port 8005

Brian81 Trusted Advisor

https://www.symantec.com/business/support/index?pa...

Clients communicate with the SEPM on port 8014

Which Communications Ports does Symantec Endpoint Protection use?

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

https://www.symantec.com/business/support/index?pa...

Did you turn off Windows firewall?

SEP Knowledge Base

Endpoint SWAT

Ashish-Sharma

http://www.symantec.com/business/support/index?page=content&id=TECH102333&locale=en_US

HI.

Do you have follow Disaster recovery process ?

Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

Check This artical

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/business/support/index?page=content&id=TECH160964

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/business/support/index?page=content&id=TECH105894

Thanks In Advance

Ashish Sharma

BucaDH

If needed I can change the port as you mentioned. I want to communicate clients with sepm. I checked ports and services, they are ok. Now I am running symhelp for Client/Server Connectivity. I will add the results.

Attachment	Size
Troubleshooting.txt	4.09 KB
netstat-anbo.txt	11.26 KB

Mithun Sanghavi Symantec Employee Technical Support Accredited

http://www.symantec.com/docs/TECH104758

Hello,

Since you have reinstalled the SEPM, was the SEPM restore via Disaster Recovery method?

What changes were performed on the SEPM server?

Could you upload the sylink.log file from 1 of the client machine which is not communicating with the SEPM?

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

BucaDH

acil05pc is one of clients. I used symhelp instead of support_tool. Thanks.

Attachment	Size
SYMANTEC_SERVER__2012_10_30__16_20_28.zip	5.94 MB
sylink.xml	2.02 KB
acil05pc_logs.zip	36.1 KB
ACIL05PC__2012_10_30__16_30_54.zip	2.86 MB

Mithun Sanghavi Symantec Employee Technical Support Accredited

http://www.symantec.com/docs/TECH104758

Hello,

I would require just the sylink.log from the client machine.

Could you upload the sylink.log file from 1 of the client machine which is not communicating with the SEPM?

Check this Article for the How to steps for Collecting the sylink.log file -

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

BucaDH

Here it is the sylink.log. Will it be continue to live???

Attachment	Size
sylink.zip	6.67 KB

Mithun Sanghavi Symantec Employee Technical Support Accredited

http://www.symantec.com/docs/TECH93740

Hello,

Upon checking th esylink.log, we found -

10/31 13:49:32 [3400] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

.................

............................

........................................

10/31 13:53:02 [2736] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED

10/31 13:53:02 [2736] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0

10/31 13:53:02 [2736] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:53:02 ======

10/31 13:53:02 [2736] <IndexHeartbeatProc>Set Heartbeat Result= 1

10/31 13:53:02 [2736] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0

10/31 13:53:02 [2736] <IndexHeartbeatProc>Connection Failed! No. of tries = 3

10/31 13:53:02 [2736] <SwitchSylinkConfig:> Switching from sylink.xml..

10/31 13:53:02 [2736] <SwitchSylinkConfig:> Failed to switch to use SyLinkEx.bak

10/31 13:53:02 [2736] <SwitchSylinkConfig:> Switching from SyLinkEx.bak

.................

............................

........................................

10/31 13:57:18 [2736] <mfn_DoGetIndexFile200>Content Lenght => 1368

10/31 13:57:18 [2736] <mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content..

10/31 13:57:18 [2736] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED

10/31 13:57:18 [2736] <GetIndexFileRequest:>COMPLETED

.................

............................

........................................

10/31 13:57:18 [2736] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED

10/31 13:57:18 [2736] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0

10/31 13:57:18 [2736] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:57:18 ======

10/31 13:57:18 [2736] <IndexHeartbeatProc>Set Heartbeat Result= 1

10/31 13:57:18 [2736] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 1, 'Using Location Config' = 0

10/31 13:57:18 [2736] <IndexHeartbeatProc>Connection Failed! No. of tries = 1

10/31 13:57:18 [2736] Use new configuration

10/31 13:57:18 [2736] HEARTBEAT: Check Point Complete

10/31 13:57:18 [2736] <IndexHeartbeatProc>Done, Heartbeat=512seconds

As per above, It's definitely the certificate issue, restore the certifcate of older time and it should help.

Check these Articles:

Signature verification FAILED for Index File Content - Clients are green in the SEPM, but show offline.

Symantec Endpoint Protection Signature verification FAILED for Index File Content

http://www.symantec.com/docs/TECH102900

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

BucaDH

Ok. I will try now.

BucaDH

In the article, it says old certificate and old password... I cannot return to old password, because I don't know...

Ashish-Sharma

HI Bucadh,

Try to export Syslink.xml in sepm server and replace one sep client.

