Endpoint Protection

Good morning - or at least I hope it ends up that way!

Note - I did NOT upgrade or update SEP on any device at all - ALL CLIENT AND ALL SERVERS are still running 11.0.7. NOTHING has been updated from 11 to 12.1 as far as protection, clients, servers, etc. - still running a pure 11.0.7 sho.

I DID upgrade the SEPM part only on our two dedicated SEPM servers - ONLY the management part.

OK - here's the issues  ;-)

I went in and turned off the rule to protect registry keys, etc. for everything. I STOPPED the SEPM service on our second server. SQL backup was in place thanks to a backup that night. I went to server 1 and launched the SEPM upgrade from the SEPM folder in the DVD files I'd copied onto the server.
 The first went really well. It upgraded SEPM on the server, then ran the configuration wizard, found the database and changed the schema for SQL, then it launched the console (the JAVA version) successfully, I logged and saw that yeah, that was our stuff.

I logged out of the console, left SEPM1 and went to SEPM2 and launched the upgrade of SEPM2 (the second server) from the SEPM fiiles I've copied onto the server. (I'd left the SEPM service disabled so it would not touch the database)
It ran the processes, did the install, then launched the wizard and blew up. Seems in between the SQL server crashed - or at least the network interface died and it's a VMWare server, dunno what happened, but NIC communications pretty much stopped. So the SEPM2 upgrade basically stopped at the half-way done point. The admin got the SQL server going with the help of a VMWare tech and I launched the wizard on SEPM2 and finished. It then also connected to the database.
The day was over and I was beat and went home..........

The issues:
* My email inbox is FLOODED with alerts! Some of them many megabytes in size, HUGE lists in these messages. Yea I had alerting setup to email me, but not like this!
* Device control has gone totally flakey! I am getting email alerts for the last 12 hours about devices being enabled, then disabled, disabled then enabled, back and forth over and over - and NO ONE WAS here! The computers I was getting alerts about were not in use! I have device control disable USB devices like thumb drives, and firewire is disabled, and I've get an occasional alert, and when computers were turned on, I got a message that firewire was disabled on that computer, but they were not often, and generally ONLY when the computer was first turned on. These are coming at me all night and now all through today, disabled, enabled, disabled and so on, the same computers, the same firewire, the same USB devices.

Some of the reports have information that's days old and I already received!

* WORST of all - I can't launch a console on a computer that is not the SEPM server.

When I attempt to launch the web site  http://nameofserver:9090 it totally crashes IE to the point I have to end the task.

ONE of the emails had a link in it that said "to launch the console, etc. etc." http://nameofserver:9090/symantec.html

and THAT too crashed IE.
I tried firefox and it loaded the text, but nothing else - and just sat there. No links, no buttons, etc.

The web part of the SEPM servers now seems to be trashed and non-functional. I don't have console access from any computer other thn the servers themselves, and even then only the JAVA version, not the web version.

I was shocked how badly this went...............

Help please!

Did you disable or remove IIS after upgrading to SEP 12.1??? 

SEP 12.1 does not need IIS so unless you are running other websites on your SEPM servers I would remove IIS completely so the Apache website in v12.1 does not conflict with it.

If the SEPM console works on the SEPM itself, it should work elsewhere. What version of Java are you running and do you have admin rights on your system when trying to launch these?

Do any of these links work for you:

SEPM Web console: https://servername:8443/console/apps/sepm

SEPM Java Console: http://servername:9090/servlet/JnlpServlet 

Symantec Protection Center: https://servername:8443/portal

I agree the email alerting, particularly the Sysplant Informational logging that can't be turned off without turning off all App/Dev Control alerts.  There is a feature request to allow the severity level to be set on this built-in alert to ignore informational logging. I have a support case in for this as we're getting way too many informational alerts that we can't shut off.  Please vote for the feature request.

I did on the one I try to connect to. Seems I can connect via web with a VISTA computer and IE7, but not with my notebook. and when I do connect, it's REALLY slow getting there. Takes a couple of minutes literally.

The second server, it keeps maxing out the hard drive. I just added 10 GIG (it's VMWare) and in 5 minutes, that 10 gig was FILLED, so the drive is back to zero space and I can't remove IIS with a totally filled drive.

Something about the new SEPM 12 is killing the drive space as fast as I create it, problems troubleshooting as you know what it's like when Windows has ZERO drive space.........

If I step the SEPM service, the drive won't fill up, if the service is allowed to run, it takes about a gig a minute.

Looks like the SEPM upgrade from 11.0.7 to 12.1 totally trashed this one server.

I can't reinstall and oddly enough, it won't let me uninstall as it wants to start a service (w3svc or something along those lines!)

That service does not even exist in the service list.

since it's not a Symantec service (that I am aware of) what's it got to do with the SEPM bit?

That's your WWW Publishing Service, which is a pre-requisite for SEPM 11. I'm assuming it can't roll back because it is missing. Try re-installing IIS, then rolling back.

I did a search for w3* on the server and found that - thanks. I put IIS back, let SEPM reinstall, and that part worked kind of.

NOW for that second server if I attempt to launch the web or java console (and yes, Java is correct it installed from SEPM) I get an ErrorCode: 0x0010000

Does not matter java or web/IE - it throws that error and won't show most of the info, but will show some.

This upgrade has been the first disaster I have ever had with a Symantec product, so something must have gone terribly wrong during install.

Have you checked you haven't blown any SQL database size limits if your using a SQL backend for the database???