Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Clients Failing to Communicate with SEPM

Created: 31 Jan 2008 • Updated: 20 Sep 2010 | 10 comments
Hi,
 
Finally got 2 clilents installed, using group policy software installations. I followed the instructions in the admin guide, created an admin install, added the sylink.xml file to the directory, and then created a group policy. This all seemed to work fine, and the 2 clients got SEP installed as the machine booted.
 
However, after logging in, the first client displayed the gold shield, then after a couple of seconds the little green circle appeared to show it was a managed client. Yay! I though. Then I logged in on the second client, the little gold shield appeared, but no little green circle. I checked the SEPM console, and it showed the first client in the temp group, which I moved to a new group called 'Office Internal', but the second client failed to show up. I rebooted both clients, and re-logged in. But now, the first client has dropped the little green circle, the same as the second, and I can send any remote commands from the SEPM console. Viewing the SEP system log on the clients show that communication was disconnected:
 
Disconnected from Symantec Endpoint Protection Manager.
 --- server address : 192.168.1.10
 
I've tried running smc -stop, then copying sylink.xml into the SEP folder, then running smc -start. But it doesn't re-enable comms. I've tried the SyLink drop/import tool from cd2 of the SEP install, but that didn't do anything.
 
I really need to get communications working again! I want to start rolling this out to all our clients.
 
Can anyone help?
 
Cheers
 
Ben
 
P.S. We're running Windows 2003 R2 with SEP 11.0.1000 (MR1?). These 2 clients are Windows XP SP2 x64, but other clients will be 32 bit also. All on a 100mb LAN, so speed shouldn't be a problem.

Comments 10 CommentsJump to latest comment

Chris11's picture
First, you should try to upgrade to MR1 - which is 11.0.1000.1375
But even with MR1 I still have issues, especially with Vista.
Ben Blackmore's picture
Hi Chris,
 
I believe thats the version we're running, I didn't realise it was .1375 after, as when I downloaded from fileconnect.symantec.com last night it just downloaded as Symantec_Endpoint_Protection_11.0.1000_AllWin_EN_CD1.zip
 
 
I do notice that if I try http://servername:8443 I get a weird responce, like 5 little square blocks, like characters you would see in a chinese email . I'm not sure what you're meant to see, but I seem to remember someone mentioning it was meant to give some thing recognisable.
 
Ben
Chris11's picture
Ben,
Try this from the client:
 
you should get big 'OK' in response.
 
Second, try to find util called SylinkWatcher.exe - it is troubleshooting tool which will show you what is going on with communication. I tried also 'iisreset' on SEPM server, sometimes helps.
Chris11's picture
Forgot to mention - run SylinkWatcher.exe on client.
Ben Blackmore's picture
Hi Chris,
 
Where do you get SylinkWatcher from? I can't find it on the client, or in the 2 installs CDs. I've googled the name, but the only referance is from your post dated 25th Jan:(https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=2399)
 
Is there a download link anywhere?
 
AH, I tihnk I just figured out hte problem. The http://localhost/secars/secars?hello,secars link works from the server itself, but not from the clients. Then I realised, the clients will look at the server IP in DNS, which is 192.168.1.10, which is the IP address I've assigned to our default website, which is running certificate services web enrollment, rather than the SEPM site, which is set to unassigned. I've just disabled the default web site, and the clients have started communicating.
 
I'd glad its working now, but this is a little irritating. We need the web enrollment site running as well. How can we get the 2 sites running, so that SEP is set to unassigned, but the default web enrollment site is still accessable!
 
Cheers
 
Ben
Chris11's picture
Ben,
I found this util here:
 
PM me if you can't download, I'll try to help.
 
With you website problem: I think the best would be to add second IP to your server, then create IIS site on the new IP, leaving SEPM on first. But I have no experience with SEPM and other webs running on same server.
Brettshar's picture
Hi,
 
I am also having a problem with clients communicating to the manager.
 
running SB server 2003 x64
have SEP manager and client installed on server (MR1)
the server client communicates to server fine - green light on shield and receiving updates.
 
however the clients (vista business pcs) dont seem to talk to manager
- they were deployed via manager
- secars = ok from server & on clients
- have windows firewall disabled
- have tried only installing antivirus and no network protection
 
any help would be fantastic!!
 
 
Brettshar's picture

fyi - just looking at my old post & thought i would add a response to this.

i got the problem sorted after a lot of time on the phone to symantec.

however, an adjustment to Exchange once again make it "not happy"

BUT after upgrading to 12.0 everything has clicked into place! Very Happy!

Ben Blackmore's picture
Hi Brett,
 
Firstly, have to tried the SylinkWatcher from the link above? If so, what does it show? Secondly, I've only setup SBS 2003 once before, for a client, but from what I remember, it creates a number of websites automatically, one for intranet, one for autoupdates etc. From my experience with SEPM, it doesn't work well with additional sites, as it uses the 'unassigned' IP assignment. So if you have SBS local intranet/autoupdate site setup, for example on 192.168.0.10, and DNS is setup so SBSERVER=192.168.0.10, and the SEP clients are setup to contact SBSERVER for management & updates,then they will fail as they will only ever be able to contact the intranet/autoupdate site.
 
Firstly, try disabling all other websites except the SEPM site, and make sure that is set to IP=ALL Unassigned, then let me know how you get on!
 
Ben
KalmerK's picture

Check out this link, it seems that there are some other preparations needed for Vista.

http://service1.symantec.com/SUPPORT/ent-security....

One recommendation in addition was to disable UAC while installing (pushing) and enable after reboot.