Endpoint Protection

Hello,

I am using SEPM 11.0.5002.333 and I am managing several thousands of clients. The SEPM server is a Windows Server 2008 R2 Standard and most of the clients are Windows 7 clients.

Since a few days ago I noticed that I can not find some clients by going to Clients-> select the appropriate group -> Search. I know that these clietns exist in the database because I am able to find them in the Monitors logs: Monitors->Logs->Advanced Settings->fill in the "Computer" field with the computer name.

I am also able to send commands to the clients from the Log page and the clients receive it and report back to the SEPM server.

The SyLink.xml file looks the same as on the working clients, the client is communicating with the SEPM server and it is switching locations according to the location criteria. Please note that we are talking about cleiints that switch locations every day, even several times a day.

The SEPM server was rebooted and this did not fix the problem. There were no errors in the Event Log.

Can anyone give me any information about the possible cause of this behavior?

Thank you.

I have seen this with clients which are unsupported (eg MR4.x on Win 7 or W2k8 R2). I think you need RU7 for support of Win 7 SP1 - someone will have the supported versions list at hand.

You can find any affected clients from Monitors, Logs, Computer Status, Advanced Settings, Operating System - All Non-Windows. You may have to subtract any Mac and Linux entries, but what remains is a list of Windows machines with unsupported clients. Upgrade to RU7 MP1 will correct the DB entry and make the clients visible in their respective groups.

If i get it right, you will get an empty log when pulled from reporting console, but when you pull the same log from local GUI, you get the information.

check the log retention settings in SEPM. Admin > serversright click on site > edit properties > log settings.

Hi,

You are able to see the clients in reports but not in SEPM console even after using "search client".

This would mean syncronization is not proper between SEPM and the database.

I am sure you will have entries in database for these clients thats why the commands are reaching clients and they are uploading the information back to SEPM.

We cannot delete the clients directly from database as Symantec does not recommend it. We have other options to delete them from SEPM which I would not recommend as its a huge network.

1) Check ODBC and run "Management server configuration wizard".

2) If it does not work then try to repair SEPM which will run MSCW again.

I would recommend you to upgrade SEPM to the latest one after following a proper DR procedure.

One more important point .

I am sure you must have updated Win7 with Sp1 . If yes then following link would ask you to upgrade SEP on all Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1

Support for Symantec Endpoint Protection on Microsoft Windows 7 and Windows Server 2008 R2 Service Pack 1

http://www.symantec.com/business/support/index?page=content&id=TECH167664

Thank you for your answer. I will try the steps you have suggested, but it will take a while until I will have an answer. I will let you know if that helped as soon as I can.

We have not encountered this problem until 2 weeks ago.

Do you have any idea what could cause the communication problem between SEPM and the database?

Hi.

We have Win7 SP1 x64 clients using v11 RU6 MP3 and they are displaying nicely in the console.

Not saying this is the not possible, just unlikely.

I attach a screenshot of the console. This is the Monitor, Logs, Client Status view, filtered for "Non-Windows" operating systems. It returns three Windows 7 64 bit and one Windows Server 2008 R2 client which are not visible in their respective groups in the console. These clients are running MR4 MP2 which is not supported on these operating systems, and we have established that similar clients upgraded to RU7 MP1 (a supported client on this OS) immediately becomes visible in the console.

We will soon deploy SP1 so we decided to upgrade the SEP Manager and clients to the 12.1 version in order to prevent any problems.

Thank you for your support.