Endpoint Protection Manager - clients missing
Updated: 21 May 2010 | 30 comments
This issue has been solved. See solution.
Client not listed in Manager after installation. I have deployed the client using the "Migration and Deployment wizard". The client is installed and I can verify by RTVscan.exe in the processes, listed in Add/Remove programs, and program group in the start menu. I try to launch Endpoint Protection from the client and I get "The network administrator has disabled the Symantec Endpoint Protection main user interface. So I believe that is connecting to the management server. I have searched the clients and don't find it in any groups. Not listed under the Monitor Logs either. Any help would be greatly appreciated.
discussion Filed Under:
Comments
Do you see the client shield
Do you see the client shield on the right hand bottom corner of the system.
If yes then does it have a green ball on it.
What is your Server OS? Is the firewall on the server turned Off?
Do you have muliple Domain on the SEPM?
I don't see the shield in the
I don't see the shield in the right hand bottom corner.
Server is 2003 standard sp2. Firewallis off.
Single domain.
Thanks.
Is this a upgrade from
Is this a upgrade from SAV?
Do you have any Group Policy restriction on smc service ?
Would suggest you to un-install SEP from add/remove
Delete all symantec folders C:\Program Files\Symantec
C:\Program Files\Symantec Antivirus or Endpoint Protection or Client Security
C:\Program Files\Common Files\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Symantec
Reboot your computer then deploy SEP again.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
This is an upgrade from SEP
This is an upgrade from SEP 11.04 to 11.05
Don't think there are any group policy that has to do with smc service.
I will try your suggestion thanks.
Client Communication
In the SEPM console create a new msi package with the required features and then try pushing to the client machine in question. I have attached some screen shots ensure that the settings are right.
Uncheck Create a single.exe option this would create an MSI file
Thanks & Regards Sandip C Sali
I think there is some
I think there is some communication
issues with client and SEPM..
"The network
administrator has disabled the Symantec Endpoint Protection main user interface"
means the client got that policy .This can happen in two ways .One way is after
communicating to SEPM and other way is while creating the package /sylink file
this policy was present in SEPM .So we cannot tell because of the presence of
this policy client SEPM communication is ok..
Below article can help you in
trouble shooting communication...
Troubleshooting Client
Communication
https://www-secure.symantec.com/connect/articles/troubleshooting-client-commuincation
Also assure that all the req. communication
ports are available Refer below doc for details about ports
Which communication ports
does Symantec Endpoint Protection 11.0 use?
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Do you have multiple domains
Do you have multiple domains inside SEPM,
If yes, then open SEPM and goto Admin -> Domain,
Then try to administer different domain and check whether you see the client.
have you check from the SEP
have you check from the SEP client if where the client group located, and check if the client are connected to server? may I ask if you have only one SEPm server in your environment
:-)
That is the problem, the
That is the problem, the client can't be found in any groups. I don't know how to check communication without the SEP icon. Normally I would go into Help and Support and choose troubleshooting. When I do the install I am choosing the package that I created with the new 11.5 client. Anti-virus and anti-spyware only. I unchecked the singe .exe and am removing the logs. Worked fine before I added the new 11.5 client.
Used the bellow test with problem machine
Used the bellow test with correct server information. I get "OK"
http://<SEPM_Server_IP_or_Machine_Name:Port>/secars?hello,secars
This is the wrong information. That server is the old Management server. Has been decommissioned for months and not in use. Can this be changed? I would like to do this on the server side so new installations will work.
Used the bellow test with
duplicate
Used the bellow test with
duplicate
Addional Information
If I go to the SEP Managment Console, and right click a group and export communication settings. The wrong server is listed when I edit the sylink.xml file.
Then your issue is with
Then your issue is with management server list. You check in
the console whether a management server list is available with your working
SEPM IP or not. If present assign it to the group(s) which you required and export
communication settings again and replace this sylink file in client.. If such a management list is not present you
have to create it. The below doc can help you in this(for assigning &creating)
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/e2ac3b646ae21969882573c20063533f?OpenDocument
Also verify that all parameters (server ip, port no etc.) also
correct in sylink file .If it is wrong below doc can help you in correcting
that errors..
http://service1.symantec.com/support/ent-security.nsf/docid/2008110609050348?Open&seg=ent
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
An addition to my above post
For checking which are the management server lists present
In the Symantec Endpoint Protection Manager console, click
Policies .
In the Policies page, under View Policies, click Policy
Components > Management Server Lists.
For checking/changing the management server list for a particular
group(This is an easy method for checking/changing the management server list
if you want to change the management server list of one or two groups and you
are having plenty of groups in the
server)
In SEPM go to clients
Select the group you required to change the settings
Go to policies tab which you can see in right side as a tab
Click on communication settings
Here it will show the current management server list which
is applied for this group
You can use the dropdown menu for changing the management
server list...
