Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SEE Endpoints unable to connect

Created: 27 Sep 2012 | 6 comments


I just recently set up a Symantec Endpoint Encryption Server.

We have elected to install the Syamntec Endpoint Encryption Manager on this machine as well.

We have also elected to use SQL for authinticaiton. 

I went throught the process's required during the install and created the required accounts.

I succsessfully created the SEE Framework Installer and SEE Client Installer.

The succsessfully installed on our test machines but they aren't called  back to the server.

I started trouble shooting and I think it may be the ISS Client Account that is causing the issue.

When creating the Framework installer package it asks me for the Communication information I supply the sql comunication credentials and it fills out the required information for me. It provides me with a server link. Along the lines of "http:SERVERHERE:80/GECommunicationWS.asmx" If i go to this location via a web browser it asks me to log in. I provide the ISS Client Login Information but it just comes back to the same screen.

So my question is and Please correct me if im wrong, Since I am unable to log into this console using the ISS Client account information it means the account was set up incorrectly. Thus explaining whey the clients aren't able to contact the server.

If I misintrupreted this information or I have made a mistake please feel free to correct me. Or if I did not provide enough detail for you to help me.

Comments 6 CommentsJump to latest comment

SMLatCST's picture

The SQL Account should only be used within the "SEE Configuration Manager" to establish the SEE server's communications with the SQL database (even if using Windows integrated authentication to SQL, it should be a different account than that configured in the 'Web Server Configuration' Tab).

The credentials used for the clients to check into IIS is normally recommended to be a domain user account with minimal rights.  This account is what is defined within the 'Web Server Configuration' tab of the 'SEE Configuration Manager', and is the account you enter the credentials for during the last step of the SEE-Framework Client package creation.

Remember that you can always attempt further troubleshooting by enabling IIS logging or by checking out the EAFrmCliComm.log file on the client (found under C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\TechLogs).

Once you've sorted out the issue and the credentials match, you'll likely need create another new Framework Client package and perform an inplace upgrade/reinstall using the reinstall=all reinstallmode=vomus switches (see upgrades section of the implementation guide).

phaugland's picture

Thanks for the segestions. Not quite sure what was the issue, but the networking team changed something and the connections were able to be made. 

phaugland's picture

I did have one more question regarding this topic. 

What is "http:SERVERHERE:80/GECommunicationWS.asmx" is this just an xml file for communication from endpoint to server or something more?

Thanks again.

SMLatCST's picture

As far as the page GECommunicationWS.asmx goes, the extension suggests this is an ASP.NET web service, but yeah, this is what clients connect to "talk" with the SEE Server.

It can also be used to test/simulate client communications fas per the below article:

SMLatCST's picture

No problem, I hope some of this helps!

As always, it'd be much appreciated if you could mark any posts you find helpful with a "Thumbs Up" or as the solution wink