Endpoint Protection

 View Only
Expand all | Collapse all

Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

  • 1.  Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Feb 26, 2015 04:01 AM
      |   view attached

    Hello Friends,

    We got an outage after upgrading Symantec, 11.1.XX to 12.1.XX

    1) We had 230 plus SEP clients.

    2) We had only 40 licenses available.

    What i did ?

    I had upgraded SPEM from 11 to 12, and ran the live update.

    What had happened ?

    We support Citrix, and Symantec is the product we use on our citrix servers, so i represent for symantec in my team, as soon the SPEM was upgraded, users when launching the citrix applicatication was getting "Access is denied" error.
     

    How the issue was resolved ?

    Stopping "Symantec Endpoint Protection Client" on our domain controller.
    Stopping "Symantec Endpoint Protection Client" on our file server.
     

    My question

    1) I want to know what has caused this outage ? thankfully yet i am not removed from my company, but i made my company suffer almost 14 hours of outage.

    2) How to find the RCA ? i am sure it is related to symantec firewall policies ?



  • 2.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Feb 26, 2015 12:16 PM

    What firewall policy do you have in place? Check your Traffic log for affected clients to see what was blocked.

    It worked after you removed the firewall policy?



  • 3.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Feb 26, 2015 12:21 PM

    when you upgraded to SEPM 12.X ,the download insight might have blocked the citrix storefront url.

    do they get this after entering the ID and Password on the citrix log on page or on the URL itself?



  • 4.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Mar 01, 2015 08:52 PM

    It took the default policy, where file sharing is blocked, i read that in an article. Wish i was more cautious and pro active, nenverthless, learned from my mistake.



  • 5.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Mar 01, 2015 08:56 PM

    Everything ok now?



  • 6.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Mar 09, 2015 04:35 AM

    I have disabled firwall policy for now, and all the communicatons are also blocked with the Client and Server, don't know from where to start :(

    (Now the below thing is only for users like me who should have taken precaution)

    I had logged case with symantec and all they pointed out STEP 3 in this document was had to be taken seriously before planing the implementation

    http://www.symantec.com/business/support/index?page=content&id=TECH224034&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1425889035040w10CtFxF5v6I5nBIlkzx1QGbe81iU1nXOhU3F

    Step 3: Prepare Symantec Endpoint Protection 11.x managers for migration
     

    •Turn off replication at each site that is configured as a replication partner before you upgrade Symantec Endpoint Protection Manager.

    After those clients have updated their policy, you can proceed with the upgrade.

    Caution: If this rule set is not disabled, you may face issues at a later stage when you upgrade your clients.

    •Remove client packages assigned to the client groups.


    If your Symantec Endpoint Protection 11.0 site has client packages assigned to the client groups, remove those packages. The Maintain existing client features when upgrading option on the 11.0 package causes the upgrade to remove all protection technologies from the clients.

    I understand the seriousness of what i have done and i don't want any other person doing a stupid thing like me and create a loss for their compnay, so my question is:

    While upgrading, why can't symantec POP up a window asking and reminding user "Have you Removed client packages assigned to the client groups ? " Or anyother way asking user that PS : default policy will be applied and so and so ports will be blocked, OR any other message which basically would help user to think before he clicks the NEXT button.

    This reminder will help a user to be sure to cross check, his default policy, espcially firewall policy (default) which blocks file sharing (if NTP is installed) and avoid a big outage like mine.

    "Your best teacher, is your last mistake"



  • 7.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Mar 09, 2015 04:37 AM

    do they get this after entering the ID and Password on the citrix log on page or on the URL itself ?

    Answer : No, they were able to login into the URL, it was only after the users would click on the published application, they were facing the error.

     


     



  • 8.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Mar 09, 2015 06:47 AM

    all these in place?

    http://blogs.citrix.com/2013/09/22/citrix-consolidated-list-of-antivirus-exclusions/



  • 9.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Mar 09, 2015 08:09 AM

    URLs would not be blocked. Download Insight only applies to files that are downloaded, not URLs.



  • 10.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx

    Posted Mar 19, 2015 06:05 AM

    Rafeeq,

    This was never a concer, did u read my reply above ? it was total failure of upgradation plan.

    I am trying to figure out what could have been done to save? and to be more prepared for such situations.

    Thanks
    Jacob



  • 11.  RE: Outage after upgrading Symantec from 11.1.xxx to 12.1.xxx