Dear All,

Recently I've to reinstall our Symantec Endpoint Protection Server (11.0.6005.562). After that I created new groups, Install Packages and installed it into clients computer. But Clients are not connetced with SEPM server and at server console no clients are showing. Please advise me what should i check for.

Thank you in advance.

What happens if you replace the sylink file on one of the clients?

When you re-installed, did you take a backup?

Hi,

Thank you for posting in Symantec community.

You should follow disaster recovery article.

Here it go: Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH102333

If have not taken necessary backup then need to use Sylink replacer tool to replace communication file remotely.

The "SylinkReplacer" utility is designed to replace Sylink.xml files in existing Symantec Endpoint Protection clients

Refer this thread: https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Unfortunatelly my HDD got damage and leave me no choice but insall fresh server. and i cant take any backup. could u please mention proper steps to replace sylink file to the client computer?

In that case, you will need to replace the sylink file on the clients. You can use sylinkreplacer to do it

Hello Dream_Chaser, 

Welcome back!!  been a long time isn't it? :)

First thing I would suggest is to check if SEP is installed on those machines.Secondly check windows firewall on the client machine and SEPM server , FW should be off or create exception for port 8014..

tnx Rafeeq. Yes after a long long time. i was bz with other things. i checked SEP installed properly and FW of server and client were turn off also.

@Chetan Savade should i run sylink replacer tool in the server or client computer?

have you tried secars test on one of the client? 

http://www.symantec.com/business/support/index?page=content&id=TECH102682

and also sylink log  from affected client . I think it could because of IP addr restriction in IIS.

should i run sylink replicator tool in the server or client computer?

Not the sylink replacer tool , Enable the sylink loggin on the client machine as per this document and post the sylink log

http://www.symantec.com/business/support/index?page=content&id=TECH134203

You can run from the SEPM

ok Rafeeq I'll post the log tomorrow

Dear all Please find attached Sylilnk log for your information.

Attachment(s)

Sylink_14.zip   10 KB 1 version

Proxy issue check this document

Symantec Endpoint Protection clients do not communicate with the Symantec Endpoint Protection Manager (SEPM)

http://www.symantec.com/business/support/index?page=content&id=TECH137402

tnx for the prompt reply. lemme check and will update accordingly

I did everythig u told but same client not connected with server. Please check new LOG hope it will help u to understand.

N.B: My server configured in the VMware.

Attachment(s)

Sylink_15.zip   3 KB 1 version

its still saying about proxy connection

11/05 13:34:02 [360] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

are you sure that you deleted those settings and restarted the machine.. can you post a screen shot of the proxy settings on this machine. Follow this document

http://www.symantec.com/business/support/index?page=content&id=TECH139251

Proxy settings of SEP or SEPM?

Proxy settings on your Windows XP machine. Follow the first document what I linked earlier

You need to open the registry on the windows xp machine which is not communicating and delete those legacy proxy settings. This has nothing to do with SEPM proxy settings.

Dear Rafeeq,

Deleted DefaultConnectionSettings and SavedLegacySettings from Registry edit as you adviced but still same.
 

Delete those configuration , reboot the windows xp machine, post the sylink again please

Dear Rafeeq I did Everything u told and nothing changed. Plz check the log.

Attachment(s)

Sylink_16.zip   4 KB 1 version

I still see the same error. No change.

As per the logs your windows XP machines are using proxy settings. You can try removing the proxy from internet explorer and do 

start - run

smc - stop

smc -start

if that does not help

click on Start run type

SMC -stop and wait for it to disappear from the system tray AND task manager

Open the new sylink.xml in a wordpad, make sure it is pointing to the correct server

Browse to the "C:\Program Files\Symantec\Symantec Endpoint Protection" folder

Delete sylink.xml, sylink.bak and sylinkex.bak

Copy the new sylink.xml into place ( you can find sylink.xml from the package you have created or any client which is communicating with the SEPM with green dot)

Run SMC -start

Wait a minute or so for the service to start

check if it has green dot

How to checkthat port used by SEPM on IIS is the same?

Dear Rafeeq,

1st of all many many tnx for helping me in this issue. now good thing is after using the steps u told my client now showing in the SEPM but getting no update. another thing is i've install SEP in the server too but it working fine the server (getting updates and showing the console). for your information i've created log again and added some pics too so that u can get a clear idea. thank you again :)

Attachment(s)

SEP Log_1.zip   111 KB 1 version

Thats good news!!

Whats the IE version of machine which is not getting updates?

From the log I can see that its trying to download

Replace sylink.xml, sylink.bak and sylinkex.bak to the effected client and delete client from the SEPM console and from the client end did smc -stop and smc -start.
After that its working fine. one more thing I replace sylink.xml, sylink.bak and sylinkex.bak from a working client to effected client after that its working my point is should i've to replace sylink.xml, sylink.bak and sylinkex.bak to all effected clients?

Thank you very much for your effort really appriciated.



 

Replace sylink.xml, sylink.bak and sylinkex.bak to the effected client and delete client from the SEPM console and from the client end did smc -stop and smc -start.
After that its working fine. one more thing I replace sylink.xml, sylink.bak and sylinkex.bak from a working client to effected client after that its working my point is should i've to replace sylink.xml, sylink.bak and sylinkex.bak to all effected clients?

Thank you very much for your effort really appriciated.

Sometimes Sylink.bak will have old info even after replacing Sylink.xml , When replacing sylink does not work You try deleting .bak and ex.bak files.

First try with Sylink.xml only if it fails delete .bak files and replace sylink.