Client Cannot Connect To Symantec Endpoint Console
Okay, I have Symantec Endpoint Protection v11 0 2000 MR2 installed on the server. I created a package and deployed it to all the clients, each package for each main departments. Now all the clients show up in the respective groups on the server. They have the green dot in the console and likewise on the clients system a green dot is present.
Only one client in the administration section does not show up in the console and does not have a green dot on her system. I first thought that the sylink.xml file may be not pointing to correct group, so copied the correct file, from the server and used the sylinkdrop tool and it told me the file has been replace successfully. But still no green dot and not showing up in the console.
So i tried out various sylink.xml of other groups to see if it show up there but no luck. I reinstalled and uninstalled cleaned up everything but still no luck for this system.
The firewall for the system is off (Windows XP SP2) and it can ping the server and viceversa no problems, can access shares, hidden shares both ways. This pc is joined to the domain and has domain user rights and is the administrator of the local system.
Does anyone have a clue why it will not communicate with the server?
Comments
Any help guys?
it is pretty sad, I'm having a similar issue and so are lots of people and of course there is little to no support from symantec. I'm trying to find a resolution without spending hours on the phone waiting on hold to talk to someone at symantec but it doesn't look like it is possible.
I had the same problem with several of my machines. There was no pattern to the machines that were not communicating. My solution was as follows: 1. Use the microsoft installer clean up tool to remove the old version of symantec from MSI. (I do this because I could not upgrade nor uninstall the clients that were not communicating even using clean sweep.) 2. Use clean sweep to uninstall all symantec products. 3. Install SEP as unmanaged client using MR2 MP2 disk. 4. Delete client from SEPM and the find it as an unmanaged client. 5. Wait for a couple of hours. If the client is still not communicating run the deployment wizard to kickstart the client into communicating. I had six out of approximately 200 computers that would not communicate with SEPM and following these steps I was able to get them all working.
Does the sylink.xml you are using have a preferred group name? If not you can try the following:
Export an install package from SEPM and ensure that single .exe is unchecked. After you export this package you will find the sylink.xml contains a preferred group name. Try replacing this sylink on the affected client and check if it communicates fine with SEPM. Hope this works for you :)
Piyush Jhunjhunwala
| Technical Support Analyst | Enterprise Support ( Endpoint Security) |
| Symantec Corporation | www.symantec.com |
Used clean sweep which removed all symantec stuff, then i install as unmanaged for the client. The i used the sylinkdrop tool and chose the correnct sylink.xml file and tried to update it. It failed telling me something about "cannot delete sylink backup"
The package is not a single exe, and yes the xml file there is correct, i have tried similar with all other pcs in the department they all ended up in the console. Dont know whats wrong with this one.
I wouldn't bother using the sylinkdrop tool. When I fixed my problem computers after I installed them as unmanaged clients I used the find unmanaged clients tool in the client tab to push the proper files. Make sure your install package replaces the communication files instead of leaving the old ones there.
Well i will take your advice and try it; Meantime i removed the computer from the domain, changed the name added it back. Removed everything belonging the symantec and cleaned registry. Then used administrator account to log in the system and installed another new package which i created for a department today. Tested it out for another system before this one and it showed up in the console.
Finally tried in on the problem pc and zilch nothing same nonsense of not showing in the console. I guess the pc has some hatred for symantec! There is no domain restriction against this computer and the firewall is off.
So i guess the unmanaged client stuff you were talking about may be the last straw; will do it on Sunday.
Couple a quick checks:
1) Is the client under the denied access in the IIS where the SEPM is(Under directory security, The middle tab)
2) Take a backup of the registry and delete the following key.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
De facto when AV does something, it starts jumping up and down, waving its arms, and shouting "Hey! I found a virus! Look at me! I'm soooo goooood!"
