Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Client not connect with SEPM server

Created: 04 Nov 2013 • Updated: 11 Nov 2013 | 30 comments
This issue has been solved. See solution.

Dear All,

 

Recently I've to reinstall our Symantec Endpoint Protection Server (11.0.6005.562). After that I created new groups, Install Packages and installed it into clients computer. But Clients are not connetced with SEPM server and at server console no clients are showing. Please advise me what should i check for.

 

Thank you in advance.

Operating Systems:

Comments 30 CommentsJump to latest comment

.Brian's picture

What happens if you replace the sylink file on one of the clients?

When you re-installed, did you take a backup?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jabed Hasan's picture

Unfortunatelly my HDD got damage and leave me no choice but insall fresh server. and i cant take any backup. could u please mention proper steps to replace sylink file to the client computer?

.Brian's picture

In that case, you will need to replace the sylink file on the clients. You can use sylinkreplacer to do it

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

You should follow disaster recovery article.

Here it go: Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH102333

If have not taken necessary backup then need to use Sylink replacer tool to replace communication file remotely.

The "SylinkReplacer" utility is designed to replace Sylink.xml files in existing Symantec Endpoint Protection clients

Refer this thread: https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Jabed Hasan's picture

@Chetan Savade should i run sylink replacer tool in the server or client computer?

Jabed Hasan's picture

tnx for the prompt reply.

Ok i'll check tomorrow with mention utility and will update accordingly.

Rafeeq's picture

Hello Dream_Chaser, 

Welcome back!!  been a long time isn't it? :)

First thing I would suggest is to check if SEP is installed on those machines.Secondly check windows firewall on the client machine and SEPM server , FW should be off or create exception for port 8014..

Jabed Hasan's picture

tnx Rafeeq. Yes after a long long time. i was bz with other things. i checked SEP installed properly and FW of server and client were turn off also.

Rafeeq's picture

have you tried secars test on one of the client? 

http://www.symantec.com/business/support/index?page=content&id=TECH102682

and also sylink log  from affected client . I think it could because of IP addr restriction in IIS.

Jabed Hasan's picture

should i run sylink replicator tool in the server or client computer?

.Brian's picture

You can run from the SEPM

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Not the sylink replacer tool , Enable the sylink loggin on the client machine as per this document and post the sylink log

http://www.symantec.com/business/support/index?page=content&id=TECH134203

Jabed Hasan's picture

Dear all Please find attached Sylilnk log for your information.

AttachmentSize
Sylink.zip 10.22 KB
Rafeeq's picture

Proxy issue check this document

Symantec Endpoint Protection clients do not communicate with the Symantec Endpoint Protection Manager (SEPM)

 

http://www.symantec.com/business/support/index?page=content&id=TECH137402

Jabed Hasan's picture

tnx for the prompt reply. lemme check and will update accordingly

Jabed Hasan's picture

I did everythig u told but same client not connected with server. Please check new LOG hope it will help u to understand.

N.B: My server configured in the VMware.

AttachmentSize
Sylink.zip 3.58 KB
Rafeeq's picture

its still saying about proxy connection

11/05 13:34:02 [360] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

are you sure that you deleted those settings and restarted the machine.. can you post a screen shot of the proxy settings on this machine. Follow this document

 

http://www.symantec.com/business/support/index?page=content&id=TECH139251

Rafeeq's picture

Proxy settings on your Windows XP machine. Follow the first document what I linked earlier

You need to open the registry on the windows xp machine which is not communicating and delete those legacy proxy settings. This has nothing to do with SEPM proxy settings.

Jabed Hasan's picture

Dear Rafeeq,

Deleted DefaultConnectionSettings and SavedLegacySettings from Registry edit as you adviced but still same.
 

Rafeeq's picture

Delete those configuration , reboot the windows xp machine, post the sylink again please

Jabed Hasan's picture

How to checkthat port used by SEPM on IIS is the same?

Jabed Hasan's picture

Dear Rafeeq I did Everything u told and nothing changed. Plz check the log.

AttachmentSize
Sylink.zip 4.78 KB
Rafeeq's picture

I still see the same error. No change.

As per the logs your windows XP machines are using proxy settings. You can try removing the proxy from internet explorer and do 

start - run

smc - stop

smc -start

if that does not help

click on Start run type

SMC -stop and wait for it to disappear from the system tray AND task manager

Open the new sylink.xml in a wordpad, make sure it is pointing to the correct server

Browse to the "C:\Program Files\Symantec\Symantec Endpoint Protection" folder

Delete sylink.xml, sylink.bak and sylinkex.bak

Copy the new sylink.xml into place ( you can find sylink.xml from the package you have created or any client which is communicating with the SEPM with green dot)

Run SMC -start

Wait a minute or so for the service to start

check if it has green dot

SOLUTION
Jabed Hasan's picture

Dear Rafeeq,

1st of all many many tnx for helping me in this issue. now good thing is after using the steps u told my client now showing in the SEPM but getting no update. another thing is i've install SEP in the server too but it working fine the server (getting updates and showing the console). for your information i've created log again and added some pics too so that u can get a clear idea. thank you again :)

AttachmentSize
SEP Log.zip 111.94 KB
Rafeeq's picture

Thats good news!!

Whats the IE version of machine which is not getting updates?

From the log I can see that its trying to download

<LUThreadProc>Waiting for: 269000 milliseconds to start downloading LU contents
11/06 10:24:50 [2492] <CSyLink::mfn_DownloadNow()>
11/06 10:24:50 [2492] </CSyLink::mfn_DownloadNow()>
11/06 10:25:52 [2492] <CSyLink::mfn_DownloadNow()>
11/06 10:25:52 [2492] </CSyLink::mfn_DownloadNow()>
 
try deleting client from the SEPM console and from the client do smc -stop and smc -start
it should download defs
 
Jabed Hasan's picture

Replace sylink.xml, sylink.bak and sylinkex.bak to the effected client and delete client from the SEPM console and from the client end did smc -stop and smc -start.
After that its working fine. one more thing I replace sylink.xml, sylink.bak and sylinkex.bak from a working client to effected client after that its working my point is should i've to replace sylink.xml, sylink.bak and sylinkex.bak to all effected clients?

Thank you very much for your effort really appriciated.

Jabed Hasan's picture

Replace sylink.xml, sylink.bak and sylinkex.bak to the effected client and delete client from the SEPM console and from the client end did smc -stop and smc -start.
After that its working fine. one more thing I replace sylink.xml, sylink.bak and sylinkex.bak from a working client to effected client after that its working my point is should i've to replace sylink.xml, sylink.bak and sylinkex.bak to all effected clients?

Thank you very much for your effort really appriciated.

 

Rafeeq's picture

Sometimes Sylink.bak will have old info even after replacing Sylink.xml , When replacing sylink does not work You try deleting .bak and ex.bak files.

First try with Sylink.xml only if it fails delete .bak files and replace sylink.