Endpoint Protection

Hi

I have just been forced to re-install our server running SEPM 11.0.4. In the same process I have had to configure the newly installed SEPM from the bottom since I didn't have a backup of the settings. This is working fine and I can see our clients are turning up in the console after they run Sylink through our login script.

Even though the clients are turning up in the SEPM console I am missing the green status icon on the actual client computers, what setting am I missing?

/Lasse

Hi

Goto SymantecManager Console=>Select Group=>Policies=>Click location specific settings=>Click Server Control=>Click Customize=>Click Display the client and Dispaly area notification.

then Right Click the group => Click Update Content.

This will work

Regards
SAMEER

Hi Sameer

Thanks for your reply.

The SEP tray icon is already shown on the client, I am missing the little green dot that is shown together with the normal SEP tray icon.

The green dot indicates that the client is communicating with the management server.

/Lasse

Hi Sameer

Just a little extra information.

If I check the SEPM console almost all our clients are reported as "Not Reporting Status" under Home=>Status Summary

Try deleting the file's sylinkex.bak and sylink.bak from the client side and replacing the sylink.xml

Hi Sandeep

I can't find the sylinkex.bak but I removed the sylink.bak and ran SylinkDrop to replace the sylink.xml with the latest version from the Outbox on the SEPM server.
The above didn't help. After running SylinkDrop it showed the green dot for a couple of seconds and then it dissappeared again.

If I check the system log on my own client computer I can see that SEP connected to the management server, downloaded the latest virus definition and then disconnected again.

If it is possible, try to push a new package on the clients.

But if you are not willing to do so, run sylink monitor tool, and check whether you can figure out the problem.

By the way, have you injected the Server Private Key into the new server? In such a case will cease the clients and server connectivity.

Hi Ghafourian

Since I re-installed our server and added SEPM I have pushed a fresh installation to a brand new notebook, and it has the exact same problem as the other notebooks.

I haven't injected the Server Private Key since I didn't know I needed to before after formatting the server and re-installing Server 2003 R2 and SEPM.

I suspect the problem might be regarding two programs on the server using the same port on the IIS. We are running Backup Exec 12.5 with Continous Protection on the same server.

I get this from SylinkMonitor:
04/16 13:31:29 [1288] <mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content..

HI Farzad

I can't connect to http://Server:8080, Explorer returns the following message:
Internet Explorer cannot display the webpage

I am quit sure that the problem is because a conflict between which ports SEPM and Backup Exec uses. When I try to open Backup Exec CPS Web Retreive site which is on port 8443 it return the SEPM site.

Since the Backup Exec is not in production on this server I will remove both Backup Exec and Backup Exec CPS and see what happens.

/Lasse

Ok,

Do this:

Try to open the link below from the clients IE:

http://(YOUR-SEMP-IP):9090

if you can see the page in the client and it opens successfully, it says that the clients do not have any problem accessing and transacting with the IIS.

By the way, you shouldn't have any problem if you having stalled a ne fresh server and re-installing on the clients.
Id the other application functioning properly?

SOrry Sorry!!!

My fault!!!

Check the link with this address:

http://(YOUR-SEMP-IP):9090

(The wrong one was 8080)

Excuse me!

See, the solution has two parts:

1- Whether there is a conflict on port: 8443. If this is occurring, you should re-run the configuration wizard and this time set the port on other ports (whatever that has no conflict with any other application)

2- The clients should be able to access the IIS. The default port is 8014. if this port is occupied by any other sites, modify it. Then you'll need to either use the sylinkdrop tool, or (easier method) reinstall the clients.

Any more detail is needed, just pass it!

It's ok, even the best can make mistakes :-)

I checked http://server:9090 but it returned the same error.

I have just removed all Backup Exec products, and afterwards I can't connect to the SEPM console :-(

If I check IIS Admin I can only see that the Symantec Web Server uses port 8014, can't see any references to either 8443 or 9090.

GREAT!!!!!

I just repaired the SEPM installation and I can now connect to http://server:9090 from a client. I get the following message:
Symantec Endpoint Protection Manager Console

I still don't have any green status icon on the clients.

