login or Register to post your comment.