Endpoint Protection

 View Only
  • 1.  Installing SEP on clients over different IP ranges

    Posted May 12, 2009 02:22 AM

    Greetings

    Please assist

    I'm using SEP 11.0 and I'm trying to install the client software over 2 IP ranges ( 2 domains), both ranges are class C and both are on the same subnet, the SEPM server has the 2 IP addresses belonging to the 2 ranges
    now on the 1 range I can install to the clients perfectly and they update from SEPM but on the other range they only about 15 installed and updated successfully the other 50 computers install but they dont show up on the SEPM and therefore dont update defenitions. and  proactive threat is disabled.



  • 2.  RE: Installing SEP on clients over different IP ranges

    Broadcom Employee
    Posted May 12, 2009 02:38 AM
    hi,
    check if the clients not getting update are able to communicate with the server

    telnet to server from the client on the symantec website port.

    ping the host name from these machines,aslo try accessing the http://servername:9090 to see if the communication is established.

    Pete!


  • 3.  RE: Installing SEP on clients over different IP ranges

    Posted May 12, 2009 02:55 AM
    hi kcopah,

    Check that clients are able to communicate to server or not.


  • 4.  RE: Installing SEP on clients over different IP ranges

    Posted May 13, 2009 03:02 AM
    Hi Guys thanks for your responses

    I tried  the telnet method both on sever and client but it doesnt connect ( port 2967) then I used the web browser and this is what happened;

    On the one range,( the gateway proxy range ), those that are configured to have internet, it works

    the other range (not configured to have internet) it doesnt connect, so does internet connection have anything to do with this?


  • 5.  RE: Installing SEP on clients over different IP ranges

    Broadcom Employee
    Posted May 13, 2009 03:09 AM

    hi,
    you not able to telnet server on port 2967!!, is this the port used by symantec website??? I guess it's not.

    no need to have internet connecton on client, the only thing client needs to communicate is on the port on which SEPM is running.

    try copying this on the client browser (after including the server name/ip)

    http ://server/secars/secars?hello,secars, let know the outcome.

    Pete!



  • 6.  RE: Installing SEP on clients over different IP ranges

    Broadcom Employee
    Posted May 13, 2009 03:13 AM
    http ://server:port/secars/secars?hello,secars
    is correct one


  • 7.  RE: Installing SEP on clients over different IP ranges

    Posted May 13, 2009 05:25 AM
    Hi pete, again thank you so much for your help


    Ok I've done what you suggested, it works on those that update on both ranges, it obviosly doesnt work on those that dont update, so what could be the possible solution to the problem?? could it be to open that port (9090) if so HOW????


    Thanks in advance


  • 8.  RE: Installing SEP on clients over different IP ranges
    Best Answer

    Posted May 13, 2009 10:37 AM
    Hi,

           Please try the following steps and let us know whether it helped.

    Deploying client software with the network audit utility:-
     
    You can deploy client software by using the network audit utility in the Symantec Policy Management Console. The network audit utility lets you discover client computers that do not run client software, and then install client software on those computers.
    To deploy client software by using network audit
    1 In the Symantec Policy Management Console, click Computer and Users.
    2 In the Tasks pane, click Network Audit.
    3 In the Install Client Software to Unmanaged Computers window, under Search
    By, check IP range, and enter a beginning and ending IP address.
    Scanning a range of 100 IP addresses takes 5.5 minutes. Optionally, specify a computer name.
    4 Under Logon Credentials, complete the User name, Password, and Domain boxes with logon credentials that permit domain administration to the named domain.

    Deploying client software with the network audit utility:-

    5 Click Search Now.
    6 On either the Unknown Computers or Unmanaged Computers tabs, do one
    of the following:
    ■ Check each computer on which you want to install client software.
    ■ Click Select All.
    7 Under Installation, select the installation package, installation option, and features that you want to install.
    8 To install to a group other than Temporary, click Change, select a different group, and then click OK.
    9 When you ready to install, click Start Installation.
     
    Deploying client software with the Installation and Migration Wizard:-
    The Installation and Migration Wizard panel appears after you create a database, both embedded and Microsoft SQL. The wizard provides the following three options:
    ■ Configure a new deployment
    ■ Import groups and policies from an existing deployment
    The last option is for migrating legacy Symantec Antivirus and Symantec Client Security installations. For details about migration, refer to the Migration chapter.
    Configuring a new deployment
    The First Use Wizard lets you create the client installation software that places your client computers in the group that you specified, and that applies the policies that you specified.
    Export To None
     
    To configure a new deployment:-
    1 In the Deployment Options panel, check Configure a new deployment, and then click Next.
    2 In the New Deployment Group panel, in the Create a New Group box, accept or change the default, and then click Next.
    3 In the Assign Policies panel, in the right pane, accept or change the default policy selections.
    4 In the left pane, click the group to which to assign the policies.
    5 Check or uncheck Inherit from parent, and then click Next.
    6 In the Export Client Installation Packages panel, click Browse.
    7 In the Open dialog box, browse to and select the directory into which to place the client installation package, and then click Open.
    8 In the Export Client Installation Packages panel, under Create, check the type of installation packages to create, and then click Next.
    9 In the Deploy Installation Packages to Clients panel, do one of the following, and then click Finish:
    ■ Check Launch Client Remote to deploy the installation software to client computers.
    ■ Uncheck Launch Client Remote to place the client installation package in the specified directory only, and not deploy the installation software.
     
    Importing computer lists:-
    Instead of selecting computers during ClientRemote installation, you can import a list of computers.
     Creating a text file of computers to install-
    You can create a text file of computer IP addresses, import this text file during ClientRemote deployment, and then deploy the client software to the specified computers. You can also create the text file by exporting a list of computers that you type one by one to a text file before you begin client deployment.
    Note: Creating a text file of IP addresses is not recommended for computers that receive DHCP-assigned IP addresses.
    To create a text file with IP addresses to import
    1 In a text editor such as Notepad, create a new text file.
    2 Type the IP address of each computer that you want to import on a separate line.
    For example:
    192.168.1.1
    192.168.1.2
    192.168.1.3
    You can comment out IP addresses that you do not want to import with a semicolon (;) or colon (:). For example, if you included addresses in your list for the computers that are on a subnet that you know is down, you can comment them out to eliminate errors.
    3 Save the file to a directory.
    Importing a text file of computers that you want to install
    You import the text file during ClientRemote installation.
    To import a text file of computers that you want to install
    1 In the Select Computers panel, click Select.
    2 In the Client Details dialog box, click Import.
    3 Locate and double-click the text file that contains the IP addresses to import.
    During the authentication process, you may need to provide a user name and password for computers that require authentication. The setup program also checks for error conditions. You are prompted to view this information on an individual computer basis or to write the information to a log file for later viewing.
    4 Select one of the following:
    ■ Yes: Write to a log file.
    If you create a log file, it is located under \\Winnt\Savcesrv.txt on Windows
    2000 and under \\Windows\Savcesrv.txt on Windows XP\2003\Vista.
    ■ No: Display the information on an individual computer basis.
    5 Finish the installation.

    In SEPM you’ll not get direct option called”Auditing”, as it has been replaced with option “Find Unmanaged computers” 

    In Find Unmanaged computers window, click on tab “Unknown computers” 

    Specify IP range and go ahead with installing SEP on clients located on different subnets.