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
management server
Thanks.
<?xml version="1.0" encoding="UTF-8"?>
<ServerSettings DomainId="1626612CC0A8014B0115632D08AF4B9B" NameSpace="rpc">
<CommConf>
<AgentCommunicationSetting AlwaysConnect="1" CommunicationMode="PUSH" DisableDownloadProfile="0" Kcs="B0B6DC2F57D3ECE4C0E152586DE37D82" PushHeartbeatSeconds="300" RandomizationEnabled="1" RandomizationRange="300" UploadCmdStateHeartbeatSeconds="300" UploadLearnedApp="0" UploadLogHeartbeatSeconds="300" UploadOpStateHeartbeatSeconds="300"/>
<ServerList Name="Update Management Server List">
<ServerPriorityBlock Name="Priority1">
<Server Address="192.168.1.233" HttpPort="8014" HttpsVerifyCA="0" VerifySignatures="1"/>
</ServerPriorityBlock>
</ServerList>
<ServerCertList>
<Certificate Name="fmca-utils">MIICPjCCAacCBEgYu5gwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRAwDgYDVQQHEwdGcmVtb250MRUwEwYDVQQKEwxzeW1hbnRlYy5jb20xDDAKBgNVBAsTA3NjbTET
MBEGA1UEAxMKZm1jYS11dGlsczAeFw0wODA0MzAxODM0MDBaFw0xODA0MjgxODM0MDBaMGYxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHRnJlbW9udDEVMBMGA1UEChMMc3ltYW50
ZWMuY29tMQwwCgYDVQQLEwNzY20xEzARBgNVBAMTCmZtY2EtdXRpbHMwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAMW3NVamQxSe4R4S+Dryu8PLM5u6Gx9aQVPhs/bVVxQAtFgUu2I8Ap1RPF8V
TrRNUSP20LJ+rjiPq2mJyvb259Y/UmWb8PZnaVR18pqhzTdM8xCMHJEasSRZjlrowbY/dAhiuSFo
+6VnJ20NrCYtGmEygAz4LP+Pf16iTeiiVrV9AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAiEURH5yl
acdN4zSkbfomaCj/aJszNkNZdNjKGAQcLL4cFhSoz9LnYtXyUOMLiZxoYkH0IUZ/GMctbIpWdANV
Zvij0zO1quZhye65aVsX78QWr4kVkqZvRnj1G9V04RJoAnZ6BciQJ0kcJLmgFEMlztFNzwsT5+2t
Vl7iE1zncHQ=
</Certificate>
<Certificate Name="update">MIICNjCCAZ8CBEpggTcwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRAwDgYDVQQHEwdGcmVtb250MRUwEwYDVQQKEwxzeW1hbnRlYy5jb20xDDAKBgNVBAsTA3NjbTEP
MA0GA1UEAxMGdXBkYXRlMB4XDTA5MDcxNzEzNDgzOVoXDTE5MDcxNTEzNDgzOVowYjELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdGcmVtb250MRUwEwYDVQQKEwxzeW1hbnRlYy5j
b20xDDAKBgNVBAsTA3NjbTEPMA0GA1UEAxMGdXBkYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDDobQ40s9SJP6SM1UutEzJyke8qqN/RpfD9R0qmAd0yHjU9q4vMXgFMeqOENEVN+5bqFB2
L9+9E4m+1dnX13jzWxIggWk/yyVOItMoviZOQJYG7vUisDhpWWpJv4y0cmBdss5mYVG1WRdpm+ee
EhSH67+qpnS9tJJsxrk8WFzsIQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFQCAQpXm8kWARtG8awF
ch5ONOec95tB+7lgM+lRd5F4cMab5kQjPaktzNpFCLm2OErYXYds1YcaGlACjAf669RnUV3Gx8Te
yd1qDahsXoW9Gsm5/IXMI6Xxfwe7NF137Sa169ZS32acl9uIyGzviyw+w2Up01Qp8ntczDGVicaV
</Certificate>
</ServerCertList>
<LogSetting MaxLogRecords="100" SendingLogAllowed="1" UploadProcessLog="1" UploadRawLog="1" UploadSecurityLog="1" UploadSystemLog="1" UploadTrafficLog="1"/>
<RegisterClient PreferredGroup="My Company" PreferredMode="1"/>
</CommConf>
</ServerSettings>
Right click on the server
Right click on the server management server list edit it
.Remove the name keep only the IP and export sylink once again ,put it in client and see whether it is communicating or not (In the sylink file old name may appear once gain.Any way try by replacing the sylink in the client)
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Default Management Server List for My Site
Thank you for the help. I now know the problem lies in the Management Server list. Is there a way to edit "Default Management Server List for My Site" That is where the old server is listed. Won't let edit or delete.
