Maybe a corrupt package. Did you try creating this package again.. We havent seen any such issues with installs yet...

Hi, how many packages are currently setup?

I have rebuilt the packages multiple times, always with the same results.

I have 4 different packages and a 32bit and 64bit version of each:

Workstation package with AV/AS & PTP. NTP set not to install. But NTP installs.
Laptop package. Setup the same as the workstation package except with a liveupdate policy change to allow to connect to symantec when away from the office.
Server package installing only AV/AS. NTP does not try to install.
Unmanaged package for our machines outside of our network that cannot be reached by our management console. NTP does not install as setup.

The workstation, laptop, and unmanaged all are built from the same custom install settings and feature sets. The server package shares the same install settings, but a different feature set.

I remade the client install settings and client install feature sets and then rebuilt each install package.

I just pushed out the install to 12 more PCs. From the console, once they are installed and initially check in it shows the firewall not installed and on the client PC NTP is not installed. Once the PC receives the initial update, firewall shows enabled and NTP shows up on the client. Reboot does nothing to correct this. I pushed out the same install packs to the same PCs and now NTP is gone, even after check in with the server

Hi Eric, how are you deploying the package?

I am pushing it out with "ClientRemote.exe" using the Push Deployment Wizard.

Hi Eric,

Please create a package with only AV/AS and deploy it to  a computer.

Lets check if the NTP component still gets installed.

Cheers,
Aniket Amdekar

I do have a package with just AV/AS that I install on servers and it works correctly.

Anyone have any ideas? Is there possibly a policy I have to turn off or on or adjust?

Hi eric, are you deploying from a DC?

Yes I am

Hi Eric,

Try  using  Find unmanaged  computer  feature inside  SEPM, and  see  if the same  happens.

Vishal Kalani.

Unfortunately when you deploy the package via a GPO in AD, the features set is ignored and all components are installed.
To avoid this you should customize your .msi with some options described in the installation_guide.pdf and in the MSI_FAQ.txt in CD1.
Try to use "find unmanaged computers" or export the package and run it locally in a client and confirm us that in these ways the installation works fine.

Vishal... I am trying to find time to run that and give it a try, I will let you know the results when I do.

Giuseppe... I am not using GPO to deploy the package. The console is located on a DC, but I am using the ClientRemote.exe to push out the install.

I just ran the install package locally on a newly setup PC and the same result happened, NTP installed. I ran the same install package again locally and NTP is not installed now.

Can you post the sep_inst.log?

Sure, I would love to post the log. Where do I find it?

you can find the long in %temp% directpry:
Start->run->%temp%
Check for sep_inst.log

On the client or the server?

on the client machine

Might want to try this:

1. Export package unchecking single exe option from SEP Manager
2. Check the "setaid.ini" file from the package
3. Verify the value for NTP that its set to = 0
4. If not we can simply change the same as per the requirement

Thanks :)

I tried posting the SEP_INST.LOG but its too large and won't let me paste. Here is thesetaid.ini though:

; NOTE: Do not edit the config below
[PREDEFINED_SMC_CONFIG]
AppType=105
VendorID=4096
PlatformType=WIN32BIT

; User configureable options
PackageChecksum=12a723c95d2d25233a8a273275a3a195
[CUSTOM_SMC_CONFIG]
InstallNewInstanceOnly=0
InstallUserInterfaceLevel=s
KeepPreviousSetting=0
InstallationLogDir=%TEMP%\SEP_INST.LOG
DestinationDirectory=
LaunchIt=1
AddProgramIntoStartMenu=1
UIRebootMode=3

[LU_CONFIG]
ServerProduct=SESM AntiVirus Client Win32
ServerLanguage=English
ServerVersion=11.0.4014
SequenceNumber=0
ServerMoniker={6FC87801-0A02-87E0-019C-D75A0A3BBC5F}
ClientProduct=SESC AntiVirus Client Win32
ClientLanguage=English
ClientVersion=11.0.4014
ClientMoniker={3572AC3E-0A02-87E0-019C-D75A48D9DC60}
SequenceTag=PATCH
ShortName=sesmAvClient32en_MR4
DisplayName=Symantec Endpoint Protection Win32 11.0.4014.26 (English)
CONNECT_LU_SERVER=0

[FEATURE_SELECTION]
SAVMain=1
EMailTools=1
OutlookSnapin=1
NotesSnapin=0
Pop3Smtp=1
ITPMain=0
Firewall=0
PTPMain=1
COHMain=1
DCMain=0

Hi Eric, pls post the SEP inst log, just copy the most recent logs, or just zip it and attach it here.

