Endpoint Protection

 View Only
Expand all | Collapse all

remote install, managed client problems

Migration User

Migration UserJul 28, 2009 06:30 AM

  • 1.  remote install, managed client problems

    Posted Jul 28, 2009 06:27 AM
    Hello there,

    currently im having some strange behaviour at one of my remote locations that uses managed antivirus clients.

    When i install a new managed client at on of my remote locations the remote client install goes without any problems.
    However im noticing this client wont get "managed" options that i closed on the server are open to change, parent server and client group is empty.

    Anyone has any idea how this can happen? other clients on this location show as managed and dont have problems.
    I also installed a new managed client on another location with the same management server and that shows up as managed so no problems.

    Regards,

    LEVD




  • 2.  RE: remote install, managed client problems

    Posted Jul 28, 2009 06:30 AM
    Is this happening on a group or only 1 client?


  • 3.  RE: remote install, managed client problems

    Posted Jul 28, 2009 06:36 AM
    To test connectivity from a client to the Symantec Endpoint Protection Manager (SEPM), type the following URL In a web browser:

    http://<SEPM_Server_IP_or_Machine_Name:Port>/secars?hello,secars

    Example: http://10.0.2.2:8014/secars?hello,secars

    A successful connection returns a web page that displays "OK."

    Are none of the clients communicating with SEPM or just a few?

    If No client can communicate with SEPM, then probably, its a network issue. Please check if Windows Firewall is enabled on server. You may want to open port 8014 o the server as well as on the perimeter firewall/routers.

    Cheers,
    Aniket



  • 4.  RE: remote install, managed client problems

    Posted Jul 28, 2009 06:37 AM
    If you go to Help & Support->Troubleshooting , and you see that the server is offline, and there is not info available for Server or Group, [its blank] then open a ticket with support and get this addressed immediately.

    Aniket


  • 5.  RE: remote install, managed client problems

    Posted Jul 28, 2009 06:44 AM
    if this is on only 1 client, I suggest you to repair SEP on control panel Add/Remove Programs, is there a green dot on the SEP icon at the system tray?


  • 6.  RE: remote install, managed client problems

    Posted Jul 28, 2009 07:20 AM

    1. Check if the windows firewall is turned off or not.

    2. Check your proxy settings in IE (Make sure that the client has the correct proxy setting if it is enabled in the network.)

    3. Take the back up of the registry and delete 

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connection\SavedLegacySettings

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connection\SavedLegacySettings

    4. Reboot the machine

    5.Go to run  and smc  -stop and then smc -start

    6. Check if the client is commuincating or not.?

    7. Replace the sylink.xml  on the client

        i. copy the sylink.xml from any number folder from  the SEPM  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\

        ii . On the Client go to run type smc -stop

       iii. Paste the sylink.xml to  Program Files\Symantec\Symantec Endpoint Protection 

      iv . Go to run and type smc -start

    8. If the client  has  a green dot it means it is commuincating

    Else go to downloads and run Sylink Toggle and upload the logs.
     



  • 7.  RE: remote install, managed client problems

    Posted Jul 28, 2009 07:34 AM
     Hello there,

    On the moment im having this problem with 2 newly installed clients on one location.
    I do not understand SEP or SEPM? im using Symantec Antivirus version 10.1.8.8000
    I do not have any green icons.
    I do not get a page that says ok if i use http://10.0.2.2:8014/secars?hello,secars






  • 8.  RE: remote install, managed client problems

    Posted Jul 28, 2009 07:37 AM
    as you are using SAV, you may want to replace GRC.dat on the client and see if the communication establishes.

    Also, do  a telnet on the server to check if the ports used for communication are opened or not.

    Aniket


  • 9.  RE: remote install, managed client problems

    Posted Jul 28, 2009 07:42 AM

    Seems like not many understood your question

    The suggestion so far was for Symantec Endpoint Protectin 11.0 Not for SAV 10.X

    I would like to know what do u really mean by "Manage" ?

    Can you change the parent server or group name from the Client Gui, ( not possible though)

    ment to say that client is not communicating the the primary server?


