Video Screencast Help

Out-of-date AV definition in SEPM but all clients receiving latest AV definition

Created: 02 May 2013 | 13 comments

Seems there is a reporting issue with SEPM.

All clients are reported as having out-of-date AV definitions in SEPM. After checking multiple machines, all of them had received the latest AV definitions. This proved that SEPM was still able to download the AV content from the Internet and distributed to all clients. Somehow the AV definitions information was not sent back to SEPM.

Ran Symantec Validation tool and confirmed SQL DB is in working condition and communicating to SEPM.

Rebooted SEPM and about 10 clients reported the correct information to SEPM within 5 minutes but this number stayed the same since.

Attempted to delete 1 client entry in SEPM, updated policy in SEP and SEPM reported this device as "not reporting status".

SEPM version is SEP11RU7, same as SEP.

SQL DB is on MS SQL server 2008.

Any help will be appreciated.

Thanks.

 

 

 

 

Operating Systems:

Comments 13 CommentsJump to latest comment

pete_4u2002's picture

do you mean clients are not reporting to SEPM? are all the clients having this issue?

was there any change in certificate ?

W007's picture

Please check if you have a lot of .DAT/.TMP/.ERR files into SEPM\data\inbox subfolders (especially Agentinfo). If yes, it means clients are reporting their logs to the SEPM, but the manager is not able to process them.

 

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

W007's picture

Also Check this

Clients cannot send data back to Symantec Endpoint Protection Manager

Article:TECH105348  |  Created: 2008-01-09  |  Updated: 2009-01-30  |  Article URL http://www.symantec.com/docs/TECH105348

Check this comments

https://www-secure.symantec.com/connect/forums/sep...

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

danckli's picture

Pete, SEPM seems to be able to report the correct information such as last client uptime, IP address etc. Only the AV definition is out-of-date.

All clients are affected on this.

No change on the certificate. Only change was the database migration from 2005 to 2008 and had to run the configuration wizard in SEPM to point to the new DB instances.

Manish, there are ~360 files in the agentinfo folder but most of them are back in 2012. only 6 files dated in April 2013.

danckli's picture

Manish, checked the folder permission - everyone has FULL access to the inbox folder.

W007's picture

Hello,

How many disk space available in SEPM ?

Try to replace sylink.xml file one of client.

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

is teh DB on local system or remote?

if remote have you upgraded the SQL client on SEPM?

danckli's picture

Manish - there are about 20Gb of free space available in SEPM. Appreciate if you can provide a link on how to replace sylink.xml file.

Pete - DB is located in another server. And no, we haven't upgraded SQL client on SEPM.

.Brian's picture

Run the SymHelp tool on the SEPM to see if it shows any errors

Symantec Help (SymHelp) Download

Article:TECH170752  |  Created: 2011-09-29  |  Updated: 2013-04-29  |  Article URL http://www.symantec.com/docs/TECH170752

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

upgrade the SQL client on the SEPM , it should be compatible with SQL server for communication.

SameerU's picture

Hi

Please upgrade to SEP 12.1.2 and also the clients.

Regards

 

danckli's picture

Pete, it seems the SEPM and the SQL server are communicating to each other as the client details are identical. But will check the SQL client on SEPM.

Sameer, there is a plan of upgrading to SEP12.1.2 but this will take some time to implement.

Vishal, SEPM has about 20Gb free space.