Okay i took the log from sylink monitor and here is the logs. Can someone tell whats the problem
***[0xa64]:[2008-09-15 12:26:05:162]***SylinkMonitor Stopped
***[0xa64]:[2008-09-15 12:26:07:216]***SylinkMonitor Started
09/15 12:26:11 [3540] <CheckHeartbeatTimer>====== Heartbeat loop starts at 12:26:11 ======
09/15 12:26:12 [3540] <GetOnlineNicInfo>:Netport Count=1
09/15 12:26:12 [3540] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
09/15 12:26:12 [3540] <CalcAgentHashKey>:CH=129FEBA4C0A800FB010101FB95CE574C1Safiyaschs.org.ae89AB41E15E609E7AD979B13167579AFA
09/15 12:26:12 [3540] <CalcAgentHashKey>:CHKey=20C1986233ACA7F83D9DD394980FE225
09/15 12:26:12 [3540] <CalcAgentHashKey>:C=129FEBA4C0A800FB010101FB95CE574C1Safiyaschs.org.ae
09/15 12:26:12 [3540] <CalcAgentHashKey>:CKey=E4FFE52D103DBA1567B51B6C080DC683
09/15 12:26:12 [3540] <CalcAgentHashKey>:UCH=129FEBA4C0A800FB010101FB95CE574C0safeyaSCHS.ORG.AESafiyaschs.org.ae89AB41E15E609E7AD979B13167579AFA
09/15 12:26:12 [3540] <CalcAgentHashKey>:UCHKey=8396893DFCBB7889FB76431AE4877B0F
09/15 12:26:12 [3540] <CalcAgentHashKey>:UC=129FEBA4C0A800FB010101FB95CE574C0safeyaSCHS.ORG.AESafiyaschs.org.ae
09/15 12:26:12 [3540] <CalcAgentHashKey>:UCKey=37C75C2B83A27438D6E216668A7BF9DD
09/15 12:26:12 [3540] <DoHeartbeat>HardwareID=89AB41E15E609E7AD979B13167579AFA
09/15 12:26:12 [3540] <DoHeartbeat>CHKey=20C1986233ACA7F83D9DD394980FE225
09/15 12:26:12 [3540] <DoHeartbeat>CKey=E4FFE52D103DBA1567B51B6C080DC683
09/15 12:26:12 [3540] <DoHeartbeat>UCHKey=8396893DFCBB7889FB76431AE4877B0F
09/15 12:26:12 [3540] <DoHeartbeat>UCKey=37C75C2B83A27438D6E216668A7BF9DD
09/15 12:26:12 [3540] <DoHeartbeat> Set heartbeat event
09/15 12:26:12 [3540] Use new configuration
09/15 12:26:12 [3540] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 12:26:12 ======
09/15 12:26:12 [3540] HEARTBEAT: Check Point 1
09/15 12:26:12 [3540] HEARTBEAT: Check Point 2
09/15 12:26:12 [3540] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
09/15 12:26:12 [3540] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
09/15 12:26:12 [3540] HEARTBEAT: Check Point 3
09/15 12:26:12 [3540] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
09/15 12:26:12 [3540] HEARTBEAT: Check Point 4
09/15 12:26:12 [3540] <RegHeartbeatProc>===Registration STAGE===
09/15 12:26:12 [3540] <MakeRegisterData:>logon id (domain/user)=SCHS.ORG.AE/safeya
09/15 12:26:12 [3540] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ebb080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211567190000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x1.777120p-98716"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:26:12 [3540] <SyLink>[MakeRegisterData] registration Hardware Key=89AB41E15E609E7AD979B13167579AFA
09/15 12:26:12 [3540] ************Reg CSN=5
09/15 12:26:12 [3540] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1223
s_session_id: 89AB41E15E609E7AD979B13167579AFA
Sygate-SSN: 5
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ea8080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211081300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x0.0051d0p-102216"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:26:12 [3540] <SendRegistrationRequest:>http://schs-sql:80042EC6E0
09/15 12:26:12 [3540] <SendRegistrationRequest:>SMS return=407
09/15 12:26:12 [3540] <ParseHTTPStatusCode:>407=>Uninterpreted Status
09/15 12:26:12 [3540] <SendRegistrationRequest:>Content Lenght => 4114
09/15 12:26:12 [3540] HTTP returns status code=407
09/15 12:26:12 [3540] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
09/15 12:26:12 [3540] <SendRegistrationRequest:>COMPLETED
09/15 12:26:12 [3540] HEARTBEAT: Check Point 5.1
09/15 12:26:12 [3540] <RegHeartbeatProc>switch to another server
09/15 12:26:12 [3540] HEARTBEAT: Check Point 9
09/15 12:26:12 [3540] HEARTBEAT: Check Point 8
09/15 12:26:12 [3540] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
09/15 12:26:12 [3540] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
09/15 12:26:13 [3540] HEARTBEAT: Check Point 1
09/15 12:26:13 [3540] HEARTBEAT: Check Point 2
09/15 12:26:13 [3540] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
09/15 12:26:13 [3540] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
09/15 12:26:13 [3540] HEARTBEAT: Check Point 3
09/15 12:26:13 [3540] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
09/15 12:26:13 [3540] HEARTBEAT: Check Point 4
09/15 12:26:13 [3540] <RegHeartbeatProc>===Registration STAGE===
