Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Failed SEP installs?

Jump to Best Answer

1. Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 14, 2009 04:26 PM

Reply Reply Privately
I've run into an issue with SEP installations.

In particular, we pushed SEP via SCCM. The install does go thru however the PC does not show up in SEPM and when I check the PC it shows the yellow shield but no green dot to indicate it is managed. I've reinstalled, ran cleanwipe, even tried sylink drop to replace sylink but it will not managed. This user does have an ecrypted drive so I'm not sure that matters. If I need to post more info, please let me know but I'm at a loss for the cause of this. Event logs don't give me much info either
2. RE: Failed SEP installs?

0 Recommend
Migration User
Posted Oct 14, 2009 04:39 PM

Reply Reply Privately
What version of SEPM have you installed the latest is 11.0.5002.xxx

As SEPM would be installed on port 8014 so are you able to telnet from the client to the server on port 8014. Is the windows firewall ON.
Will it be possible for you to run Sylinkmonitor and post the logs here.
https://www-secure.symantec.com/connect/articles/how-capture-sep-sepm-communication-logs-sylinkmonitor-mr3-onwards-troubleshooting-communica

On the client if you go to help and support-- troubleshooting
does it point to right group
server status shows offline or self-managed.
3. RE: Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 14, 2009 04:53 PM

Reply Reply Privately
Probably a dumb question but it there an attach button to attach the logs?
4. RE: Failed SEP installs?

0 Recommend
Migration User
Posted Oct 14, 2009 04:54 PM

Reply Reply Privately
Yes there is edit your first comment or copy paste or use this http://www.2shared.com/
Once you edit your main discussion on the bottom you will see file attachments
5. RE: Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 14, 2009 06:32 PM

Reply Reply Privately
Windows firewall is off. Cannot telnet as it is not allowed for security purposes. Running SEP 11.0.4202.75.
The GROUP is empty
Location awareness disabled
Server shows as offline

Here is the log:

