Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Client status is not updated

Created: 05 Feb 2013 | 10 comments

We deploy SEP client successfully to a server in another domain, it shows deployment has been completed. log onto this server, SEP has been installed. But Last Connected is blank, and SEPM Server is offline. We also cannot find this SEP client server name on SEPM.

We run update policy and check the connection by netstat command, found that it is connecting to 8014 port.

Our question is:

1. Is this problem caused by network port restriction ?

2. What ports SEP needs to connect to SEPM server ,so that SEP client can be managed properly?

3. What ports SEP needs to connect to LUA server for definition and others download?

Comments 10 CommentsJump to latest comment

Ashish-Sharma's picture

 

Troubleshooting Client Communication with SEPM

Article:TECH95789  |  Created: 2009-01-26  |  Updated: 2012-01-03  |  Article URL http://www.symantec.com/docs/TECH95789
 

 

 

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

Article:TECH105894  |  Created: 2008-01-12  |  Updated: 2012-10-04  |  Article URL http://www.symantec.com/docs/TECH105894
 

 

2. What ports SEP needs to connect to SEPM server ,so that SEP client can be managed properly?

 

Which Communications Ports does Symantec Endpoint Protection use?

Article:TECH163787  |  Created: 2011-07-01  |  Updated: 2012-03-30  |  Article URL http://www.symantec.com/docs/TECH163787
 

 

Thanks In Advance

Ashish Sharma

 

 

Sumit G's picture

Find the attach blog

It help you for troubleshooting aobut offile clients

https://www-secure.symantec.com/connect/blogs/troubleshoot-method-offline-clients

Regards

Sumit G.

Mithun Sanghavi's picture

Hello,

Our question is:

1. Is this problem caused by network port restriction ?

Could be.

2. What ports SEP needs to connect to SEPM server ,so that SEP client can be managed properly?

TCP port 80, 8014 Communication between the SEP manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older). The 11.x product line uses IIS. The 12.x product line uses Apache.

TCP port 2638 Communication between the Embedded Database and the SEP Manager.

3. What ports SEP needs to connect to LUA server for definition and others download?

TCP port 80, 8014

http://www.symantec.com/docs/TECH163

In your case, could you please collect the sylink.log and upload it to us to understand the root cause of the issue - 

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

 

1. Is this problem caused by network port restriction ? Yes ( Most of the times port 8014 willbe blocked)

2. What ports SEP needs to connect to SEPM server ,so that SEP client can be managed properly?

on the client open the sylink.xml file. 6th line will have SEPM server name and port used for communication enable that.

3. What ports SEP needs to connect to LUA server for definition and others download?

it should be on 7070

 

SymQNA's picture

Dear All
Please refer to below log
Does it mean
http://SER-SEPM.corp.oocl.com:8014 is not accessible ? any other port problem

02/06 17:50:37.070 [2952] http://SER-SEPM.corp.oocl.com:8014
02/06 17:50:37.070 [2952] 17:50:37=>Send HTTP REQUEST
02/06 17:50:45.837 [2268] SyLinkCreateConfig => Created instance: 01C72658
02/06 17:50:45.837 [2268] Importing ConfigObject: 01CD9440 into: 01C72658
02/06 17:50:58.197 [2952] 17:50:58=>HTTP REQUEST sent
02/06 17:50:58.197 [2952] 12029=>The attempt to connect to the server failed.
02/06 17:50:58.197 [2952] 17:50:58=>QUERY return code
02/06 17:50:58.197 [2952] 17:50:58=>QUERY return code completed
02/06 17:50:58.197 [2952] SMS return=0
02/06 17:50:58.197 [2952] 0=>Uninterpreted Status
02/06 17:50:58.197 [2952] ERR to query content length
02/06 17:50:58.197 [2952] Content Lenght =>
02/06 17:50:58.197 [2952] HTTP returns status code=0
02/06 17:50:58.197 [2952] RECEIVE STAGE COMPLETED
02/06 17:50:58.197 [2952] COMPLETED, returned 5
02/06 17:50:58.212 [2952] HEARTBEAT: Check Point 5.1
02/06 17:50:58.212 [2952] switch to another server
02/06 17:50:58.212 [2952] HEARTBEAT: Check Point 9
02/06 17:50:58.212 [2952] HEARTBEAT: Check Point 8
02/06 17:50:58.212 [2952] going to post event=EVENT_SERVER_DISCONNECTED
02/06 17:50:58.212 [2952] done post event=EVENT_SERVER_DISCONNECTED, return=0
02/06 17:50:58.712 [2952] HEARTBEAT: Check Point 1
02/06 17:50:58.712 [2952] HEARTBEAT: Check Point 2
02/06 17:50:58.712 [2952] going to post event=EVENT_SERVER_CONNECTING
02/06 17:50:58.712 [2952] done post event=EVENT_SERVER_CONNECTING, return=0
02/06 17:50:58.712 [2952] HEARTBEAT: Check Point 3
02/06 17:50:58.712 [2952] Setting the session timeout on Profile Session (Registration) to 30000
02/06 17:50:58.728 [2952] HEARTBEAT: Check Point 4
02/06 17:50:58.728 [2952] ===Registration STAGE===
02/06 17:50:58.728 [2952] logon id (domain/user)=LocalComputer/Administrator
02/06 17:50:58.728 [2952] Loading current group:My Company\TEST_GROUP
02/06 17:50:58.728 [2952] Loading preferred group:My Company\TEST_GROUP
02/06 17:50:58.728 [2952] Loading preferred mode:1
02/06 17:50:58.728 [2952] It's a client which has never registered to server, it should use the settings in sylink.xml, PreferredGroup is My Company\TEST_GROUP, PreferredMode is 1
02/06 17:50:58.728 [2952] It will remember both current group and mode, PreferredGroup is My Company\TEST_GROUP, PreferredMode is 1
02/06 17:50:58.728 [2952]

Ashish-Sharma's picture

HI,

Are you able to telnet 8014 ?

Thanks In Advance

Ashish Sharma

 

 

MASH1's picture

Hi,

On how many machines are you facing this issue?

If its on only one machine then try to replace the sylink file and check if it comunicates. Then you can try to delete the system proxy and check if it communicates.

Are you able to do a telnet on port 8014 from client side?

 

- MASH

Ambesh_444's picture

Hello,

 

Make sureSEPM server should be able to connect LUA server on port 8080 ( default for LUA)

In SEPM-Admin-Servers-Local Site-Properties-Liveupdate-Source Server.

add the distribution address for LUA server.
it would  be something like http://< name or ip of LUA server/Clu-Prod:8080

And in SEPM-Liveupdate-Policies 
Make sure only Default Management Server (SEPM) is selected

In this way you will acheive what you want.

Internet -> LUA->SEPM -> All Clients

 

 

Please find the link for all sep related port.

http://www.symantec.com/business/support/index?pag...

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

pete_4u2002's picture

is there firewall between?
is proxy in between the client and SEPM?

SebastianZ's picture

According to log the client is getting timeout while trying to register to SEPM:

02/06 17:50:58.712 [2952] Setting the session timeout on Profile Session (Registration) to 30000

02/06 17:50:58.197 [2952] 12029=>The attempt to connect to the server failed.

 

- any proxy in between these machines?

- have a look at similar threads:

https://www-secure.symantec.com/connect/forums/sym...

https://www-secure.symantec.com/connect/forums/sep...

 

- try this as well:

Open registry

Browse to

\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections and export the connections folder to a memorable location.

- backup registry

Then browse to

\HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections and delete the following keys.

DefaultConnectionSettings
SavedLegacySettings