Video Screencast Help

SEP 11 MR-1 Installation or Upgrade

Created: 30 Dec 2007 • Updated: 21 May 2010 | 15 comments
Does anyone here upgraded or installed the SEP 11 MR-1? If so, please post here to share.

Comments 15 CommentsJump to latest comment

Josie's picture
I have done this, i had to download both cd's.  Then recreate client install packages.  However now i'm noticing that my virus definitions are not updating, the last ones i have are from 12/28/07. which i don't think is the latest.
Csring's picture
I also would prefer someone else be the test subject as the first try was disasterous. 
 
Hows it look?  any use in trying again.  Is it sped up at all server/client side?  The original whether it had other errors or not, was going to be a no go just on the slowness, and we have better than the minimum requirements.
0WN3D's picture
Worked great in both virtual and production environments.  Can you please elaborate on "went horribly wrong"?  I updated the manager first, then the clients.
 
omidi's picture
after upgrade SEPM "Virus Definitions Distribution" Section dont show anything. any suggest
 

http://www.zshare.net/image/6073847da23588/

 



Message Edited by omidi on 12-31-2007 09:27 PM

Michael Tsang's picture
Except that section I can't veiw the Risk section; and seems all gifs or jpegs on the reports also can't display. Symantec are still checkiing what's wrong during upgrade.
omidi's picture
i notic that in "Monitors" section also "Risk Distribution by Attacker " display No information.
 
any help or suggestion from symantec support?
 
doutingtomas's picture
Hi guys
We have the same kind of issue as Josie described
If anybody could figure out how to get clients updated with virus defs after MR1 deployment on the Server
On the cliens side under Help and Support it says Server is Offline
 
Original issue:
Server ran out of disk space filled up with definition updates
Clean up did not help cause it started refill it all over again
Backup server db and uninstall using the SEPCleanWipe
Install of SEPM MR1 and succesful download of updates
Clients stoped getting updates
Last def on the client  Dec 28/2007
 
 
dollars2donuts's picture

I have installed the new version and it did fix our most pressing problem which was the 802.1x authentication problem with unmanaged clients.  The problem I'm having now is with updating the client software.  The new client doesn'ts seem to install cleanly over the existing client.  Sometimes it just doesn't work and other times it seems to work but keeps the old version number ( 11.0.780 instead of 11.0.1000 ).  I've had the best luck uninstalling the local client, then running a clean utility provided by Symantec, then trying to install the new version but even that isn't fool proof.  I'm about to open a support call on it.  I'll post what I learn.  If you have to do this with a lot of clients, good luck.

Just in case you didn't see this on your own (I couldn't find it in the download documentation) here is a link to the instructions for upgrading from 11.0 to MR1.  Follow them or you could really screw something up:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007122711551348
 




Message Edited by dollars2donuts on 01-21-2008 12:22 PM

Message Edited by dollars2donuts on 01-21-2008 12:23 PM

M Strong's picture
I've been considering upgrading to MR1 after finding out that it's release was designed to correct some of the slowingdownmyserver problems that multiple people seem to be having.  I'm also under the impression that the SEP client is causing incredibly slow (up to 1 minute) logon times for client and server desktops alike.
However, after reading this thread, I'm a bit wary of updating to MR1 just yet due to the further issues that some of you seem to be experiencing.  I'm subscribing to this thread to listen for updates from some of you who seem to be having troubles.  I may just wait for MR2 and deal with the slow logon times for now.
Any more news on anyone's troubles?

-M

SKlassen's picture
Upgraded when it first came out.  Although there are still some issues with MR1 (which also existed in the original release version), they are fairly minor compared with the dozens of issues that have been fixed with MR1.  There's a KB article on the main Symantec site that lists the fixes  Some of which were absolutely crippling in a business environment.  There's only one verified new bug in MR1, which has to do with Outlook and the SEP Outlook filter for which you can get a small patch from the Symantec Public FTP.
 
I installed SEP the first week it was released, then MR1 the second it was available.  I got the joy of suffering through many of the bugs in the program.  Here's my thoughts on upgrading or not.  MR1 still has some annoying little issues, but the original release was a ticking time bomb waiting to go off and lock up communications with your servers.  Original SEP cost my company probably 10 production hours worth of business.  With MR1, the problems that caused those are gone and it has contributed to no production time loss for our staff.  As a tradeoff, I'll take a couple of charts not displaying properly in the admin console rather than Domain Controllers and File Servers locking out communications randomly any day of the week.  :)
 
That being said, I did go through the server portion of MR1 twice.  The first was an "upgrade".  The uninstaller for original release left behind quite a bit of buggy stuff, which caused the MR1 upgrade to be buggy as well.  Then I had to uninstall completely.  First I using the uninstaller.  After a reboot, I used the manual uninstall process article in the KB to hunt down remaining bits left behind.  Also searched around the hard drive and the registry to find undocumented bits.  Rebooted again.  Then I installed MR1 "fresh", not worrying about restoring the previous database as I didn't know what in there might be good and what might be bad.  Then I did all the configuration and tweaking I wanted to do with the new SEPM install.  Finally I pushed out the new MR1 client package to all of my systems using the "find unmanaged" tool.  They all upgraded fine and SEPM MR1 has been running smoothly.
 