Thanks In Advance

Ashish Sharma

BucaDH

I tried to export and get xml file. After running sylink_drop, client still wants to update with sepm, not with liveupdate.symantec.com. I attached new sylink.xml. Please can you show me where I can change symantec into liveupdate.symantec.com? I cannot update virus definitions yet.

Attachment	Size
My Company_sylink.xml	2.02 KB

Ashish-Sharma

http://www.symantec.com/docs/TECH178257

HI,

It's manage SEP client ?

check the "Use a Liveupdate Server" from the Liveupdate Policy.

SEPM -> Clients ->Polices ->Live update Policy

and check this Article:

Symantec Endpoint Protection Manager 12.1 - LiveUpdate - Policies explained

Thanks In Advance

Ashish Sharma

BucaDH

Hi,

I made that change. But for a week, no client updated itself. Is there any way with regedit, xml file or patch like solution?

Ashish-Sharma

http://www.symantec.com/business/support/index?page=content&id=TECH95400&locale=en_US

HI,

Check this

How to configure the managed client group to get updates from Internet only

Or if policy not applied

Change Registry value

Regedit
Hkey_Local_Machine\Software\Symantec\Symantec Endpoint Protection\LiveUpdate\AllowManualLiveUpdate

Change Registry key Value 0 to 1

Thanks In Advance

Ashish Sharma

BucaDH

Hi,

I checked registry values is 1. I configured the server as in the article. Still updates are tried to retrieve from "symantec"(internal management server)... How much time does it take to apply new policy for liveupdate? Will clients turn into green?

Thanks

Ashish-Sharma

HI,

Uncheck "Use the default Management Server "

SEPM -> Clients ->Polices ->Live update Policy

Check SEP client policy no and sepm group policy no.

Note : If you don't received solution,Please raised support ticket for symantec support.

Thanks In Advance

Ashish Sharma

Mithun Sanghavi Symantec Employee Technical Support Accredited

https://www-secure.symantec.com/connect/articles/how-configure-proxy-settings-symantec-endpoint-protection-manager-sepm-121

Hello,

Are you using any proxy?

If yes, after performing the changes to the Liveupdate policy highlighted above, make these necessary changes provided in the Article below:

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

BucaDH

Hi,

No proxy we are using.

I think the problem is liveupdate settings. But first clients aren't green, anymore they are all yellow. Then the clients don't know liveupdate.symantec.com as the update server.

BucaDH

I am sorry, I found these at acil05pc, why these screenshots are different? At admin and domainuser, symantec says different.

I added screenshots and support tool report. Then I don't disturb you anymore. I will try call center.

Attachment	Size
ACIL05PC__2012_11_01__10_25_49_LP_Full.zip	2.19 MB

Mithun Sanghavi Symantec Employee Technical Support Accredited

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Hello,

As per the Screenshot 1.jpg, it pertains to Reputation Database. I would suggest you to perform these steps -

The following message appears: "Your computer was unable to access the Symantec Reputation Database. Before further analysis can be performed, all unsigned files must be verified using the Symantec Reputation Database. Save this report and open it with the Support Tool from another computer that is connected to the internet."
Click Save the Load Point Report.
In the Save Report dialog, enter a name for the file.
The name of the file will end with LP.sdbz.
Copy the file to removable media, and take it to a computer with internet access.
Download the Support Tool on the second computer, and run it.
Accept the End User License Agreement, and then click Open a Report.
Open the .sdbz file that you saved previously.
The Reputation Database check completes automatically.

Reference: http://www.symantec.com/docs/TECH96291

Secondly, Your client is not reporting to the SEPM server machine. To get all your clients start reporting / communicating to the Latest Symantec Endpoint Protection Manager, you would require SylinkReplacer version_12.1.

To get that SylinkReplacer version_12.1 tool you will have to call symantec or log a web case.

How to create a new case in MySupport

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

SOLUTION

Ashish-Sharma

http://www.symantec.com/business/support/index?page=content&id=TECH106288

HI,

As per screen shot your sep client are offline .

Restoring communication to clients with a new Sylink.xml file

also check communication

http://www.symantec.com/docs/TECH95789

If your all sep client are offline You can use Sylinkreplacer tool for connecting SEP clients to a SEPM

The Sylinkreplacer tool for connecting SEP clients to a SEPM

https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Download Syslink Replacer sep 11

https://www-secure.symantec.com/connect/downloads/sylink-replacer

Check this thread

http://www.symantec.com/connect/forums/symantec-endpoint-protection-manager-11-0

Thanks In Advance

Ashish Sharma

Simpson Homer Symantec Employee