10/14 15:49:14 [4072] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
10/14 15:49:15 [1096] <CheckHeartbeatTimer>====== Heartbeat loop starts at 15:49:15 ======
10/14 15:49:15 [1096] <GetOnlineNicInfo>:Netport Count=1
10/14 15:49:15 [1096] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
10/14 15:49:15 [1096] <CalcAgentHashKey>:CH=AD935C470A01128001E5424BA434F4AF100052443-XPLcbi.ch1b.cbiepc.comDD77893E0565E0301AC9E2BF86089E4A
10/14 15:49:15 [1096] <CalcAgentHashKey>:CHKey=DF305CFD38E2E8E29280CCACD8FC596C
10/14 15:49:15 [1096] <CalcAgentHashKey>:C=AD935C470A01128001E5424BA434F4AF100052443-XPLcbi.ch1b.cbiepc.com
10/14 15:49:15 [1096] <CalcAgentHashKey>:CKey=A8C1655CE0AA5391EBD7B51E1E226D7C
10/14 15:49:15 [1096] <CalcAgentHashKey>:UCH=AD935C470A01128001E5424BA434F4AF0ELKINTBCBI.CH1B.CBIEPC.COM00052443-XPLcbi.ch1b.cbiepc.comDD77893E0565E0301AC9E2BF86089E4A
10/14 15:49:15 [1096] <CalcAgentHashKey>:UCHKey=D04372D2C56214DC96EE72BDA972796D
10/14 15:49:15 [1096] <CalcAgentHashKey>:UC=AD935C470A01128001E5424BA434F4AF0ELKINTBCBI.CH1B.CBIEPC.COM00052443-XPLcbi.ch1b.cbiepc.com
10/14 15:49:15 [1096] <CalcAgentHashKey>:UCKey=2D0496AF4EC138CA1F646B042923707E
10/14 15:49:15 [1096] <DoHeartbeat>HardwareID=DD77893E0565E0301AC9E2BF86089E4A
10/14 15:49:15 [1096] <DoHeartbeat>CHKey=DF305CFD38E2E8E29280CCACD8FC596C
10/14 15:49:15 [1096] <DoHeartbeat>CKey=A8C1655CE0AA5391EBD7B51E1E226D7C
10/14 15:49:15 [1096] <DoHeartbeat>UCHKey=D04372D2C56214DC96EE72BDA972796D
10/14 15:49:15 [1096] <DoHeartbeat>UCKey=2D0496AF4EC138CA1F646B042923707E
10/14 15:49:15 [1096] <DoHeartbeat> Set heartbeat event
10/14 15:49:15 [1096] Use new configuration
10/14 15:49:15 [1096] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 15:49:15 ======
10/14 15:49:16 [1096] HEARTBEAT: Check Point 1
10/14 15:49:16 [1096] <GetFirstSEMServer> Selecting a random server
10/14 15:49:16 [1096] <GetFirstServer> Using server '10.1.18.128'
10/14 15:49:16 [1096] HEARTBEAT: Check Point 2
10/14 15:49:16 [1096] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
10/14 15:49:16 [1096] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
10/14 15:49:16 [1096] HEARTBEAT: Check Point 3
10/14 15:49:16 [1096] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
10/14 15:49:16 [1096] HEARTBEAT: Check Point 4
10/14 15:49:16 [1096] <RegHeartbeatProc>===Registration STAGE===
10/14 15:49:16 [1096] <MakeRegisterData:>logon id (domain/user)=CBI.CH1B.CBIEPC.COM/ELKINTB
10/14 15:49:16 [1096] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.85786E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41ABCB8PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6bbb46p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:16 [1096] <SyLink>[MakeRegisterData] registration Hardware Key=DD77893E0565E0301AC9E2BF86089E4A
10/14 15:49:16 [1096] ************Reg CSN=35
10/14 15:49:16 [1096] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1343
s_session_id: DD77893E0565E0301AC9E2BF86089E4A
Sygate-SSN: 35
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.83885E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41AA9C0PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6a84c6p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:16 [1096] <SendRegistrationRequest:>http://10.1.18.128:80 [encrypted data]
10/14 15:49:16 [1096] <ParseErrorCode:>0=>Unknown error code.
10/14 15:49:16 [1096] <SendRegistrationRequest:>SMS return=0
10/14 15:49:16 [1096] <ParseHTTPStatusCode:>0=>Uninterpreted Status
10/14 15:49:16 [1096] <SendRegistrationRequest:>ERR to query content length
10/14 15:49:16 [1096] <SendRegistrationRequest:>Content Lenght =>
10/14 15:49:16 [1096] HTTP returns status code=0
10/14 15:49:16 [1096] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
10/14 15:49:16 [1096] <SendRegistrationRequest:>COMPLETED, returned 5
10/14 15:49:16 [1096] HEARTBEAT: Check Point 5.1
10/14 15:49:16 [1096] <RegHeartbeatProc>switch to another server
10/14 15:49:16 [1096] HEARTBEAT: Check Point 9
10/14 15:49:16 [1096] HEARTBEAT: Check Point 8
10/14 15:49:16 [1096] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
10/14 15:49:16 [1096] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
10/14 15:49:16 [1096] HEARTBEAT: Check Point 1
10/14 15:49:16 [1096] HEARTBEAT: Check Point 2
10/14 15:49:16 [1096] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
10/14 15:49:16 [1096] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
10/14 15:49:16 [1096] HEARTBEAT: Check Point 3
10/14 15:49:16 [1096] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
10/14 15:49:16 [1096] HEARTBEAT: Check Point 4
10/14 15:49:16 [1096] <RegHeartbeatProc>===Registration STAGE===
10/14 15:49:16 [1096] <MakeRegisterData:>logon id (domain/user)=CBI.CH1B.CBIEPC.COM/ELKINTB
10/14 15:49:16 [1096] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.85786E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41ABCB8PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6bbb46p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:16 [1096] <SyLink>[MakeRegisterData] registration Hardware Key=DD77893E0565E0301AC9E2BF86089E4A
10/14 15:49:16 [1096] ************Reg CSN=36
10/14 15:49:16 [1096] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1343
s_session_id: DD77893E0565E0301AC9E2BF86089E4A
Sygate-SSN: 36
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.83885E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41AA9C0PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6a84c6p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:16 [1096] <SendRegistrationRequest:>http://Plainfield-sep1:80 [encrypted data]
10/14 15:49:16 [1096] <ParseErrorCode:>0=>Unknown error code.
10/14 15:49:16 [1096] <SendRegistrationRequest:>SMS return=0
10/14 15:49:16 [1096] <ParseHTTPStatusCode:>0=>Uninterpreted Status
10/14 15:49:16 [1096] <SendRegistrationRequest:>ERR to query content length
10/14 15:49:16 [1096] <SendRegistrationRequest:>Content Lenght =>
10/14 15:49:16 [1096] HTTP returns status code=0
10/14 15:49:16 [1096] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
10/14 15:49:16 [1096] <SendRegistrationRequest:>COMPLETED, returned 5
10/14 15:49:16 [1096] HEARTBEAT: Check Point 5.1
10/14 15:49:16 [1096] <RegHeartbeatProc>switch to another server
10/14 15:49:16 [1096] HEARTBEAT: Check Point 9
