Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

port 8005

Created: 30 Oct 2012 • Updated: 06 Dec 2012 | 24 comments
This issue has been solved. See solution.

Please help me, I reinstalled SEPM from ISO DVD but still support tool says port 8005 problem. Clients don't turn into green...

Comments 24 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Can you Clear your question ?

If you want to change Port 8005

To change the Tomcat port

  1. Click Start > Run.
  2. Type services.msc, and then click OK.
  3. Stop the Symantec Endpoint Protection Manager service.
  4. Go to the following folder:

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\

  5. Right-click the file server.xml, and click Edit to modify the file.
  6. Change port="8005" to an open port.
  7. Save the changes to the server.xml file.
  8. Start the Symantec Endpoint Protection Manager service.
  9. Log on to Symantec Endpoint Protection Manager

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

Clients communicate with the SEPM on port 8014

Which Communications Ports does Symantec Endpoint Protection use?

https://www.symantec.com/business/support/index?pa...

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

https://www.symantec.com/business/support/index?pa...

Did you turn off Windows firewall?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI.

Do you have follow Disaster recovery process ?

Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH102333&locale=en_US

Check This artical

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/business/support/index?page=content&id=TECH160964

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/business/support/index?page=content&id=TECH105894

Thanks In Advance

Ashish Sharma

 

 

BucaDH's picture

If needed I can change the port as you mentioned. I want to communicate clients with sepm. I checked ports and services, they are ok. Now I am running symhelp for Client/Server Connectivity. I will add the results.

AttachmentSize
Troubleshooting.txt 4.09 KB
netstat-anbo.txt 11.26 KB
Mithun Sanghavi's picture

Hello,

Since you have reinstalled the SEPM, was the SEPM restore via Disaster Recovery method?

What changes were performed on the SEPM server?

Could you upload the sylink.log file from 1 of the client machine which is not communicating with the SEPM?

http://www.symantec.com/docs/TECH104758

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

BucaDH's picture

acil05pc is one of clients. I used symhelp instead of support_tool. Thanks.

AttachmentSize
SYMANTEC_SERVER__2012_10_30__16_20_28.zip 5.94 MB
sylink.xml 2.02 KB
acil05pc_logs.zip 36.1 KB
ACIL05PC__2012_10_30__16_30_54.zip 2.86 MB
Mithun Sanghavi's picture

 

Hello,

I would require just the sylink.log from the client machine.

Could you upload the sylink.log file from 1 of the client machine which is not communicating with the SEPM?

Check this Article for the How to steps for Collecting the sylink.log file - 

http://www.symantec.com/docs/TECH104758

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

BucaDH's picture

Here it is the sylink.log. Will it be continue to live???

AttachmentSize
sylink.zip 6.67 KB
Mithun Sanghavi's picture

Hello,

Upon checking th esylink.log, we found - 

10/31 13:49:32 [3400] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

.................

............................

........................................

10/31 13:53:02 [2736] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED

10/31 13:53:02 [2736] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
10/31 13:53:02 [2736] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:53:02 ======
10/31 13:53:02 [2736] <IndexHeartbeatProc>Set Heartbeat Result= 1
10/31 13:53:02 [2736] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
10/31 13:53:02 [2736] <IndexHeartbeatProc>Connection Failed! No. of tries = 3
10/31 13:53:02 [2736] <SwitchSylinkConfig:> Switching from sylink.xml.. 
10/31 13:53:02 [2736] <SwitchSylinkConfig:> Failed to switch to use SyLinkEx.bak
10/31 13:53:02 [2736] <SwitchSylinkConfig:> Switching from SyLinkEx.bak
.................
............................
........................................

10/31 13:57:18 [2736] <mfn_DoGetIndexFile200>Content Lenght => 1368

10/31 13:57:18 [2736] <mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content.. 
10/31 13:57:18 [2736] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
10/31 13:57:18 [2736] <GetIndexFileRequest:>COMPLETED
.................
............................
........................................

10/31 13:57:18 [2736] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED

10/31 13:57:18 [2736] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
10/31 13:57:18 [2736] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:57:18 ======
10/31 13:57:18 [2736] <IndexHeartbeatProc>Set Heartbeat Result= 1
10/31 13:57:18 [2736] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 1, 'Using Location Config' = 0
10/31 13:57:18 [2736] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
10/31 13:57:18 [2736] Use new configuration
10/31 13:57:18 [2736] HEARTBEAT: Check Point Complete
10/31 13:57:18 [2736] <IndexHeartbeatProc>Done, Heartbeat=512seconds

 

As per above, It's definitely the certificate issue, restore the certifcate of older time and it should help.

Check these Articles:

Signature verification FAILED for Index File Content - Clients are green in the SEPM, but show offline.

http://www.symantec.com/docs/TECH93740

Symantec Endpoint Protection Signature verification FAILED for Index File Content

http://www.symantec.com/docs/TECH102900

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

BucaDH's picture

In the article, it says old certificate and old password... I cannot return to old password, because I don't know...

Ashish-Sharma's picture

HI Bucadh,

Try to export Syslink.xml in sepm server and replace one sep client.

