Endpoint Protection

 View Only

  • 1.  Clients loosing configuration group

    Posted Mar 28, 2013 04:14 AM

    Hi,

    we are experiencing a strange issue on SEP Managed clients. 

    To allow some of them to connect through VPN, we have moved them (from the console) from the standard group to a dedicated one. 

    All is working correctly, they get teh new policy and own to the new group, until they (after some days ) come back to the office and connect to the LAN. In this case they are moved back to the original group.

    Seems like the client are deleted ( due to the secting of deleting clients not connecting for 30 days ) but when they connect back to the server, they are back to the original group, no to the last one.

    Does this make sense? Is there a way to avoid this without removing the 30 days deletion?

    Thanks,
    Mirko



  • 2.  RE: Clients loosing configuration group
    Best Answer

    Posted Mar 28, 2013 04:26 AM

    Hello,

    If you have setting delete 30 day's you can't avoid this problem.

    Did you try to replace sylink.xml file (Move to another group) when sep client are connected SEPM server ?



  • 3.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 04:30 AM

    Hi, Mirko.

    If version is 12.1. check Polices - General Settings - General Settings - Remember the last location.

    If box checked - client hold first group (usually install group).

    You can use sylinkDrop.exe to change connection group of client.

     

    Regards,

      UB

     



  • 4.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 04:36 AM

    Hi,

     

    Seems duplicate ID check this

    Article:HOWTO54706 | Created: 2011-06-27 | Updated: 2012-03-30 | Article URL http://www.symantec.com/docs/HOWTO54706

    also try this step.

     

     

    Duplicate Hardware IDs result in only one client showing up in the Symantec Endpoint Protection Manager for multiple systems

    1. Stop SMC on both of the affected client computers by clicking Start Run, type smc -stop then click OK.
    2. On the SEPM console, delete the client entry that the two computers have been sharing. This will prevent the client duplication that would otherwise occur due to the following steps.
    3. On each of the affected computers, go to registry location:
      • HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylink
    4. Clear the value for "Hardware ID." (make it blank)
    5. Disable Tamper Protection if you are unable to edit the value.
    SEP 12.1 Location:
    • Windows XP/2003: C:\Documents and Settings\All Users\Application Data\Symantec\Persisted Data
    • Windows Vista/7/2008: C:\Program Data\Symantec\Symantec Endpoint Protection\Persisted Data
    1. Find file "sephwid.xml". Rename it to "sephwid.xml.bak".
    2. Start SMC on each computer by clicking Start Run, type smc -start then click OK.
    3. Check the SEPM console for the new SEP client
      • When the clients check in they should have unique hardware IDs

    4.  



  • 5.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 04:38 AM

    hi,

     

    can you please give me the steps how to check setup delete 30 days.

     

     

    - mani



  • 6.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 04:45 AM
             

    Configure SEPM to remove clients which have not connected within a specific number of days.

    1. Open SEPM and select the Admin panel.
    2. Click on Servers
    3. Right click on the Site where your management servers are located and choose Edit Properties
    4. Check "Delete Clients that have not connected for __ Days"
    5. Enter a value for Days.
    6. Click OK.

    NOTE: In version 12.1 of the SEPM, the location for adjusting the setting to delete clients which have not connected for X number of days has moved:

    1. In the SEPM, go to the Admin page.
    2. Select Domains.
    3. Under Tasks, select Edit Domain Properties
    4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."


  • 7.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 05:21 AM

    Hi manipillaii, the duplicate Hardaware ID was the first thing I've checked, and this is not hte case.

    ub40, the Remember the last location referse to the location in case of location awarness is enabled, does not seems to be relatet to the group the client belongs to.

    ManishS, I've just moved the clients from the console. Are you suggestign to replace the sylink instead?

    thansk all of you for your suggestions



  • 8.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 05:40 AM

    yes you can test one or two system



  • 9.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 05:42 AM

    Any location specific policy for VPN clients?

    Check this document

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55046#v15672020



  • 10.  RE: Clients loosing configuration group

    Posted Mar 28, 2013 09:38 AM

    For new computers with VPN Connection I've created a package linked to the VPN group for the installation, so it should be ok.

    We will see for the old ones...

     

    Thanks again