10/14 15:49:16 [1096] HEARTBEAT: Check Point 8
10/14 15:49:16 [1096] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
10/14 15:49:16 [1096] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
10/14 15:49:17 [1096] HEARTBEAT: Check Point 1
10/14 15:49:17 [1096] HEARTBEAT: Check Point 2
10/14 15:49:17 [1096] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
10/14 15:49:17 [1096] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
10/14 15:49:17 [1096] HEARTBEAT: Check Point 3
10/14 15:49:17 [1096] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
10/14 15:49:17 [1096] HEARTBEAT: Check Point 4
10/14 15:49:17 [1096] <RegHeartbeatProc>===Registration STAGE===
10/14 15:49:17 [1096] <MakeRegisterData:>logon id (domain/user)=CBI.CH1B.CBIEPC.COM/ELKINTB
10/14 15:49:17 [1096] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.85786E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41ABCB8PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6bbb46p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:17 [1096] <SyLink>[MakeRegisterData] registration Hardware Key=DD77893E0565E0301AC9E2BF86089E4A
10/14 15:49:17 [1096] ************Reg CSN=37
10/14 15:49:17 [1096] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1343
s_session_id: DD77893E0565E0301AC9E2BF86089E4A
Sygate-SSN: 37
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.83885E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41AA9C0PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6a84c6p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:17 [1096] <SendRegistrationRequest:>http://10.1.18.170:8014 [encrypted data]
10/14 15:49:17 [1096] <ParseErrorCode:>0=>Unknown error code.
10/14 15:49:17 [1096] <SendRegistrationRequest:>SMS return=0
10/14 15:49:17 [1096] <ParseHTTPStatusCode:>0=>Uninterpreted Status
10/14 15:49:17 [1096] <SendRegistrationRequest:>ERR to query content length
10/14 15:49:17 [1096] <SendRegistrationRequest:>Content Lenght =>
10/14 15:49:17 [1096] HTTP returns status code=0
10/14 15:49:17 [1096] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
10/14 15:49:17 [1096] <SendRegistrationRequest:>COMPLETED, returned 5
10/14 15:49:17 [1096] HEARTBEAT: Check Point 5.1
10/14 15:49:17 [1096] <RegHeartbeatProc>switch to another server
10/14 15:49:17 [1096] HEARTBEAT: Check Point 9
10/14 15:49:17 [1096] HEARTBEAT: Check Point 8
10/14 15:49:17 [1096] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
10/14 15:49:17 [1096] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
10/14 15:49:17 [1096] HEARTBEAT: Check Point 1
10/14 15:49:17 [1096] HEARTBEAT: Check Point 2
10/14 15:49:17 [1096] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
10/14 15:49:18 [1096] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
10/14 15:49:18 [1096] HEARTBEAT: Check Point 3
10/14 15:49:18 [1096] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
10/14 15:49:18 [1096] HEARTBEAT: Check Point 4
10/14 15:49:18 [1096] <RegHeartbeatProc>===Registration STAGE===
10/14 15:49:18 [1096] <MakeRegisterData:>logon id (domain/user)=CBI.CH1B.CBIEPC.COM/ELKINTB
10/14 15:49:18 [1096] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.85786E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41ABCB8PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6bbb46p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:18 [1096] <SyLink>[MakeRegisterData] registration Hardware Key=DD77893E0565E0301AC9E2BF86089E4A
10/14 15:49:18 [1096] ************Reg CSN=38
10/14 15:49:18 [1096] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1343
s_session_id: DD77893E0565E0301AC9E2BF86089E4A
Sygate-SSN: 38
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="AD935C470A01128001E5424BA434F4AF" AgentType="105" UserDomain="CBI.CH1B.CBIEPC.COM" LoginUser="ELKINTB" ComputerDomain="cbi.ch1b.cbiepc.com" ComputerName="00052443-XPL" PreferredGroup="Myompany    ‹Default        6.83885E-289roup" PreferredMode="1" HardwareKey="DD77893E0565E0301AC9E2BF86089E4A" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CBI.CH1B.CBIEPC.COM" LogonUser="ELKINTB" HostDomain="cbi.ch1b.cbiepc.com" HostName="00052443-XPL" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="5.1.2600" Desc="Windows             41AA9C0PProfessional" Type="17105154" ServicePack="ServicePack"/>
<Processor ProcessorType="x86     0x1.6a84c6p+536mily%20Model%20Stepping" ProcessorClock="2526" ProcessorNum="2"/>
<Memory Size="2134736896"/>
<BIOS Version="DELL%20-
<TpmDevice Id="0"/>
<SSAProfile Version="0.0.0" SerialNumber=""/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="360" />
<DNSs><DNS Address="10.1.170.38"/><DNS Address="10.1.170.16"/></DNSs>
<WINSs><WINS Address="10.1.17.128"/><WINS Address="10.15.31.16"/></WINSs>
<DHCPServer Address="10.1.170.38"/><SSANICs><SSANIC Ip="10.1.174.75" Mac="00-21-70-d7-ca-80" Gateway="10.1.174.254" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
10/14 15:49:18 [1096] <SendRegistrationRequest:>http://plainfield-sep3:8014 [encrypted data]
10/14 15:49:18 [1096] <ParseErrorCode:>0=>Unknown error code.
10/14 15:49:18 [1096] <SendRegistrationRequest:>SMS return=0
10/14 15:49:18 [1096] <ParseHTTPStatusCode:>0=>Uninterpreted Status
10/14 15:49:18 [1096] <SendRegistrationRequest:>ERR to query content length
10/14 15:49:18 [1096] <SendRegistrationRequest:>Content Lenght =>
10/14 15:49:18 [1096] HTTP returns status code=0
10/14 15:49:18 [1096] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
10/14 15:49:18 [1096] <SendRegistrationRequest:>COMPLETED, returned 5
10/14 15:49:18 [1096] HEARTBEAT: Check Point 5.1
10/14 15:49:18 [1096] <ScheduleNextUpdate>new scheduled heartbeat=64 seconds
10/14 15:49:18 [1096] HEARTBEAT: Check Point 8
10/14 15:49:18 [1096] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
10/14 15:49:18 [1096] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
10/14 15:49:18 [1096] <RegHeartbeatProc>====== Registration Procedure stops at 15:49:18 ======
10/14 15:49:18 [1096] HEARTBEAT: Check Point 10
10/14 15:49:18 [1096] HEARTBEAT: Check Point Complete
10/14 15:49:18 [1096] <RegHeartbeatProc>Done, Heartbeat=64seconds
10/14 15:49:18 [1096] HeartbeatProcFailed to get profile with proxy setting 2
10/14 15:49:18 [1096] <CheckHeartbeatTimer>====== Heartbeat loop stops at 15:49:18 ======
6. RE: Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 14, 2009 06:35 PM