09/15 12:26:13 [3540] <MakeRegisterData:>logon id (domain/user)=SCHS.ORG.AE/safeya
09/15 12:26:13 [3540] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ebb080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211567190000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x1.767120p-98716"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:26:13 [3540] <SyLink>[MakeRegisterData] registration Hardware Key=89AB41E15E609E7AD979B13167579AFA
09/15 12:26:13 [3540] ************Reg CSN=6
09/15 12:26:13 [3540] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1223
s_session_id: 89AB41E15E609E7AD979B13167579AFA
Sygate-SSN: 6
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ea8080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211081300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x0.0051d0p-102216"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:26:13 [3540] <SendRegistrationRequest:>http://192.168.0.251:80042EC6E0
09/15 12:26:13 [3540] <SendRegistrationRequest:>SMS return=407
09/15 12:26:13 [3540] <ParseHTTPStatusCode:>407=>Uninterpreted Status
09/15 12:26:13 [3540] <SendRegistrationRequest:>Content Lenght => 4114
09/15 12:26:13 [3540] HTTP returns status code=407
09/15 12:26:13 [3540] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
09/15 12:26:13 [3540] <SendRegistrationRequest:>COMPLETED
09/15 12:26:13 [3540] HEARTBEAT: Check Point 5.1
09/15 12:26:13 [3540] <ScheduleNextUpdate>new scheduled heartbeat=128 seconds
09/15 12:26:13 [3540] HEARTBEAT: Check Point 8
09/15 12:26:13 [3540] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
09/15 12:26:13 [3540] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
09/15 12:26:13 [3540] <RegHeartbeatProc>====== Registration Procedure stops at 12:26:13 ======
09/15 12:26:13 [3540] HEARTBEAT: Check Point 10
09/15 12:26:13 [3540] HEARTBEAT: Check Point Complete
09/15 12:26:13 [3540] <RegHeartbeatProc>Done, Heartbeat=128seconds
09/15 12:26:13 [3540] HeartbeatProcFailed to get profile with proxy setting 1
09/15 12:26:13 [3540] <CheckHeartbeatTimer>====== Heartbeat loop stops at 12:26:13 ======
09/15 12:26:30 [3836] <CSyLink::mfn_DownloadNow()>
09/15 12:26:30 [3836] </CSyLink::mfn_DownloadNow()>
09/15 12:27:32 [3836] <CSyLink::mfn_DownloadNow()>
09/15 12:27:32 [3836] </CSyLink::mfn_DownloadNow()>
09/15 12:28:23 [3540] <CheckHeartbeatTimer>====== Heartbeat loop starts at 12:28:23 ======
09/15 12:28:23 [3540] <GetOnlineNicInfo>:Netport Count=1
09/15 12:28:23 [3540] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
09/15 12:28:23 [3540] <CalcAgentHashKey>:CH=129FEBA4C0A800FB010101FB95CE574C1Safiyaschs.org.ae89AB41E15E609E7AD979B13167579AFA
09/15 12:28:23 [3540] <CalcAgentHashKey>:CHKey=20C1986233ACA7F83D9DD394980FE225
09/15 12:28:23 [3540] <CalcAgentHashKey>:C=129FEBA4C0A800FB010101FB95CE574C1Safiyaschs.org.ae
09/15 12:28:23 [3540] <CalcAgentHashKey>:CKey=E4FFE52D103DBA1567B51B6C080DC683
09/15 12:28:23 [3540] <CalcAgentHashKey>:UCH=129FEBA4C0A800FB010101FB95CE574C0safeyaSCHS.ORG.AESafiyaschs.org.ae89AB41E15E609E7AD979B13167579AFA
09/15 12:28:23 [3540] <CalcAgentHashKey>:UCHKey=8396893DFCBB7889FB76431AE4877B0F
09/15 12:28:23 [3540] <CalcAgentHashKey>:UC=129FEBA4C0A800FB010101FB95CE574C0safeyaSCHS.ORG.AESafiyaschs.org.ae
09/15 12:28:23 [3540] <CalcAgentHashKey>:UCKey=37C75C2B83A27438D6E216668A7BF9DD
09/15 12:28:23 [3540] <DoHeartbeat>HardwareID=89AB41E15E609E7AD979B13167579AFA
09/15 12:28:23 [3540] <DoHeartbeat>CHKey=20C1986233ACA7F83D9DD394980FE225
09/15 12:28:23 [3540] <DoHeartbeat>CKey=E4FFE52D103DBA1567B51B6C080DC683
09/15 12:28:23 [3540] <DoHeartbeat>UCHKey=8396893DFCBB7889FB76431AE4877B0F
09/15 12:28:23 [3540] <DoHeartbeat>UCKey=37C75C2B83A27438D6E216668A7BF9DD
09/15 12:28:23 [3540] <DoHeartbeat> Set heartbeat event
09/15 12:28:23 [3540] Use new configuration
09/15 12:28:23 [3540] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 12:28:23 ======
09/15 12:28:24 [3540] HEARTBEAT: Check Point 1
09/15 12:28:24 [3540] HEARTBEAT: Check Point 2
09/15 12:28:24 [3540] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
09/15 12:28:24 [3540] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
09/15 12:28:24 [3540] HEARTBEAT: Check Point 3
09/15 12:28:24 [3540] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
09/15 12:28:24 [3540] HEARTBEAT: Check Point 4
09/15 12:28:24 [3540] <RegHeartbeatProc>===Registration STAGE===
