Endpoint Protection

 View Only

  • 1.  Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Feb 27, 2015 09:57 AM

    Symantec Endpoint protection

    Error 1317.  An error occurred while attempting to create the directory C:\ProgramData\Microsoft\Windows\Start Menu

    Retry  Cancel

     

    New, old local admin accounts.  AD accounts.  Removed/readded server to AD.

    It's Server 2012r2. 

     

    We tied (many times) to manually install the upgrade.  It was 12.1.4 before, so there's no gap.  Was working fine.

    We get that error message with any account that runs it.

    Applied ownership to the whole c: drive.  No change.

    Tried a server specific installer for SEP.  Tried the user/client SEP installer.  No change.

    Ran a disk check on the server yesterday.  sfc /scannow.  No change.

     

    I'll try uninstalling the whole SEP.  Then reinstall this upgrade I guess.  After a checkpoint....

     



  • 2.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Feb 27, 2015 09:59 AM
    Please run the symhelp tool on it to see what shows up


  • 3.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Feb 27, 2015 10:10 AM

    No luck there.  Made a checkpoint.  Tried uninstalling SEP. 

    Symantec Endpoint Protection

    Error 1326.  Error getting file security:

    C:\ProgramData\Microsoft\Winodws\GetLastError:5

     

    So it won't even let me uninstall it either.  It's like all the admin accounts on have some admin rights.  Not really an SEP thing.

     



  • 4.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Mar 11, 2015 09:16 AM

    Update -- We ended up just prepping a new server.  Something was botched with admin rights completely working.  Cause?  Who knows?  Solution -- Redo the whole thing.  Problem solved.



  • 5.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Apr 10, 2015 03:27 PM

    Dang, this is happening again, but with a user machine.  Dual boot macbook, windows side.  Mac side is Mavericks.  Win 7, all updated.

     

    Looks like it tried to apply the 12.1.5337 upgrade but failed.  I noticed SEP was missing from the programs list.  When I tried to install it from the standalone exe I got this error message...

    Symantec Endpoint Protection

    Error 1310.  Error writing to file: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\regid 1992-12.com.symantec_SEP.swidtag.  Verify that you have access to that directory.

     

    Same deal as the server... I'm an admin on the machine, but can't change security settings in c:\windows\system32\drivers.  I tried a local admin account, same result.

     

    Ran the symehlp tool....

    An unexpect installation configuration of Symantec Enpoint Protection was detected

    red x  Disable the Windows AutoRun feature.

    re dx Symantec endpoint proection drivers and services need attention

    yellow ! client to manager communication may not be working

    yellow ! system does not meet the recommednations for symantec endpoint proetction 12.1:remote install

    yellow ! security advisories for endpoint protection client

    yellow ! the installed version of edpoint protection client is not the latest.

    black ? is sonar configured according ot the recommended high security configuation?

    black ? enable intrustion prevnetion system

    green check the system date and time are correct.

    gree check windows firewall configuration

    green  system meets the requirements for symantec endpoint proection 12.1:local install

    green  no directories are taking up excessive drive space

    green  no symantec endpoint protection defition sets are corrupted

     

     

    I thought I was done with this garbage... I don't think reimaging this is an option right now.  I need a solution.

     

    Also odd, the windows side wants to run a check disk.  I think the user probably shut it down or forced it off while it was doing the SEP upgrade possibly.  Except the server didn't have that happen to it.



  • 6.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Apr 10, 2015 03:29 PM

    Brand new local admin account.  Same behavior.

    If I go to c:\users, i can change security settings.

    c:\windows gives me the security shield to require admin rights.  Everything's greyed out.  I don't have admin rights in that spot even though I'm an admin on the machine...



  • 7.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Apr 10, 2015 03:31 PM

    With the new local admin account, I can only edit security for c:\users\thisnewadminaccount.

    I can't edit the other user folders or anything else in c:\

     

    But I can get into the Computer Manager, which would require admin rights.



  • 8.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Apr 10, 2015 03:47 PM

    This doesn't work either.  I can't change anything in the security tab.  Everything's greyed out.

    http://www.symantec.com/business/support/index?page=content&id=TECH166485&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1428695116989x7Wn3dS4I98ndNQf8GY89UE1EmL5gs6D6r01S

     

    And that's with an admin account for sure.  It's just not completely functioning like an admin account.



  • 9.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Apr 10, 2015 03:49 PM

    Odd.  Found something.

     

    Security on the Administors group in the program files x86 folder only has special permissions checked.  It's all greyed out though.



  • 10.  RE: Error 1317 on a server 2012r2 with SEP 12.1.5 upgrade

    Posted Apr 10, 2015 04:21 PM

    Gave up.

     

    Ran check disk, let it run.  Restarted, but the situation is the same. 

    I blew away the Windows partition.  Hopefully the mac side is ok.