Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Issue in remote push of im using SEPM in window server2012

Created: 31 Mar 2013 • Updated: 02 Apr 2013 | 11 comments
jun82's picture
This issue has been solved. See solution.

hi everyone,

Im using SEP 12.1.2

SEPM installed windows server 2012 embeded databe is being use

SEP client installed in a window 7 64bit professional.

issue:

when i try to push remotely almost of my deployment is successful and sometimes failed, i already uncheck shared wizard, firewall is off, i already verify my account being use, im using a domain admin account.

when i try to check the process of all my client i only see running the setup, which is competitive uninstaller ( im using a seprep for deployment) and freeze nothing happen, also when i use the third party unistaller (built-in) it say failed,roolback.

what wiil i do.. any sugeestion.

thanks,

jun82

Operating Systems:

Comments 11 CommentsJump to latest comment

jun82's picture

i cant find the log %temp%, is there issue on 64bit? or the SEPM install on a Win 2012?

zafar1907's picture

You are pushing SEP client by push deployment wizard or client.exe utility ?

And the system you are unable to install sep cleint are u able to access the c:drive ?

Thanks and Regards,

Mohammad zafar

Please Mark as solution if this comment solved your Issue....

jun82's picture

im using both client deployment wizard and a push deployment found on part 2 installer. out of 10 client only 1 client is success installed.. and also when i used push deployment there is an error need to enabled a remote registry service?

Rafeeq's picture

Yes remote registry service need to be enabled for it to work

Is the Remote Registry Service enabled?

 

http://www.symantec.com/business/support/index?pag...

SOLUTION
jun82's picture

is remote registry service need to be enabled for all type of remote deployment, whether push deployment or client deployment?

Rafeeq's picture

Yes

From this document

Prepare Windows 8 or Windows Server 2012 computers

Before you deploy, perform the following tasks:

  • Disable the Windows Firewall.

  • Create the registry key LocalAccountTokenFilterPolicy. For more information, visit the following URL:

    http://support.microsoft.com/kb/942817

  • Enable and start the Remote Registry service.

http://www.symantec.com/business/support/index?pag...

However if you dont want to enable these do you security resons you can manually copy the package and run locally on the box. need to be enbaled just for the install.

jun82's picture

hi rafeeq,

Sorry for my previos response, i already done and enabled remote registry.. is seprep is not capable unisntalling Norton Internet secuirity..

thanks,

junar

jun82's picture

remote registry service is only applicable to a window 7 64 bit?

Rafeeq's picture

from the pdf it says

"you can configure this tool to first remove all competitive products (including Norton products) and then launch the SEP installer automatically and silently"

https://www-secure.symantec.com/connect/sites/default/files/SEPprep_0.pdf
 
try to enable the logging and check why its hanging. the log enabling option is in the above pdf
 
Edit: However here it says Nortan IS is not possible by using sepprep
 
http://community.norton.com/t5/Norton-Internet-Security-Norton/Remove-Norton-Internet-Security-with-SEPPrep-to-migrate-to-SEP/td-p/254083
zafar1907's picture

Hi,

Have you check this:-

Either TCP port 139 or 445 need to be open for the installation package to be delivered to the remote computer. If UDP port 137 is closed, the Endpoint Protection Manager will not be able to list the hostname of the computer during the initial scan. (Though deployment can still be carried out by manually entering the IP address of the prospective client.)

How (and why) to set the clients to "Classic Mode"
When the client is in Guest Only mode, Symantec Endpoint Protection Manager is not able to authenticate as an administrator. This means that the manager does not have access to push the package to the client.

To configure the client for Guest or Classic mode

  1. On the client, open Administrative Tools Local Security Policy.
  2. Click Local Policy > Security Options Network access Sharing and security model for local accounts. Set this to Classic.
  3. If the client is part of a domain, this policy can be changed at the domain level.

 For referance:-

  http://www.symantec.com/docs/TECH102582

Thanks and Regards,

Mohammad zafar

Please Mark as solution if this comment solved your Issue....