09/15 12:28:24 [3540] <MakeRegisterData:>logon id (domain/user)=SCHS.ORG.AE/safeya
09/15 12:28:24 [3540] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ebb080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211567190000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x1.767120p-98716"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:28:24 [3540] <SyLink>[MakeRegisterData] registration Hardware Key=89AB41E15E609E7AD979B13167579AFA
09/15 12:28:24 [3540] ************Reg CSN=7
09/15 12:28:24 [3540] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1223
s_session_id: 89AB41E15E609E7AD979B13167579AFA
Sygate-SSN: 7
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ea8080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211081300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x0.0051d0p-102216"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:28:24 [3540] <SendRegistrationRequest:>http://192.168.0.251:80042EC6E0
09/15 12:28:24 [3540] <SendRegistrationRequest:>SMS return=407
09/15 12:28:24 [3540] <ParseHTTPStatusCode:>407=>Uninterpreted Status
09/15 12:28:24 [3540] <SendRegistrationRequest:>Content Lenght => 4114
09/15 12:28:24 [3540] HTTP returns status code=407
09/15 12:28:24 [3540] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
09/15 12:28:24 [3540] <SendRegistrationRequest:>COMPLETED
09/15 12:28:24 [3540] HEARTBEAT: Check Point 5.1
09/15 12:28:24 [3540] <RegHeartbeatProc>switch to another server
09/15 12:28:24 [3540] HEARTBEAT: Check Point 9
09/15 12:28:24 [3540] HEARTBEAT: Check Point 8
09/15 12:28:24 [3540] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
09/15 12:28:24 [3540] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
09/15 12:28:24 [3540] HEARTBEAT: Check Point 1
09/15 12:28:24 [3540] HEARTBEAT: Check Point 2
09/15 12:28:24 [3540] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
09/15 12:28:24 [3540] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
09/15 12:28:24 [3540] HEARTBEAT: Check Point 3
09/15 12:28:24 [3540] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
09/15 12:28:24 [3540] HEARTBEAT: Check Point 4
09/15 12:28:24 [3540] <RegHeartbeatProc>===Registration STAGE===
09/15 12:28:24 [3540] <MakeRegisterData:>logon id (domain/user)=SCHS.ORG.AE/safeya
09/15 12:28:24 [3540] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ebb080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211567190000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x1.777120p-98716"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:28:24 [3540] <SyLink>[MakeRegisterData] registration Hardware Key=89AB41E15E609E7AD979B13167579AFA
09/15 12:28:24 [3540] ************Reg CSN=8
09/15 12:28:24 [3540] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1223
s_session_id: 89AB41E15E609E7AD979B13167579AFA
Sygate-SSN: 8
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="129FEBA4C0A800FB010101FB95CE574C" AgentType="105" UserDomain="SCHS.ORG.AE" LoginUser="safeya" ComputerDomain="schs.org.ae" ComputerName="Safiya" PreferredGroup="Global /Administration" PreferredMode="1" HardwareKey="89AB41E15E609E7AD979B13167579AFA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="SCHS.ORG.AE" LogonUser="safeya" HostDomain="schs.org.ae" HostName="Safiya" HostDesc="" />
<SSAProduct Version="11.0.2010.25" />
<SSAOS Version="5.1.2600" Desc="Windows 6182313BPProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86 0x1.ea8080p-957mily%20Model%20Stepping" ProcessorClock="3000" ProcessorNum="2"/>
<Memory Size="1600888832"/>
<BIOS Version="INTEL%20-"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="D158-09811494603211081300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000080.0000002008%3a090x0.0051d0p-102216"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-240" />
<DNSs><DNS Address="192.168.0.253"/><DNS Address="213.42.20.20"/></DNSs>
<SSANICs><SSANIC Ip="192.168.0.3" Mac="00-13-20-b1-19-6e" Gateway="192.168.0.250" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
09/15 12:28:24 [3540] <SendRegistrationRequest:>http://schs-sql:80042EC6E0
09/15 12:28:24 [3540] <SendRegistrationRequest:>SMS return=407
09/15 12:28:24 [3540] <ParseHTTPStatusCode:>407=>Uninterpreted Status
09/15 12:28:24 [3540] <SendRegistrationRequest:>Content Lenght => 4114
09/15 12:28:24 [3540] HTTP returns status code=407
09/15 12:28:24 [3540] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
09/15 12:28:24 [3540] <SendRegistrationRequest:>COMPLETED
09/15 12:28:25 [3540] HEARTBEAT: Check Point 5.1
