Endpoint Protection

Hello All,

I have an OS X 10.5.8 machine and the client refuses to see our SEPM server. I am installing it as a managed setup from a package that was created by the SEPM server. Searching for the computer name and IP in SEPM find the problem client but it says that the SEP!! client isn't installed. I also don't see a way to get a client connected to the SEPM from the client machine. I tried uninstalling and reinstalling twice but it didn't make a difference.

I have 23 other OS X clients working fine using the same package. I would hate to reinstall this machine if I could manually get it connected some how? Any ides? 

Any help at all is greatly appreciated!
Thank you very much! ;)

To install Symantec Endpoint Protection on a Mac client, you export the client
installation package and then deploy the package manually. You can use any
method that you have available in your network: email, a script, URL (FTP or
HTTP), or third-party software such as Apple Remote Desktop.
See “Exporting client installation packages for Mac computers” on page 100 -

ftp://ftp.entsupport.symantec.com/pub/support/documentation/Installation_Guide_SEP11.0.5.pdf

The Mac client install package is automatically exported as a .zip file.
To expand the package to the Apple install format .mpkg, you must use either the
Mac Archive Utility or the ditto command. You cannot use either the Mac unzip
command or any Windows unzip application.

See the Install guide for more info.

From a browser on the Mac, go to the following link (change the server:port info as necessary):
http://servername:8014/secars/secars.dll?hello,secars

If it comes back with "OK", then you have good communication with the SEPM. If not, troubleshoot accordingly (you'll get an HTTP error like 401, 403, 404, 500, etc).

My install is fine; I have 23 other clients working fine.

We are using a different port. The client machine that is having trouble I am also using the SEPM web app with which is accessing the server fine. Any other ideas? Is there an actual uninstall for SEP11 for Macs. I tried this which is supported for 10:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007661309063498
and removed some other left over system files that it didn't cleanup, restarted, reinstalled, restared, and no difference. Still not working.

Thanks!

There is an uninstaller in the SEP_MAC folder on the downloaded DVD.  The RemoveSymantecMacFiles script should also work.

Title: 'How to uninstall Symantec Endpoint Protection for Macintosh'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010043009592848

You can try the secars command, substituting the correct server name and port.

Also, here's the equivalent of dropping the sylink.xml for the Mac:

Title: 'How to convert unmanaged SEP for Macintosh client to managed version'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010040817074848

sandra

I don't have access to the uninstaller from the DVD right now.

I have been using the uninstall SEP from Mac command which actually doesn't uninstall everything so I created my own uninstaller for now.

No idea what the secars command is? But I can access the SEPM web app from the problem client just fine.

I tried replacing the SyLink.xml, no difference.

I think the problem I found from the Mac managed to unmanaged doc is that my smclient doesn't startup automatically. I have to manually start it every time I login and the client is still listed as unmanaged in the QuickMenu or prefPane. The machine is now listed in the SEPM but I cannot run any commands from the SEPM and  the client machine cannot receive any updates from the SEPM. Also the directions in this document are wrong.
In step 3 the lines read:
/Library/StartupItems/SMC/sudo smclient --stop
/Library/StartupItems/SMC/sudo smclient --start

they should be this:
sudo /Library/StartupItems/SMC/smclient --stop
sudo /Library/StartupItems/SMC/smclient --start

The secars command is the one given above by Ryan (http://servername:8014/secars/secars.dll?hello,secars).

Is there anything different about this machine: firewall enabled, other programs that are only on this machine, limited user vs. administrative user, etc?  Is there anything in the Console log indicating why this is failing to launch at startup?

I'll correct the document.  Thanks for bringing that to our attention.

sandra

Hi Sandra.g

Thank you for all of your help! I did check my console log and found this line:
5/11/10 5:15:47 PM com.symantec.quickmenu.application[102] /Library/Application%20Support/Symantec/SMC/SymantecRegistry.xml:1: parser error : Document is empty

My SymantecRegistry.xml file is empty. So I copied one from a working client. My client is now being managed but the SEPM server, Connection Status, and Policy Serial Number are all NA. 

Is there a way to get a new SymantecRegistry.xml, or is there a way to adjust this file from another working client that I can use?

Thank you very much!

I used Pacifist and reinstalled the /Library/StartupItems/SMC and /Library/Application\ Support/Symantec/SMC. Restarted and got a security error:

5/12/10 12:17:37 PM SystemStarter[18] "/Library/StartupItems/SMC/SMC" failed security check: not owned by GID 0 

Glad you got that up and running!

(Maybe a permissions repair on the client machine, or a disk verify?)

sandra

For me, the file "CDIS.custom" was missing from /var/log. Apparently, this file stores the default language when Mac OS X is installed. I copied the file from another Mac and set the permissions on it to match. This solved my issue; I had been getting the following error prior to that: 5/14/10 1:33:33 PM com.apple.SystemStarter[67] /Library/StartupItems/SMC/SMC: line 13: /var/log/CDIS.custom: No such file or directory