Erik,
i can suggest you to use SEP client installation on CD, only replace setup.ini and setaid.ini with the same files from created packages
i'm using this method - it works

Paul - I would love to post or attach the sep_install.log but it is 7MB. It won't paste and I don't see any way to attach it. And it is only the log for one install. I made sure there was no such file before I started the install.

Viachaslau - Thanks for the tip. I tried it and it did stop NTP from installing, but it doesn't attach the client to the management console.

I have noticed something I wasn't aware of before. After the install completes initially, I open SEP and only SAV/SAS and PTP are running, but they have not hit the server for updates yet. When they do go out and grab the updates, thats when NTP starts.

Eric,
you have to copy sylink.xml file too

Viachaslau - I added the sylink.xml and it did connect the client to the server. But alas, the problem persists. It still installed NTP.

Because it doesn't install NTP until after the first heartbeat, my thought it that there is a setting or policy on the server causing this. Does that seem like a sound diagnosis? And if so, any thoughts on what setting or policy? I have gone through every setting and policy and I can find and do not see anything pertinent.

Hi folks,

We'll have a video available in a few days about creating custom install packs.  Look for it in the video section: https://www-secure.symantec.com/connect/security/v...

Best,

Eric

I know how to create a custom install package. That does not appear to be where the problem is. My custom install packages install exactly what I want, but when they go back and hit the server for updates for the first time, it installs NTP. I push out the install pack again and everything is fine.

1) Admin > Install Packages > Settings

2) Create a new setting which has the option of "Remove all previous logs, policies and reset the client server communication"

3) Use this setting while exporting the package.

4) Push with clientremote.exe or migration and deployment wizard

4) This will uninstall the existing clients, Reinstall them with the new configuration set.

Paul...

That is the process I have been using exactly to do the initial install of the client and the follow up install to remove NTP. I use the same package both times.

Right now, to get a client running correctly with the right features I have to push out the install package to each machine twice. Anyone in IT knows, that is not acceptable. Though the amount of time I have spent on this forum I could have pushed out the install a few dozen times.

What other information can I give to get some help?

Can you upgrade the SEPM to the latest version, i.e. MR4MP2 and try to push the package again.

Cheers,
Aniket

I see this two ways:

1) You are using the actual .msi, not setup.exe to install, this will instal all features regardless of what was exported from the console.  NTP isnt there until reboot, so it appears that it installs later.

2) You have a package assigned to the group these machines are in that has the full feature set.  The initial install has only AV, but after checking in, it 'upgrades' through the assigned package in its group.

Can you check these situations?

Yes, check the Client Group you created the install packge for and make sure there are no packages assigned to that group. The problem you are describing is exactly what will happen if you assign a package to a group via the "Install Packages" tab in the client view. You can deploy all you want via the Migration and Deployment Wizard. However, as soon as they check in and see a package there with a different feature set, they will download and install that package. More than likely there is a package with a full feature set assigned to that group. Make sure to check all your other gorups as well.

As requested before, please post the SEP_INST.log.

did u try out the steps mentioned by Kedar reg. the setaid.ini file?

Yes there were install packs assigned to the client groups. I removed them from the group.

I updated to MP2.

I created a new install pack from MP2. Installed on 2 machines so far and after calling back to the server to get updates and a reboot, NTP is not installed. I am pushing it out to the rest of my test machines right now. I anticipate the problem is resolved.

Good for you sir, we didnt encounter this error with mp1a. We are still on mp1a and maybe will upgrade to mp2 after a few months..