     



  • 10.  RE: remote install, managed client problems

    Posted Jul 28, 2009 07:52 AM
     By managed i mean a client on a pc that is managed by a management server ( updates, settings, etc)

    BTW: is Symantec endpoint protection 11.0 the replacement for SAV? with other word SAV doesnt exists anymore?


  • 11.  RE: remote install, managed client problems

    Posted Jul 28, 2009 07:55 AM
    To restore communication, copy the Grc.dat file and the server group root certificate from the intended parent server to the client.

    To copy the Grc.dat file to the client

    1. On the intended parent management server, copy the Grc.dat configuration file from the Symantec AntiVirus program folder.
    The following is the default location on a Symantec AntiVirus server:

    <OS drive>:\Program Files\SAV

    The following is the default location on a Symantec Client Security server:

    <OS drive>:\Program Files\SAV\Symantec AntiVirus

    For directions, read "To find the Symantec AntiVirus program folder" in the Technical Information section of this document.
    2. On the client computer, paste the Grc.dat file into the following folder:

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

    After a few minutes, the client finds the Grc.dat file in this folder, makes the appropriate changes to the registry, and then deletes the Grc.dat file.



    To copy the server group certificate to the client

    1. On the intended parent management server, copy the server group certificate file from the Symantec AntiVirus program folder.
    The file to copy has a file name that ends in .servergroupca.cer
    The following is the default location on a Symantec AntiVirus server:

    <OS drive>:\Program Files\SAV\PKI\Roots

    The following is the default location on a Symantec Client Security server:

    <OS drive>:\Program Files\SAV\Symantec AntiVirus\PKI\Roots
    2. On the client computer, paste the certificate file into the Roots folder.
    The following is the default location on a Symantec AntiVirus client:

    <OS drive>:\Program Files\Symantec AntiVirus\PKI\Roots

    The following is the default location on a Symantec Client Security client:

    <OS drive>:\Program Files\Symantec Client Security\Symantec AntiVirus\PKI\Roots


    The next time that the client checks in with the parent server, the client appears in Symantec System Center. You can force the check-in by restarting the Symantec AntiVirus service on the client computer.

    To restart the Symantec AntiVirus service

    1. Right-click My Computer, and then click Manage.
    2. In the right pane, double-click Services and Applications, and then click Services.
    3. Right-click Symantec AntiVirus, then click Restart.
    Make sure to restart the Symantec AntiVirus service, not the Symantec AntiVirus Definition Watcher service.





    Technical Information:

    To find the Symantec AntiVirus program folder

    1. On the Windows taskbar, click Start > Run.
    2. In the Open box, type the following text:

    cmd

    3. Click OK.
    4. At the command prompt, type the following text:

    net share

    5. Under Share name, find the VPHOME listing.
    The folder that appears in the Resource column is the Symantec AntiVirus program folder; it contains the Grc.dat file.




  • 12.  RE: remote install, managed client problems

    Posted Jul 28, 2009 07:58 AM
    SAV does exist
    SEP is with more features and an advanced prodcut
    You many need to check the communication from SSC to the clients
    Check this doc, most of the times it gonna be windows firewall blocking

    http://service1.symantec.com/SUPPORT/ent-security.nsf/dbe87fe9662c16ef8825734100634940/32a5afc6806ccb0c88256fd40080f023?OpenDocument

    Hope this was helpful


  • 13.  RE: remote install, managed client problems

    Posted Jul 28, 2009 08:01 AM
     ok i will try all options, firewall are off on default.


  • 14.  RE: remote install, managed client problems

    Posted Jul 28, 2009 09:06 AM
     Well i tryed some things and i got it working but i still dont know how to solve this for future remote client installs:

    I copyed GRC.dat from my server to the client folder and the client got managed and appeared in my management console.

    However i also remote installed a client on another location and this works fine so anyone has an idea why:

    on one location i can remote install a client, no errors, appears managed and in my system center,
    on another location i can remote install a client, no errors, does not appear to be managed and does not appears in my system center.?

    Both clients installed from the same management server and system center console.



  • 15.  RE: remote install, managed client problems

    Posted Jul 28, 2009 09:14 AM
    As you might know GRC is the main component for communication
    when you do the push either its not getting installed with correct info
    or its retaining the previous GRC with diff certificate thats why its not getting communicated.

    Rafeeq