Reply Reply Privately
Location of log file: http://www.2shared.com/file/8438252/917f206e/sep_log.html

Server shows as offline
Group shows nothing
Location awareness is disabled

Firewall is off and cannot telnet due to security policy
7. RE: Failed SEP installs?

0 Recommend
Peterpan
Posted Oct 14, 2009 08:10 PM

Reply Reply Privately
hi try this link hop it can help you.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008100811312148
8. RE: Failed SEP installs?

0 Recommend
Migration User
Posted Oct 15, 2009 04:36 AM

Reply Reply Privately
Log shows
SMS return=0
and SEP is looking for port 80 for SEPM.
Is your SEP manager installed on port 80 or 8014 and what is the version of SEP you are using 11.0.xxxx.xxxx ?
9. RE: Failed SEP installs?

0 Recommend
Migration User
Posted Oct 15, 2009 07:12 AM

Reply Reply Privately
Hi,

Although you have mentioned that the Eventvwr on the Client does not help much. However, I would appreciate if you could paste the error that we get after the Installation.

Do you get any group policy error messages in the event viewer, prior to or before the installation of SEP client ?

I would also like to know did we have SAV earlier installed on the same client and on how many machines are we facing this kind of issue?
10. RE: Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 15, 2009 08:21 AM

Reply Reply Privately
Here is the error I got after pushing from SCCM:

"TruScan has generated an error: code 11: description: Whitelist Failure"

According to the event log, SEP install appeared to be successful as I saw in the eventlog:

"Symantec Endpoint Protection services startup was successful"

But an hour later I got the first error message mentioned above.

