Video Screencast Help

Clients PCs NOT registering with Server

Created: 03 Feb 2008 • Updated: 22 May 2010 | 9 comments
I have pushed out the client from the Server and this appears to have installed as it shoudl with all of the settings however no matter what i try the Client will NOT register with the Server, and always complains that it is Offline when I go through the Help - Troubleshooting screen.  I have checked that i can get to http://{SEP Server}/Reporting and this comes up with the SEPM Reporing logon screen.  Not the Windows Authenication logon request, so i am assuming this is ok.  I am at a loss.
 
I have created myself a brand new PC installation of XP with SP2 and nothing else.  Not on the domain, just a plain and boring Workgroup PC.  I then mapped a drive to the server and ran the Symantec AntiVirus.msi install.  This installed like a dream, but still no joy.
 
First up, if the client can get to Reporting web site, what does this prove and how does it affect the registering of the client with the server.
 
Second, when i go through the Forum instructions for importing a new SyLink.xml file it says to delete the HardwareID registry entry first, this does NOT exist on any of my cleint PCs so i can't delete it.  I am assuming this means that it is created when it registers with the server, oh how i wish this would happen....
 
Please any ideas, as i think i have run out

Comments 9 CommentsJump to latest comment

Paul Murgatroyd's picture
interesting... what do you get when you try this:
 
 
 
 

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

NCD_AUS's picture
Interesting is certainly one way of looking at it...
 
On both occasions it get an "OK." within my web browsers.  This does indeed appear to be able to talk to the server.
 
Further more, I have taken both the 2003 Server and the XP SP2 WOrkstation and placed them into an AD OrgUnit that has Inheritance Blocking on it, and then reset the Local Security Policy back to the MS Setup Security template.  Hence it should be for all things said, brand new fresh install of both Server and Workstation, i have run RSoP to verify.
 
I then ensured that both the PC and Server were on the same Subnet, to illiminate any network routing / broadcast restriction issues.  Still no good...
 
Oh still no sign of the "HardwareID" reg key within the "HCLM -> Software -> Symantec Endpoint Protection -> SMC -> SYLINK -> SyLink" location.
 
Does the "OK." suggest the server is responding as expected?
Ben Blackmore's picture
Don't worry about deleting the HardwareID, especially if it doesn't exist. When ever I've had to import the sylink.xml file I never delete the HardwareID.
 
Have you tried the sylink import tool from the installation CD (CD2\TOOLS\NOSUPPORT\SYLINKDROP)?
 
Is the SEPM web site running with all unassigned as the IP address?
 
Do you have any other websites running in IIS on that server? I found communications between SEPM & the clients a little tricky if there are any other webs sites.
 
Try the SylinkWatcher tool from the link below, and see what it reports:
 
HTH
 
Ben
ScottM 2's picture

I appear to be in the same situation today.

Is the SEPM web site running with all unassigned as the IP address?

It was, changing it didn't seem to make any difference

Do you have any other websites running in IIS on that server? I found communications between SEPM & the clients a little tricky if there are any other webs sites.

Nope, only thing on the box is SEPM
 

Try the SylinkWatcher tool from the link below, and see what it reports:
 
HTH
 
Ben

Here's a trace I just took:

{removed per user's request}

Message Edited by OptimusPrime on 09-22-2008 07:49 AM

Ben Blackmore's picture
Scott,
 
What is your SEPM IIS config? I'm not entirely sure how to read the SylinkWatcher results, but looking at the 2 following lines in it, make me think the ports might be misconfigured:
 
 
This looks like its running on port 443 (not sure what the 042BC6E0 hex after is), SEPM is meant to run on 8443. But this is defined during the SEPM install, and shouldn't be edited via IIS, as SEPM runs in the TomCat java servlet. You should be able to re-configure the SEPM server settings by running the SEPM Server Configuration Wizard again, then take all the defaults (unless you absolutly need to change anything. I found SEP very finicky about working with no default settings).
 
What happens if you do as Paul above suggests, and open the following links:
 
 
Do you get a big OK, message?
 
Ben
ScottM 2's picture
Secars returns an OK, I have some clients that appear to communicate on port 80 and they are updating fine. I'll look at the IIS config tomorrow. Port 80 and 8443 should be defined I take it?
NCD_AUS's picture
Well in the end, i was pretty desperate, so i built myself a brand new stand-alone 2003 Server with IIS and installed SEPM then built myself a stand-alone XP SP2 Workstation and pushed the client out.  Bugger me it worked.... Oh now what.
 
Only logical solution was to build a brand new 2003 Server add it to the domain, but into an OU that block GPO inheratence.  Configured, updated, all the things you do to a server and installed SEPM.  Created a new install package as per the instructions, and attempted to roll this out.   Installed worked fine as it normally showed.  Even before I rebooted the workstation, it had a gold with green light for the system tray icon.  I checked through Troubshooting and Hey Presto - IT WORKS.
 
All i can think is that something with my original server was making it fail, did some more investigation and the only thing i found was that the server was hosting Certificate Services.....  Shouldnt affect it but hey - you just never know.
Ben Blackmore's picture
ScottM wrote:
Secars returns an OK, I have some clients that appear to communicate on port 80 and they are updating fine. I'll look at the IIS config tomorrow. Port 80 and 8443 should be defined I take it?


Not in IIS, I think IIS redirects to TomCat, which listens on port 8443. See below pic for our config.
 
 
NCD_AUS wrote:
All i can think is that something with my original server was making it fail, did some more investigation and the only thing i found was that the server was hosting Certificate Services.....  Shouldnt affect it but hey - you just never know.


I had this problem on the server which was hosting certificate services, but more importantly the certificate web enrollment site. After doing some testing, I tried disabling the web enrollment site, and SEP clients started communicating with SEPM. Do you have web enrollment installed? If so, see if your original install starts communicating after you disable it.
 
Ben
NCD_AUS's picture
I will have to give that a go, right now though i am working my way through deploying SEP across our networks.
 
I will keep everyone posted if that is indeed the issue and or if it fixes the issue.