Endpoint Protection

 View Only

  • 1.  Client Server : Offline when install Manage

    Posted Sep 14, 2009 11:05 PM
    Hi All, 

    I facing the problem with my 2 clients when i install SEP manage. What i see in client troubleshooting screen are :
     -. Server = Offile 
    -. Policy serial number is different with other pc that success already

    What i have done to all my client are push from server using "Migration & installation wirzard".
    All pc are working fine with Migration & Installation Wizard including 2 clients that got the problem.

    I try to follow some instrucion from this forum but i still got the problem. 
    1. No IIS in my client
    2. I check using http://server IP : port/reporting -> It is running
    3. also check with http://server:port/secars?hello,secard -> OK
    4. Using manual update policy
    5. Try with manual copy sylink.xml.

     Please help me 

    Thank you so much


  • 2.  RE: Client Server : Offline when install Manage

    Broadcom Employee
    Posted Sep 14, 2009 11:51 PM
    run sylink montior tool on the  client and update the policy , gather the logs for sometime and paste the logs here


  • 3.  RE: Client Server : Offline when install Manage

    Posted Sep 14, 2009 11:51 PM
    Hi,

    Please run sylinkmonitor tool and post the logs here so that we can identify the problem.

    It could be a proxy setting that has been mis-configured, but we wouldnt want to speculate anything untill we have the logs.

    Also, refer to the following document: 

    Symantec Endpoint Protection Manager 11.x communication troubleshooting   
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101711103548

    Best,
    Aniket


  • 4.  RE: Client Server : Offline when install Manage

    Posted Sep 15, 2009 12:20 AM
     Hi Pete & Aneket,

    FYI: 
    -. We are not use proxy


    Here is the log.

    Thank you in advance.

