Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Problem with generating notifications

Created: 12 Jul 2011 | 9 comments
blenahan's picture
blenahan
0 0 Votes
Login to vote

Hey guys,

Hoping one of you gurus can help me out with an issue.  Starting about a month ago, notifications stopped being generated from my SEPM.  They had been working fine; they would let me know when there were risks that couldn't be remediated by SEP for whatever reason.  They just stopped.  Down at the bottom on my Home Screen, the alert says "No unacknowledged notifications in the last 24 hours".  It always says this.  As a test, I did what this article says:

How to test the e-mail notification feature in the Symantec Endpoint Protection Manager Console.

http://www.symantec.com/business/support/index?page=content&id=TECH95887&locale=en_US

After I created that alert above, I then logged out and tried logging in with the wrong password.  It told me Authenticated Failed, then I logged in and I still saw "No unacknowledged notifications in the last 24 hours".

I think the issue may be with someone in my SQL database (on another server).  Can someone provide me some direction for things to check in the SEPM database to start generating notifications again?

Thanks guys in advance.

Discussion Filed Under:
,

Comments

Brian81's picture
12
Jul
2011
0 Votes 0
Login to vote
Brian81

Did you check your mail relay

Did you check your mail relay server to see if something changed on it? Perhaps authentication?

Endpoint Knowledge Base

Security Best Practices

blenahan's picture
12
Jul
2011
0 Votes 0
Login to vote
blenahan

The email server is fine. 

The email server is fine.  Scheduled reports come via email from the SEPM.  Thats why I specifically said about the notification message on the home screen on the SEPM.  So that email couldn't be blamed.

 

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

Brian81's picture
12
Jul
2011
0 Votes 0
Login to vote
Brian81

And you have "Write the

And you have "Write the notification to the database" checked?

This happens to me every now and then and I just delete and re-create the notification. It works but doesn't actually fix it. I still have people getting emails who were taken off the notifications, even after I deleted and re-created...

Endpoint Knowledge Base

Security Best Practices

blenahan's picture
12
Jul
2011
0 Votes 0
Login to vote
blenahan

Per my post above, I did the

Per my post above, I did the test Symantec recommends for testing notifications and it didn't generate a notification, and it was a brand new alert I had just created 2 minutes earlier.

 

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

VKalani's picture
12
Jul
2011
0 Votes 0
Login to vote
VKalani

this was an issue with

this was an issue with RU5...but not sure if it was solved in later  versions

-VKalani

blenahan's picture
12
Jul
2011
0 Votes 0
Login to vote
blenahan

I still get a notification

I still get a notification emailed to me every time I restart my SEPM, but it's one from two months ago.  that same one gets emailed to me every time.  I've have had some other issues recently with up to date information on my Action Summary pane on the Home Screen.  We actually saw a hung query in the database and when we killed that hung query, the Home Screen started updating itself like it should.  Thats why I wonder if there is something I can look at in the database.

 

thanks guys.

 

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

Brian81's picture
12
Jul
2011
0 Votes 0
Login to vote
Brian81

How are you seeing hung

How are you seeing hung queries?

As I mentioned I have issues with notifications too. Mostly, ones that were weeks old still being sent to me even though they are no longer valid.

Endpoint Knowledge Base

Security Best Practices

blenahan's picture
12
Jul
2011
0 Votes 0
Login to vote
blenahan

well I am not a SQL guy, we

well I am not a SQL guy, we have DBA's here for that, but what she said was that she checked what queries were running and verified the last batch time for them.  She also checked that the CPU and I/O were constant and she noticed that the last batch time was a few hours back.  Now granted, i had been having the problem for weeks, but sure enough, when she killed it, within a little while, my Action Summary pane was starting to update.

 

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

greg12's picture
13
Jul
2011
0 Votes 0
Login to vote
greg12

Just an idea

According to the schema reference guide, you or your DBA can check the notification alerts in the NOTIFICATIONALERTS table. The notification conditions are in a second table called "NOTIFICATION".

SEP schema reference guide:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,009