Endpoint Protection

Hi, i have a HQ server with SEPM. Now i installed SEPM on other site, and by using configuration wizard tried to make it replication partner. The note "Replicating database" is showed and nothing seems to work. I have waited for several hours. I can ping both HQ and the site each other.  I can telnet to port 8443 and 2638 from site to HQ only, not opposite. I have ISA 2004 server between with a policy to allow any traffic anywhere from HQ (i made it because i thought the firewall is a problem). Then i tried to monitor the network traffic and no network traffic on ports 8443 and 2638 is generated by SEPM when it tries to add replication partner or to replicate. Im a really really stuck. Please help. Any ideas what to check ?? 

Hi Quag,

                  Please check the following :-


Replication configurations are supported with both embedded and Microsoft SQL Server databases. Replication configurations are used for redundancy. Data from one database is replicated (duplicated) on another database. If one database fails, you can still manage and control all clients because the other database contains the client information. Installing and configuring servers for replication is a two-part process. In an existing installation site, you first install a new Symantec Endpoint Protection Manager and database for replication with an existing manager. Second, you log on to the Symantec Endpoint Protection Manager and select and schedule the items to replicate.

When you select the items to replicate, you can choose logs and packages. Packages also include the updates to virus definitions, client components, and client software. The size of packages and updates can grow to several gigabytes of information if you download updates in multiple languages. You must consider the amount of data you replicate when you select these options, along with the bandwidth consumption. One client package is generally 180 MB in size when compressed.
You can only set up data replication during the initial installation of another Symantec Endpoint Protection Manager (SEPM) site. Multiple sites are called a site farm when they are set up as replication partners. You can add any site on the site farm as a replication partner to another already present site and you can also re-add a replication partner that was previously deleted (for example, prior to an upgrade).
Before you begin, you need to have the IP address or host name of the Symantec Endpoint Protection Manager for which you want to make a replication partner.
Follow the steps below to add a replication partner
Install Symantec Endpoint Protection Manager.
In the Management Server Configuration Wizard panel, click Advanced.
Select the number of clients you expect the server to manage, and then click Next.
This panel is displayed only when installing the Symantec Endpoint Protection Manager on the computer for the first time.
Check Install an additional site, and then click Next.
In the Server Information panel, accept or change the default values, and then click Next.
Accept or change the name in the Site Name box, and then click Next.
In the Replication Information panel, type values in the following boxes:

Replication Server Name The name or IP address of the remote Symantec Endpoint Protection Manager
Replication Server Port The default value is 8443
Administrator Name The account name that is used to log on to the console with administrator user rights
Password Provide a password that is associated with the Administrator Name that is specified

Click Next.
In the Certificate Warning dialog box, click Yes.
In the Database Server Choice panel, choose on of the following and click Next

Embedded Database
Microsoft SQL Server

If you chose Embedded Database in the above step, then continue with these steps, if you chose Microsoft SQL Server, move to step 14.
In the admin user panel, provide and confirm a password for the admin account. Optionally, provide an administrator email address.
Move to step 19
Do one of the following:

If the database does not exist, check Create a new database (recommended).
If the database exists, check Use an existing database.

An existing database must define file groups PRIMARY, FG_CONTENT, FG_LOGINFO, FG_RPTINFO, and FG_INDEX. The user account for database access must have privileges db_ddladmin, db_datareader, and db_datawriter.

If these requirements are not met, your installation fails. A best practice is to define a new database.

Click Next
In the Microsoft SQL Server Information panel, type your values for the following boxes:

Database server

If you created a new instance, the format is servername_or_IPaddress\instance_name.

SQL server port
Database name
User
Password
Confirm password (only when creating a new database)
SQL Client folder
DBA user (only when creating a new database)
DBA password (only when creating a new database)
Database data folder

Click Next
Provide and confirm a password for the admin account. Optionally, provide an administrator email address.
Click Next


Configuring the Symantec Endpoint Protection Manager for replication

You use the Symantec Endpoint Protection Manager Console to configure servers for replication. The administrator logon credentials are the credentials that are used at the first site that you specify for replication.