    09/15 11:13:44 [804] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
    09/15 11:13:45 [3376] <CheckHeartbeatTimer>====== Heartbeat loop starts at 11:13:45 ======
    09/15 11:13:46 [3376] <GetOnlineNicInfo>:Netport Count=1
    09/15 11:13:46 [3376] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.110.85.16" Mac="00-1b-9e-5c-5c-63" Gateway="10.110.85.1" SubnetMask="0.0.0.0"/></SSANICs>
    09/15 11:13:46 [3376] <CalcAgentHashKey>:CH=607F06940A6E550801085D940163D8671ZLID97SALES005JPCID.COM0F22CC676F334C03F42AEFF99DB9EF15
    09/15 11:13:46 [3376] <CalcAgentHashKey>:CHKey=F337EC7CA5D3C242A73E44A3CC58761C
    09/15 11:13:46 [3376] <CalcAgentHashKey>:C=607F06940A6E550801085D940163D8671ZLID97SALES005JPCID.COM
    09/15 11:13:46 [3376] <CalcAgentHashKey>:CKey=1C2F36630981C3F471AB34E20CDDB2A2
    09/15 11:13:46 [3376] <CalcAgentHashKey>:UCH=607F06940A6E550801085D940163D8670aka_teofilusJPCID.COMZLID97SALES005JPCID.COM0F22CC676F334C03F42AEFF99DB9EF15
    09/15 11:13:46 [3376] <CalcAgentHashKey>:UCHKey=ADA01A8E668BD21D1DB715811E58BBB9
    09/15 11:13:46 [3376] <CalcAgentHashKey>:UC=607F06940A6E550801085D940163D8670aka_teofilusJPCID.COMZLID97SALES005JPCID.COM
    09/15 11:13:46 [3376] <CalcAgentHashKey>:UCKey=94C7C6A596B841A625122AB446CE7CC8
    09/15 11:13:46 [3376] <DoHeartbeat>HardwareID=0F22CC676F334C03F42AEFF99DB9EF15
    09/15 11:13:46 [3376] <DoHeartbeat>CHKey=F337EC7CA5D3C242A73E44A3CC58761C
    09/15 11:13:46 [3376] <DoHeartbeat>CKey=1C2F36630981C3F471AB34E20CDDB2A2
    09/15 11:13:46 [3376] <DoHeartbeat>UCHKey=ADA01A8E668BD21D1DB715811E58BBB9
    09/15 11:13:46 [3376] <DoHeartbeat>UCKey=94C7C6A596B841A625122AB446CE7CC8
    09/15 11:13:46 [3376] <DoHeartbeat> Set heartbeat event
    09/15 11:13:46 [3376] Use new configuration
    09/15 11:13:46 [3376] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 11:13:46 ======
    09/15 11:13:46 [3376] HEARTBEAT: Check Point 1
    09/15 11:13:46 [3376] HEARTBEAT: Check Point 2
    09/15 11:13:46 [3376] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    09/15 11:13:46 [3376] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    09/15 11:13:46 [3376] HEARTBEAT: Check Point 3
    09/15 11:13:46 [3376] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    09/15 11:13:46 [3376] HEARTBEAT: Check Point 4
    09/15 11:13:46 [3376] <RegHeartbeatProc>===Registration STAGE===
    09/15 11:13:46 [3376] <MakeRegisterData:>logon id (domain/user)=JPCID.COM/aka_teofilus
    09/15 11:13:46 [3376] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="607F06940A6E550801085D940163D867" AgentType="105" UserDomain="JPCID.COM" LoginUser="aka_teofilus" ComputerDomain="JPCID.COM" ComputerName="ZLID97SALES005" PreferredGroup="Myompany    ‹Default        8.71221E-291roup" PreferredMode="1" HardwareKey="0F22CC676F334C03F42AEFF99DB9EF15" SiteDomainName=""/>
    <SSAHostInfo><NetworkIdentity UserDomain="JPCID.COM" LogonUser="aka_teofilus" HostDomain="JPCID.COM" HostName="ZLID97SALES005" HostDesc="" />
    <SSAProduct Version="11.0.4000.2295" />
    <SSAOS Version="5.1.2600" Desc="Windows             3B5BD58PProfessional" Type="17105154" ServicePack="ServicePack"/>
    <Processor ProcessorType="x86    -0x1.fd71c6p-202mily%20Model%20Stepping" ProcessorClock="1462" ProcessorNum="2"/>
    <Memory Size="1063596032"/>
    <BIOS Version="TOSINV-"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="026B-090.000000140.0000002009%3a510x0.d000b0p-102211"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-420" />
    <DNSs><DNS Address="10.110.85.5"/></DNSs>
    <DHCPServer Address="10.110.85.5"/><SSANICs><SSANIC Ip="10.110.85.16" Mac="00-1b-9e-5c-5c-63" Gateway="10.110.85.1" SubnetMask="0.0.0.0"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    09/15 11:13:46 [3376] <SyLink>[MakeRegisterData] registration Hardware Key=0F22CC676F334C03F42AEFF99DB9EF15
    09/15 11:13:46 [3376] ************Reg CSN=195
    09/15 11:13:46 [3376] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1253
    s_session_id: 0F22CC676F334C03F42AEFF99DB9EF15
    Sygate-SSN: 195
    <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="607F06940A6E550801085D940163D867" AgentType="105" UserDomain="JPCID.COM" LoginUser="aka_teofilus" ComputerDomain="JPCID.COM" ComputerName="ZLID97SALES005" PreferredGroup="Myompany    ‹Default        8.68251E-291roup" PreferredMode="1" HardwareKey="0F22CC676F334C03F42AEFF99DB9EF15" SiteDomainName=""/>
    <SSAHostInfo><NetworkIdentity UserDomain="JPCID.COM" LogonUser="aka_teofilus" HostDomain="JPCID.COM" HostName="ZLID97SALES005" HostDesc="" />
    <SSAProduct Version="11.0.4000.2295" />
    <SSAOS Version="5.1.2600" Desc="Windows             3B5AA60PProfessional" Type="17105154" ServicePack="ServicePack"/>
    <Processor ProcessorType="x86    -0x1.fc2246p-202mily%20Model%20Stepping" ProcessorClock="1462" ProcessorNum="2"/>
    <Memory Size="1063596032"/>
    <BIOS Version="TOSINV-"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="026B-090.000000140.0000002009%3a510x0.d000b0p-102211"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-420" />
    <DNSs><DNS Address="10.110.85.5"/></DNSs>
    <DHCPServer Address="10.110.85.5"/><SSANICs><SSANIC Ip="10.110.85.16" Mac="00-1b-9e-5c-5c-63" Gateway="10.110.85.1" SubnetMask="0.0.0.0"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    09/15 11:13:46 [3376] <SendRegistrationRequest:>http://jpcidw2k02:80141V–¤l
    óó7D#‹‚;øüÃ4±г
    Tn¦ˆ»KÔÊ@l
    09/15 11:13:46 [3376] <SendRegistrationRequest:>SMS return=500
    09/15 11:13:46 [3376] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
    09/15 11:13:46 [3376] <SendRegistrationRequest:>ERR to query content length