 

Thanks In Advance

Ashish Sharma

 

 

BucaDH's picture

I tried to export and get xml file. After running sylink_drop, client still wants to update with sepm, not with liveupdate.symantec.com. I attached new sylink.xml. Please can you show me where I can change symantec into liveupdate.symantec.com? I cannot update virus definitions yet.

acil05pc.JPG
AttachmentSize
My Company_sylink.xml 2.02 KB
Ashish-Sharma's picture

HI,

It's manage SEP client ?

check the "Use a Liveupdate Server" from the Liveupdate Policy.

SEPM -> Clients ->Polices ->Live update Policy

and check this Article:

Symantec Endpoint Protection Manager 12.1 - LiveUpdate - Policies explained

http://www.symantec.com/docs/TECH178257

Thanks In Advance

Ashish Sharma

 

 

BucaDH's picture

Hi,

I made that change. But for a week, no client updated itself. Is there any way with regedit, xml file or patch like solution?

Ashish-Sharma's picture

HI,

Check this

How to configure the managed client group to get updates from Internet only

http://www.symantec.com/business/support/index?page=content&id=TECH95400&locale=en_US

 

Or if policy not applied

Change Registry value

Regedit
Hkey_Local_Machine\Software\Symantec\Symantec Endpoint Protection\LiveUpdate\AllowManualLiveUpdate

Change Registry key Value 0 to 1

 

 

 

Thanks In Advance

Ashish Sharma

 

 

BucaDH's picture

Hi,

I checked registry values is 1. I configured the server as in the article. Still updates are tried to retrieve from "symantec"(internal management server)... How much time does it take to apply new policy for liveupdate? Will clients turn into green?

Thanks

Ashish-Sharma's picture

HI,

Uncheck "Use the default Management Server "

 SEPM -> Clients ->Polices ->Live update Policy

Check SEP client policy no and sepm group policy no.

 

Note : If you don't received solution,Please raised support ticket for symantec support.

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

Are you using any proxy?

If yes, after performing the changes to the Liveupdate policy highlighted above, make these necessary changes provided in the Article below:

https://www-secure.symantec.com/connect/articles/how-configure-proxy-settings-symantec-endpoint-protection-manager-sepm-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

BucaDH's picture

Hi,

No proxy we are using.

I think the problem is liveupdate settings. But first clients aren't green, anymore they are all yellow. Then the clients don't know liveupdate.symantec.com as the update server.

BucaDH's picture

I am sorry, I found these at acil05pc, why these screenshots are different? At admin and domainuser, symantec says different.

I added screenshots and support tool report. Then I don't disturb you anymore. I will try call center.

1.JPG 2.JPG 3.JPG 4.JPG 5.JPG admin01.JPG admin02.JPG admin03.JPG admin04.JPG domainuser01.JPG domainuser02.JPG domainuser03.JPG domainuser04.JPG icon01.JPG icon02.JPG
AttachmentSize
ACIL05PC__2012_11_01__10_25_49_LP_Full.zip 2.19 MB
Mithun Sanghavi's picture

Hello,

As per the Screenshot 1.jpg, it pertains to Reputation Database. I would suggest you to perform these steps - 

  1. The following message appears: "Your computer was unable to access the Symantec Reputation Database. Before further analysis can be performed, all unsigned files must be verified using the Symantec Reputation Database. Save this report and open it with the Support Tool from another computer that is connected to the internet."
  2. Click Save the Load Point Report.
  3. In the Save Report dialog, enter a name for the file.
    The name of the file will end with LP.sdbz.
  4. Copy the file to removable media, and take it to a computer with internet access.
  5. Download the Support Tool on the second computer, and run it.
  6. Accept the End User License Agreement, and then click Open a Report.
  7. Open the .sdbz file that you saved previously.
    The Reputation Database check completes automatically.

Reference: http://www.symantec.com/docs/TECH96291

Secondly, Your client is not reporting to the SEPM server machine. To get all your clients start reporting / communicating to the Latest Symantec Endpoint Protection Manager, you would require SylinkReplacer version_12.1.

 

To get that SylinkReplacer version_12.1 tool you will have to call symantec or log a web case.

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873

OR

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Ashish-Sharma's picture

HI,

As per screen shot your sep client are offline .

Restoring communication to clients with a new Sylink.xml file

http://www.symantec.com/business/support/index?page=content&id=TECH106288

also check communication

http://www.symantec.com/docs/TECH95789

If your all sep client are offline You can use Sylinkreplacer tool for connecting SEP clients to a SEPM

The Sylinkreplacer tool for connecting SEP clients to a SEPM

https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Download Syslink Replacer sep 11

https://www-secure.symantec.com/connect/downloads/sylink-replacer

Check this thread

http://www.symantec.com/connect/forums/symantec-endpoint-protection-manager-11-0

 

 

Thanks In Advance

Ashish Sharma

 

 

Simpson Homer's picture

 

Phone numbers to contact Tech Support:-

 

Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

India: Toll-Free 000 800 4401 456 directly

IDD call: +61 2 8220 7111

 

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

 

Customer Care Contact Numbers for Licensing Issues:-

http://www.symantec.com/support/assistance_care.jsp

 

 

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873