Endpoint Protection

Hi,

I had to rebuild a SEPM server in a branch office after an OS crash. It is Windows Server 2008 R2.

I installed SEPM 11.0.6 MP1 on the server. The branch have their on SEP site, so I installed the new server using the same site name. During installation it asks to replace the site and I selected Yes.

Now all the clients at this site show has "Offline", even newly deployed clients using the "Find unmanaged computers" utility from the new server.

I tried both the sylinkreplacer.exe and http://www.symantec.com/business/support/index?page=content&id=TECH93617&locale=en_US techniques and they both failed to restore the communication.

Any help ?

if you have followed the disaster recovery  then replace the certificate , clients will communicate

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/a0edb796f583c886882574aa004c1f60?OpenDocument

follow this document to replace the file serdef.dat and sylink.bak

https://www-secure.symantec.com/connect/forums/clients-do-not-see-server-after-ru5-update#comment-3511991

Open sylink.xml of any client you will find the DomainID "xxxxxxxxx"

Then Log on to the Symantec Endpoint Protection Manager Console

Go to > Admin > Domains > Add Domain > Enter the Domain Name

Click Advanced > Copy/Paste the Domain ID --Click OK


then

× Administer the newly created NewDomainName domain.
× Delete the unused Default Domain
× Rename the new domain to Default

Alas, I did not follow DR...

The domain in the sylink.xml file of the clients is already listed and administered, since I installed the new server in the same domain than the head office, but in a different site.

I also noticed that the old server is still listed in the Admin | Servers view and it keeps showing up even though I delete it.

open sylink.xml  file

what sever and port number do u see listed? is the name new server or old server

on one client try restoring the sylink manually as per this document from new sepm server

http://www.symantec.com/business/support/index?page=content&id=TECH92678&locale=en_US

The old server and the new server have the same name, ip address and port.

I tried this procedure but the client still shows "offline".

let us know the result of the secars test also try the solution part

make sure firewall is off on both the client and the server

http://www.symantec.com/connect/forums/green-dot-missing-clients-sepm

I had to open port 8014 in the server's firewall for SECARS to work. I do not know why the SEPM setup program did not do it. Is there any other ports to open ?

After I did that, the SylinkReplacer utility restored the communication.

Thats good news!

SEPM install will not make any exceptions on windows firewall, need to create those manually ; for communication 8014 is more than enough.these are the ports used by sepm

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/edda0cd89141a6788025734e004b6a02?OpenDocument