    09/15 11:13:46 [3376] <SendRegistrationRequest:>Content Lenght => 
    09/15 11:13:46 [3376] HTTP returns status code=500
    09/15 11:13:46 [3376] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    09/15 11:13:46 [3376] <SendRegistrationRequest:>COMPLETED
    09/15 11:13:46 [3376] HEARTBEAT: Check Point 5.1
    09/15 11:13:46 [3376] <RegHeartbeatProc>switch to another server
    09/15 11:13:46 [3376] HEARTBEAT: Check Point 9
    09/15 11:13:46 [3376] HEARTBEAT: Check Point 8
    09/15 11:13:46 [3376] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    09/15 11:13:46 [3376] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    09/15 11:13:47 [3376] HEARTBEAT: Check Point 1
    09/15 11:13:47 [3376] HEARTBEAT: Check Point 2
    09/15 11:13:47 [3376] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    09/15 11:13:47 [3376] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    09/15 11:13:47 [3376] HEARTBEAT: Check Point 3
    09/15 11:13:47 [3376] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    09/15 11:13:47 [3376] HEARTBEAT: Check Point 4
    09/15 11:13:47 [3376] <RegHeartbeatProc>===Registration STAGE===
    09/15 11:13:47 [3376] <MakeRegisterData:>logon id (domain/user)=JPCID.COM/aka_teofilus
    09/15 11:13:47 [3376] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="607F06940A6E550801085D940163D867" AgentType="105" UserDomain="JPCID.COM" LoginUser="aka_teofilus" ComputerDomain="JPCID.COM" ComputerName="ZLID97SALES005" PreferredGroup="Myompany    ‹Default        8.71221E-291roup" PreferredMode="1" HardwareKey="0F22CC676F334C03F42AEFF99DB9EF15" SiteDomainName=""/>
    <SSAHostInfo><NetworkIdentity UserDomain="JPCID.COM" LogonUser="aka_teofilus" HostDomain="JPCID.COM" HostName="ZLID97SALES005" HostDesc="" />
    <SSAProduct Version="11.0.4000.2295" />
    <SSAOS Version="5.1.2600" Desc="Windows             3B5BD58PProfessional" Type="17105154" ServicePack="ServicePack"/>
    <Processor ProcessorType="x86    -0x1.fd71c6p-202mily%20Model%20Stepping" ProcessorClock="1462" ProcessorNum="2"/>
    <Memory Size="1063596032"/>
    <BIOS Version="TOSINV-"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="026B-090.000000140.0000002009%3a510x0.d000b0p-102211"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-420" />
    <DNSs><DNS Address="10.110.85.5"/></DNSs>
    <DHCPServer Address="10.110.85.5"/><SSANICs><SSANIC Ip="10.110.85.16" Mac="00-1b-9e-5c-5c-63" Gateway="10.110.85.1" SubnetMask="0.0.0.0"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    09/15 11:13:47 [3376] <SyLink>[MakeRegisterData] registration Hardware Key=0F22CC676F334C03F42AEFF99DB9EF15
    09/15 11:13:47 [3376] ************Reg CSN=196
    09/15 11:13:47 [3376] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1253
    s_session_id: 0F22CC676F334C03F42AEFF99DB9EF15
    Sygate-SSN: 196
    <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="607F06940A6E550801085D940163D867" AgentType="105" UserDomain="JPCID.COM" LoginUser="aka_teofilus" ComputerDomain="JPCID.COM" ComputerName="ZLID97SALES005" PreferredGroup="Myompany    ‹Default        8.68251E-291roup" PreferredMode="1" HardwareKey="0F22CC676F334C03F42AEFF99DB9EF15" SiteDomainName=""/>
    <SSAHostInfo><NetworkIdentity UserDomain="JPCID.COM" LogonUser="aka_teofilus" HostDomain="JPCID.COM" HostName="ZLID97SALES005" HostDesc="" />
    <SSAProduct Version="11.0.4000.2295" />
    <SSAOS Version="5.1.2600" Desc="Windows             3B5AA60PProfessional" Type="17105154" ServicePack="ServicePack"/>
    <Processor ProcessorType="x86    -0x1.fc2246p-202mily%20Model%20Stepping" ProcessorClock="1462" ProcessorNum="2"/>
    <Memory Size="1063596032"/>
    <BIOS Version="TOSINV-"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="026B-090.000000140.0000002009%3a510x0.d000b0p-102211"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-420" />
    <DNSs><DNS Address="10.110.85.5"/></DNSs>
    <DHCPServer Address="10.110.85.5"/><SSANICs><SSANIC Ip="10.110.85.16" Mac="00-1b-9e-5c-5c-63" Gateway="10.110.85.1" SubnetMask="0.0.0.0"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    09/15 11:13:47 [3376] <SendRegistrationRequest:>http://10.110.85.8:80141V–¤l
    óó7D#‹‚;øüÃ4±г
    Tn¦ˆ»KÔÊ@l
    09/15 11:13:47 [3376] <SendRegistrationRequest:>SMS return=500
    09/15 11:13:47 [3376] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
    09/15 11:13:47 [3376] <SendRegistrationRequest:>ERR to query content length
    09/15 11:13:47 [3376] <SendRegistrationRequest:>Content Lenght => 
    09/15 11:13:47 [3376] HTTP returns status code=500
    09/15 11:13:47 [3376] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    09/15 11:13:47 [3376] <SendRegistrationRequest:>COMPLETED
    09/15 11:13:47 [3376] HEARTBEAT: Check Point 5.1
    09/15 11:13:47 [3376] <ScheduleNextUpdate>new scheduled heartbeat=64 seconds
    09/15 11:13:47 [3376] HEARTBEAT: Check Point 8
    09/15 11:13:47 [3376] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    09/15 11:13:47 [3376] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    09/15 11:13:47 [3376] <RegHeartbeatProc>====== Registration Procedure stops at 11:13:47 ======
    09/15 11:13:47 [3376] HEARTBEAT: Check Point 10
    09/15 11:13:47 [3376] HEARTBEAT: Check Point Complete
    09/15 11:13:47 [3376] <RegHeartbeatProc>Done, Heartbeat=64seconds
    09/15 11:13:47 [3376] HeartbeatProcFailed to get profile with proxy setting 2
    09/15 11:13:47 [3376] <CheckHeartbeatTimer>====== Heartbeat loop stops at 11:13:47 ======
    09/15 11:14:14 [2068] <CSyLink::mfn_DownloadNow()>
    09/15 11:14:14 [2068] </CSyLink::mfn_DownloadNow()>
     