Yes, SAV previously on this machine and was removed during the SCCM install
11. RE: Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 15, 2009 08:28 AM

Reply Reply Privately
SEPM is on 8014. We are running version 11.0.4202.75
12. RE: Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 15, 2009 06:08 PM

Reply Reply Privately
If the SEP client is looking for port 80, is there a way to point it to the correct SEPM port instead of 80?
13. RE: Failed SEP installs?

0 Recommend
Migration User
Posted Oct 15, 2009 06:50 PM

Reply Reply Privately
Create a new package from SEPM
using "Remove Previous logs and setting reset client server communication"
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008052008163148
this will have a new sylink.xml and once this package is pushed the client should connect to the sepm.

your log shows
""SendRegistrationRequest:>http://10.1.18.128:80 [encrypted data]
10/14 15:49:16 [1096] <ParseErrorCode:>0=>Unknown error code.

10/14 15:49:16 [1096] <SendRegistrationRequest:>SMS return=0

10/14 15:49:16 [1096] <ParseHTTPStatusCode:>0=>Uninterpreted Status

10/14 15:49:16 [1096] <SendRegistrationRequest:>ERR to query content length""

"""SendRegistrationRequest:>http://Plainfield-sep1:80 [encrypted data]
10/14 15:49:16 [1096] <ParseErrorCode:>0=>Unknown error code.

10/14 15:49:16 [1096] <SendRegistrationRequest:>SMS return=0

10/14 15:49:16 [1096] <ParseHTTPStatusCode:>0=>Uninterpreted Status

10/14 15:49:16 [1096] <SendRegistrationRequest:>ERR to query content length""

Also once again check on what port is the client configured

in SEPM-Policy-polic components-Management server list--Edit Default management server list ( the list which would be appllied to all the groups )
check does it shows 8014 or just 80
14. RE: Failed SEP installs?

0 Recommend
ℬrίαη
Posted Oct 16, 2009 01:00 PM

Reply Reply Privately
I noticed an another error in the evntlog:

The Group Policy client-side extension Security failed to execute. Please look for any errors reported earlier by that extension.
15. RE: Failed SEP installs?

0 Recommend
Migration User
Posted Oct 16, 2009 03:28 PM

Reply Reply Privately
Can you open the sylink.xml file and check what port is listed over there ?
16. RE: Failed SEP installs?
Best Answer

0 Recommend
ℬrίαη
Posted Oct 22, 2009 02:44 PM

Reply Reply Privately
This fix solved my issue:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/012986c18a2387b88825750c007870b9?OpenDocument

Thanks for all you help!

Endpoint Protection

Failed SEP installs?

ℬrίαηOct 14, 2009 04:26 PM

Migration UserOct 14, 2009 04:39 PM

ℬrίαηOct 14, 2009 04:53 PM

Migration UserOct 14, 2009 04:54 PM

ℬrίαηOct 14, 2009 06:32 PM

ℬrίαηOct 14, 2009 06:35 PM

PeterpanOct 14, 2009 08:10 PM

Migration UserOct 15, 2009 04:36 AM

Migration UserOct 15, 2009 07:12 AM

ℬrίαηOct 15, 2009 08:21 AM

ℬrίαηOct 15, 2009 08:28 AM

ℬrίαηOct 15, 2009 06:08 PM

Migration UserOct 15, 2009 06:50 PM

ℬrίαηOct 16, 2009 01:00 PM

Migration UserOct 16, 2009 03:28 PM

ℬrίαηOct 22, 2009 02:44 PMBest Answer

1. Failed SEP installs?

2. RE: Failed SEP installs?

3. RE: Failed SEP installs?

4. RE: Failed SEP installs?

5. RE: Failed SEP installs?

6. RE: Failed SEP installs?

7. RE: Failed SEP installs?

8. RE: Failed SEP installs?

9. RE: Failed SEP installs?

10. RE: Failed SEP installs?

11. RE: Failed SEP installs?

12. RE: Failed SEP installs?

13. RE: Failed SEP installs?

14. RE: Failed SEP installs?

15. RE: Failed SEP installs?

16. RE: Failed SEP installs? Best Answer

16. RE: Failed SEP installs?
Best Answer