Hello guys..

SEPM is showing about 700 clients out-of-date...

I checked one client side, and it is updated, 10/dec/2013 - R17. The Manager Home GUI has the same, so OK.

But, when I search for that client in the Manager, it is out of date..

I saw the log client side, and it got definitions from the Manager correctly.

Client is connected to Manager perfectly...

Client is 12.1.2 - Server 2008

Manager is 12.1.3 - Server 2008

Using SQL Server

Why Manager does not update the datas from clients?

is there multiple instances of the client or just one?

Are you using Clone image ?

If yes please check this

How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients

the client is in push mode or pull mode? may be it needs some time to upload logs to sepm.

Check the Rafeeq Comment from below attach forum. Hope it help

https://www-secure.symantec.com/connect/forums/some-clients-are-not-updating-their-information-sepm-appear-connected-and-update-themselves-c

Guys,

James:

 - No clone;

Brian:

 - No, just one;

Rafeeq:

 - Pull mode. Last time status changed is current. In the manager, it shows the definition 07/dec/2013 r8

Aj:

 - I will check...

Is this only happening on this one client? Or others as well?

About 700

If clients are truly updated but are not reporting correct status, it would appear to be more of a cosmetic issue. Have you tried updating one client to 12.1.3 so it is on the same version as the SEPM?

Well... I have a client 12.1.2 with problem... 64 bits, server 2008

My notebook is 12.1.2, without problem, 64 bits, windows 7...

If it was a problem with version, it should happened before, because I am running 12.1.3 more than 1 month..

I changed the GUP police, adding four more clients... This is the only current change I did.

I though anything about SQL server, but, all clients should be wrong, right?

I think I need to open a ticket.... :(

...unless it's specific to 2008.

Hello,

SEPM console is just showing what is in the DB and the DB is populated with what comes from clients...

Please, have a look at the <SEPM installation folder>\data\inbox\agentinfo and let us know what you see:

- few files or several files?

- .tmp or .dat files?

- the amount of files is increasing, fixed or just up and down with trend to zero?

The expected behavior is the following:

- SEPM webserver moves log files received from clients to the inbox subfolders

- those files are .tmp during the transfer and changed to .dat when they are complete

- .dat files are parsed and entered into the DB, hence deleted

That's you should see new .tmp entering in the folder, renamed as .dat and then deleted automatically, different behaviour could be a sign of something wrong in processing clients' logs.

Beppe,

I have 69 items... and it gone to 70 and 69 again..

I have a lot of like this:

2b788460-72ad-4c35-8e5d-d162ab3cf898.dat.err

and like this:

52b38cd2-e25d-4485-b903-56f5cbff1c37.tmp

.dat.err and .tmp

And now?

Well..

I stopped SEPM services...

I backuped the files inside the folder...

Deleted all files...

I did it in both SEPM servers, I have 2.

I started the services... and now... I think it is working great!.. I just have 1 file now, at least.

But, why it occurred?

Rafeeq, I saw a post that you helped a guy, take a look:

https://www-secure.symantec.com/connect/forums/sepm-reports-virus-defs-outdated-client-shows-date-defs-console

Hello

Hope all communication is good from client and Server?

If not please check and update.

Regards

Ajin

Those are just tmp files and can be safely deleted. Perhaps something got hung up.

Guys, I did those steps below, like rafeeq shown in another post:

1. Browse to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agentinfo

2. Look for any .err files or tmp files & Dat files

3. If you find anything which is not processed by sepm then it might be the reason for the client data loss

4. Stop SEPM services from services.msc 

5. Delete all the files inside the location \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo

6. Restart the SEPM services.

Wow!! :)

it was from here may be handy next time 

Symantec Endpoint Protection Manager does not parse client forwarded logs in a timely manner.

http://www.symantec.com/business/support/index?page=content&id=TECH91835

Hello,

sorry for the late response, .err files are indication that there was an issue in parsing them, the fact their amount is not increasing it means it got stable. It happens the parser gets stuck in trying to process damaged files, hence, you resolved the issue by cleaning those files up.