  • 5.  RE: Client Server : Offline when install Manage

    Posted Sep 15, 2009 12:35 AM
    I see HTTP 500 error in the log fil. Refer to the KB: http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ec5174e141a5df8fca2574d8001df6ab?OpenDocument

    In other words, run the management server configuration wizard and change the Remote Console port from 9090 to 9091

    let us know if this works for you.

    Best,
    Aniket


  • 6.  RE: Client Server : Offline when install Manage

    Posted Sep 15, 2009 03:09 AM
    Hi Aniket, 

    Thank you for your quick respond.

    I have more then 10 clients that already up sucessfully only 2 clients got problem. So , before i follow your instruction i just want to ask you 
    1. Is there any effect ( server offline or can not connect) to all client  if i re-configure server & change the server port ?
    2. If yes, do i have to reinstall/PUSH to all client ?

    Thanks again Aniket.
         



  • 7.  RE: Client Server : Offline when install Manage
    Best Answer

    Posted Sep 15, 2009 03:22 AM
    Hi Selo,

    The client-server communication will not be hampered after changing the port to 9091. However, if, after changing the port, if the 2 computers still do not communicate with the SEPM, then you can follow the kb: http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/15d09e610210e617ca25747400066841?OpenDocument

    The reason is, if 8 computers are communicating, and 2 are not, most probably, something is wrong at the client side.

    Best,
    Aniket






  • 8.  RE: Client Server : Offline when install Manage

    Posted Sep 15, 2009 03:54 AM
    on the two clients, make sure that you have the right sylink.

    500 is at the server end.. issues with IIS
    in IIS, under directory security,
    Have you allowed all the IPs, or have some restrictions ?



  • 9.  RE: Client Server : Offline when install Manage

    Posted Sep 15, 2009 06:49 AM
    Thank you so much Aniket.

    I follow your instruction to run the management server configuration wizard and change the Remote Console port from 9090 to 9091