To configure the Symantec Endpoint Protection Manager for replication

On the computer on which you installed the Symantec Endpoint Protection Manager as an additional site, log on to the Symantec Endpoint Protection Manager console.
In the console, click Admin, and then click Servers.
Under View Server, expand Local Site, expand Replication Partner, right-click Site <remote_host>, and then click Edit Properties.
In the Replication Partner Properties dialog box, set the options that you want for logs, packages, and replication frequency, and then click OK.

Refer to context-sensitive Help and the Administration Guide for Symantec Endpoint Protection and Symantec Network Access Control for details about these settings.

Right-click Site <remote_host>, and then click Replicate Now.
Click Yes.
Click OK.

To add a replication partner when a site has already been replicated using the above steps
Launch the Symantec Endpoint Protection Manager console.
Click the Admin tab. Under "View Servers", select a site.
Under "Tasks", click Add Replication Partner. The Add Replication Partner wizard appears.
Click Next on the "Welcome panel", and then enter the <IP Address> or <Host name> of the server that you wish to add as a replication partner.
Enter the <port number> and the administrator's user name and password for the remote server on which you installed the SEPM.
Note: The default setting for the remote server port is 8443.


Click Next to invoke the "Schedule Replication" dialog box
Disable "Autoreplicate" to set up a custom schedule for replication:
Select the hourly, daily, or weekly Replication Frequency.
Select the specific day during which you want replication to occur in the Day of Week list to set up a weekly schedule.

Click Next when the replication schedule is configured as desired.
Click Yes or No depending on whether or not you want to replicate logs.
Note: The default setting is No.


Click Next and then click Finish. The replication partner site is added under Replication Partners on the Admin page.

No help from this manual. I think the first thing i must solve is to make that i can telnet to Sites port 8443 from HQ. Because i have ping only.

Yes, you're right, make sure that connections between the two are available. Unblock or create a VPN between them if they're on a WAN.

There is a VPN made, and everything looks connected. Just don't understand why there is no connection. It seems that something is blocking but i can't figure it out .

You need to resolve the problem from HQ to site. 

You can ping, so some traffic is getting through.  Have you created a port forwarding rule on your router/firewall to point to [ip address of SEPM]:8443? 

"I have ISA 2004 server between with a policy to allow any traffic anywhere from HQ"

What kind of rule did you create?  Any traffic does not necessarily represent any port, but rather could represent any protocol.  For example HTTP is standard on port 80.  SMTP port 25, LDAP port 389 and so forth.  Other ports, such as 8443, do not necessarily use any defined protocol, other than TCP or UDP.  Thus the need to map a "tunnel" between the nodes. 

If in this case, as you suggested, you have a VPN connection, assuming from HQ to site (ISA server), you would most likely need to map, that all requests for Port 8443 go to the IP address of the machine (defined as the SEPM).

You mentionned as well, that you could ping the machine (over the VPN tunnel?), are you able to ping by name or are you pinging by IP?  If only by IP but the replication partner is using a name to establish a connection, you made need to verify your DNS information and DNS replication. 

Do you have an AD server at HQ and at the remote site?  Are they able to replicate DNS, WINS (If applicable) and AD information?

There may be a greater issue than just not communicating over port 8443 and 2638.

One last thing, what components, if any of the SEP client do you have installed on the server of the remote site, to which HQ cannot connect?  I.E. Did you install the Firewall component on the server and we need to create a rule on the SEPM to allow traffic to port 8443 and 2638 to the machine itself?

So now i recreated the rule on HQ ISA to allow outgoing port 8443 and 2638, but no effect. DNS is working ok, and the names are resolved. What about components i only installed SEP, so i guess there is no firewall.

The biggest problem, that on the ISA server i can't see any outbound traffic from HQ to Site. Neither accepted or denied. And what about that on HQ now i have two SSC and SEPM?

I have followed the above instructions but my remote site just gets to the stage where it says replicating database with a progress bar that just keeps going back and forth. I have checked in services and there isn't even a endpoint service in their only embedded db, so I can't start the console and manualy replicate the database with replicate now.

Please help