I have found this link but it doesn't work.
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/9f59cecda30bb55fca257392000212bc?OpenDocument

Have you checked your server Private Key and compared it to your client private key?

On your server; where the SEPM is installed, navigate to:
[installation drive]:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\

Of course, if this is where the server is installed.  In the Agent folder, look for the last created folder by date stamp.  You should have a collection of numbers for folder names, each of these will represent your groups defined in the SEPM server.

Find one, preferably with today or yesterday's time stamp.  Open up one of these folders and you will find a file called: SYLINK.XML

Open the SYLINK.XML file with whatever application you like for text editing.

Towards the bottom of the file, you will see:  

- <ServerCertList>
   <Certificate Name="[name of your server]"> [Lots of letters and numbers representing your Certificate or private key to establish connection between server and client.]

*********************************************
On your client machine, without a green dot, extract the same file from the installation folder.

[installation drive]:\Symantec or where ever you installed it. 

In the root of the installation folder, find the SYLINK.XML file, open it up and verify the exact same thing:

- <ServerCertList>
   <Certificate Name="[name of your server]"> [Lots of letters and numbers representing your Certificate or private key to establish connection between server and client.]

***Note here, even IF you named the server the same as it was or did not change the name at all, just reinstalled, the first portion:

- <ServerCertList>
<Certificate Name="[name of your server]">

will be the same.

This serves little interest to us.  We want to Ensure that the rest of the Server Key:
[Lots of letters and numbers representing your Certificate or private key to establish connection between server and client.]

Is identical to the one the server is trying to push out.  If they differ, you must replace the file on the clients. 

First try on a single machine, using the SYLINKDROP tool, which can be found on your CD.  Take the SYLINK.XML from the server agent folder indicated above and drop it into a client. 

Does your green dot come back?

If so, use the Sylinkdeployment tool provided by Symantec.

Use Sylink Replacer, to make the clients managed.

Are you sure you're using the correct sylink.xml file in your login script?  How exactly are you trying to "run Sylink through our login script"?  How are you getting the sylink.xml file to deploy to clients?

Why not just push the clients back out?
I do this anytime I have to reinstall our server and it seems to work just fine.

I have seen the green dot appearing and dissapearing if the clients are set to denied access within the directory security for the IIS website.

Hi

To Jason1222
I have just checked the Sylink.xml on the SEPM and the client, the private key (certificate) is the same on both.

To RickJDS
I have just double checked the sylink.xml and it is the correct file. I run the following command:
SylinkDrop.exe -silent -p password "\\Server\SEP\Sylink.xml"

I have also tried doing manually on my own computer, same result, no communication between the client and server

To Monotremata
How do you push the clients back out again?
As far as I know the SEPM console don't have the option to force a re-install, but I might be wrong?

To  Sandeep
I tried adding Domain Users with Read access to the Symantec Web Server in IIS but same result!

To take it from the beginning:
I did a completely fresh installation of Windows Server 2003 R2 on this server, afterwards I installed SEPM 11.0.4014. Added SylinkDrop to our login script and waited to see what happend the next day.
The next day the clients started appearing in SEPM but the SEPM console doesn't get any status from the clients.
In between the problem solving I have had Backup Exec 12.5 with Continous Protection installed on the server, and it seemed to conflict with the communication between client and server, couldn't access http://server:9090 when running BE 12.5, then I removed it and I could access the site.

I get this in the SylinkMonitor:
04/17 08:08:07 [5072] <mfn_DoGetIndexFile200>Content Lenght => 1340
04/17 08:08:07 [5072] <mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content..
04/17 08:08:07 [5072] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
04/17 08:08:07 [5072] <GetIndexFileRequest:>COMPLETED

One suggested me to delete the SylinkEx.bak on the client but that file I couldn't find.

The following link shows which Symantec programs that have issues being on the same server ports:
http://seer.entsupport.symantec.com/docs/301077.htm

Later I found this link, which shows the workaround:
http://seer.entsupport.symantec.com/docs/279226.htm

Will try the workaround now and get back with the result.

Try thid:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/16638b5449556ae3882574c200793618?OpenDocument

Are u using the correct sylink.xml?

thats only the communication issue.