The problem isn't that MR1 has issues, it really comes down to the original SEPM was so massively buggy and awful that it "poisons" the machine it was installed on, almost guarenteeing that an upgrade to MR1 would be difficult and buggy.
 
As time goes on, your also going to have more and more problems getting decent support with the original version.  Symantec updated all of their internal systems the second that MR1 passed Q&A and most if not all of the regular contributors to this board updated as soon as possible because we knew the really bad issue would be fixed.  I know when I offer advise to someone on this board, the first thing I now ask is if they are running MR1.  If not, I tell them to install MR1.  If they want to remain with original release, then I can't assist with their issue anymore. 



Message Edited by Scott Klassen on 02-08-2008 04:15 PM

dfhbac0's picture
I have and we still have issues:
  • semsvc.exe after about a week goes to 50%+ cpu.   When a scheduled scan starts with it and other Symantec processes, cpu goes to 100%.
    • once semsvc.exe goes into this mode it is not possible to log onto SEPM
    • The gold shield no longer has a green dot when this happens
    • Server must be re-booted to solve the problem.  So re-boots of the SBS server are occurring on a weekly basis.  This sucks.
  • when a client (laptop) changes location
    • takes a long time for the green dot to appear on the shield
    • client does not switch to new location
      • if client is re-booted a second time at the new location then a location switch occurs.  go figure.
  • Clients' Event Application Log gets "LiveUpdate returned a non-critical error.  Available content updates may have failed to install."   Event ID:13.  Source: SescLU.  These occur approx every hour.
  • There are burst of information messages in the Event Appliction log "Information Level: success Rolling back the schedule; execution will occur at approximately 5:53 PM."   Event ID: 101   Source: Automatic LiveUpdate Service.  These occur approx every 5 mins when these bursts occur. 
  • Client Management System Log occasionally gets "The Network Threat Protection is unable to download the newest policy from the Symantec Endpoint Protection Manager."  This usually occurs around a boot time of a client.  This appears to be a timing issue.
  • Client doesn't always select the correct location. This is for a desktop that does not move location.   Rare but it occurs.
  • TruScan System Log once genrated "TruScan has generated an error: code 14: description: CAL Failure".
  • On the server, Applicaion Event Log gets we get  Secars log errors
    • Event ID 4096 Create log file error
    • Event ID 4097 Failed to start Radius server.  The radius port may be used by another process.
    • and no we do not use Radius server.

I have a case open for all this and have run the SymBatchSEP.exe tool twice and supplied the output.

I'm still waiting.....waiting....

 

Michael Tsang's picture
To me SEP is still not too stable; up-to today I have over 1200 clients and increasing. Still very hard to get the clients upgrade to MR-1. I have MR-0 before and after upgrade the MR-1 the database is corrupted (I use SQL 2005 on a seperate server). Symantec engineer takes 3 days to found out the problem and fixed for us. After that all SEPM servers are working fine (I have 3 SEPM servers).
 
But one thing for sure is I don't like install the SEP client to the Windows 2003 servers because the SEP clients have lots of conflict even with Backup-Exec softwares. As we have so many remote sites that everyone of them have a F&P server and work with GUP for distributing the definitions. BTW, I have ask Symantec many times that do we know the GUP is working or not.
BlackFog's picture

@Edmond Dantes: Look here: Anyone have the link for MR1?

@omidi: If u havent found it youself look here: Home, Monitors screen show empty framed boxes



Message Edited by BlackFog on 02-14-2008 12:27 PM

BlackPlague's picture

All,

If you have not upgraded to the MR1 release, I suggest that you do not do so. I have many reasons for stating this, but the biggest is the MR1 release will not work with any version of the Checkpoint VPN client. There was an issue with the Checkpoint client pre-MR1 but you could work around it by uninstalling both Checkpoint VPN and Endpoint Protection and reinstalling. This, or any other scenario will not work with the MR1 release. This issue was reproduced by Advanced Technicians at Symantec on 1/11/08. So, 24 business days later, I still have no resolution.

Also at issue is Network Threat Protection and Truscan (formerly Proactive Threat Scan). If you create an installation package and specify ONLY antivirus and antispyware, the Truscan component will still be installed. I know this because I get eventlog messages of Truscan heuristic scan or load failure (which were PTS messages pre-MR1). You will also notice a prompt for a reboot for a Network Threat Protection patch even though it is not part of your installation package. You can duplicate this same behavior if you perform a custom install from the CD and select only the AV/Spyware component.

In my opinion this product is not ready for a production deployment. I received an email from support last Thursday 2/7 that the Checkpoint VPN issue and the Truscan are related and a new Maintenance Release was due in 10 to 14 days. That is the latest info I have.

I have found Symantec support to be of little help unless you can get your case escalated, wherein you get assistance by the Advanced Technicians. They know the product much more thoroughly.

Hope this helps!