09/15 12:28:25 [3540] <ScheduleNextUpdate>new scheduled heartbeat=256 seconds
09/15 12:28:25 [3540] HEARTBEAT: Check Point 8
09/15 12:28:25 [3540] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
09/15 12:28:25 [3540] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
09/15 12:28:25 [3540] <RegHeartbeatProc>====== Registration Procedure stops at 12:28:25 ======
09/15 12:28:25 [3540] HEARTBEAT: Check Point 10
09/15 12:28:25 [3540] HEARTBEAT: Check Point Complete
09/15 12:28:25 [3540] <RegHeartbeatProc>Done, Heartbeat=256seconds
09/15 12:28:25 [3540] HeartbeatProcFailed to get profile with proxy setting 2
09/15 12:28:25 [3540] <CheckHeartbeatTimer>====== Heartbeat loop stops at 12:28:25 ======
09/15 12:28:33 [3836] <CSyLink::mfn_DownloadNow()>
09/15 12:28:33 [3836] </CSyLink::mfn_DownloadNow()>
09/15 12:29:35 [3836] <CSyLink::mfn_DownloadNow()>
09/15 12:29:35 [3836] </CSyLink::mfn_DownloadNow()>
Did you get a chance to do what I had suggested before ?
Looking at the logs, It looks pretty much like the same issue.
"SMS return=407'
This error is returned when SMC.exe is trying to access the Web site through a proxy server that has access control turned on while using Basic Authentication.The Web Proxy, through a 407 HTTP response, requests credentials from the browser client (SMC.exe). The client provides the credentials.
Reference : http://support.microsoft.com/kb/248020/en-us
My guess is that information within the following registry keys is incorrect. But deleting the keys and rebooting the system should make Windows geenrate a new pair.
HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
De facto when AV does something, it starts jumping up and down, waving its arms, and shouting "Hey! I found a virus! Look at me! I'm soooo goooood!"
Well actually had no time earlier to do it. But i though it would be great if i could give u the logs as it provided more insight into the matter. Problem solved, did what you told me and voila it showed up. Thanks Sandeep!!! I need your advice on some other issue too. On the home screen on endpoint, intrusion prevention shows a graphs of how many computers have what updates. All computers have the current updates which is good, only three have very outdated definitions of 2007 and one has August 2008. The latest we have is Sep 12. This problem is only for intrusion prevention signatures; anitvirus for all is upto date. My question is it shows how many pc are outdated and clicking reports does not show me which pcs. What could be the possible solution as these have received antivirus and network definitions but not intrusion. I know they are communicating with the server as running commands there will be executed on the clients sides. They show up fine in the manager. (All pcs with green dot)
For more details about the computers, Click on the details tab on the home screen(Right below preferences)
See if you find any special character( am sure about "&" ) in the computer name or description. If you do, Then taking that off and rebooting the client, Does that help ?
If it doesnt, You may like to start a new thread for the issue.
De facto when AV does something, it starts jumping up and down, waving its arms, and shouting "Hey! I found a virus! Look at me! I'm soooo goooood!"
Well thanks again, it showed me which pcs did not receive the updates.
greetings,
may be you can tell something about those errors:
SMS return=468
SMS return=200
SMS return=500
thanks
Looks like it is trying to go through your proxy which requires authentication.
Wireshark will tell you straight away what is happening.
cheers
Z
Suggestions
In my case, delete the registry keys specified by Sandeep Cheema, but after booting the computer, keys always come back with information from a proxy that was blocking access to the SEPM.
I discovered that these keys were set automatically by a feature called WPAD. This configuration is distributed via DHCP or DNS. In my case was being distributed by
DNS.
Depending of the case, you can change the configuration of the DNS or DHCP to distribute configuration of another proxy that allows access to the SEPM or configure the current proxy to allow access to the SEPM.
I configured the proxy to perform the bypass of the addresses of the SEPM and now is working.
About WPAD: http://en.wikipedia.org/wiki/Web_Proxy_Autodiscove...
Would you like to reply?
Login or Register to post your comment.