If my above suggestion not
If my above suggestion not helps try by reconfiguring the
server.(Believing you are having latest backup. If no take the backup before reconfiguring) It will be more better if you can give the old server name to this
server if you don't have other clients which is working with this SEPM..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
If you are facing this
If you are facing this problem immediately after the changing
the SEPM server refer the below doc
How do I move Symantec Endpoint Protection Manager from one
server to another with a different IP address and host name?
http://service1.symantec.com/support/ent-security.nsf/docid/2008031204405448
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
You cannot edit or delete
You cannot edit or delete Default Management server list.
However Create a new Management server list Add the servers,IPs the Priorities then assign them to the groups you want.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Create a new management
Create a new management
server list .Below doc can help you in this
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/e2ac3b646ae21969882573c20063533f?OpenDocument
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
An addition to my above post
While creating the management server list you have to specify the port number of the server , the port which clients are using for the communication. According to the present sylink file which you pasted here it is 8014. Any way before creating new management server list just verify it with server.xml which will be present in \Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\conf
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
server.xml
Not sure which one is correct? I don't see port 8014 in the server.xml. Is it ok to edit that file and change port numbers? Which one needs to be change?
Thanks.
<?xml version="1.0" encoding="UTF-8"?>
<Server debug="0" port="8005" shutdown="CA6BEA42C0A801E900200BDE2A81AEA8">
<Service name="SCM">
<Connector Server="Hidden" acceptCount="100" className="org.apache.coyote.tomcat4.CoyoteConnector" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" maxProcessors="75" minProcessors="5" port="9090" redirectPort="443" useURIValidationHack="false"/>
<Connector Server="Hidden" acceptCount="100" className="org.apache.coyote.tomcat4.CoyoteConnector" debug="0" disableUploadTimeout="true" enableLookups="false" maxProcessors="75" minProcessors="5" port="8443" scheme="https" secure="true" useURIValidationHack="false">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" keystoreFile="D:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks" keystorePass="vk7f50IQT$gVfeOe" protocol="TLS"/>
</Connector>
<Engine debug="0" defaultHost="localhost" name="scm">
<Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
<Host appBase="webapps/scm" autoDeploy="false" debug="0" name="localhost" unpackWARs="true">
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/>
<Context crossContext="true" debug="0" docBase="" path="" reloadable="false">
<Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_scm_log." suffix=".txt" timestamp="true"/>
<Resource auth="Container" name="jdbc/metadatabase" type="javax.sql.DataSource"/>
<ResourceParams name="jdbc/metadatabase">
<parameter>
<name>factory</name>
<value>com.sygate.scm.pool.ScmDataSourceFactory</value>
</parameter>
<parameter>
<name>driverClassName</name>
<value>com.sybase.jdbc2.jdbc.SybDriver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:sybase:Tds:localhost:2638/?JCONNECT_VERSION=5</value>
</parameter>
<parameter>
<name>username</name>
<value>DBA</value>
</parameter>
<parameter>
<name>password</name>
<value>{DES}duFFjBnhsuoDaHLgaPF25g==</value>
</parameter>
<parameter>
<name>maxActive</name>
<value>150</value>
</parameter>
<parameter>
<name>maxIdle</name>
<value>50</value>
</parameter>
<parameter>
<name>maxWait</name>
<value>30000</value>
</parameter>
<parameter>
<name>validationQuery</name>
<value>SELECT count(*) FROM CONNECTION_TEST</value>
</parameter>
<parameter>
<name>testOnReturn</name>
<value>true</value>
</parameter>
</ResourceParams>
</Context>
</Host>
</Engine>
</Service>
</Server>
Go to IIS manger Select
Go to IIS manger Select
website which is used by SEPM go to
properties of it .There you will get the port no..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
You can leave the server.xml
You can leave the server.xml as it is..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Open regedit, go
Open regedit, go here:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Change the key "GlobalUserOffline" from a 1 to a 0
Open run and type smc -stop then open run again and type smc -start and see if the green dot comes up
Endpoint Knowledge Base
Security Best Practices
Thanks for all your help AravindKM
Thanks for all the help you provided. I like to see the help of IT community.
Happy to hear that your
Happy to hear that your
problem got solved.
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
have same problem with sep
have same problem with sep manager installed on w2008r2(x64) server.
it was firewall !!!
Would you like to reply?
Login or Register to post your comment.