Endpoint Protection

 View Only
  • 1.  SEP 11 & SBS2008 Can't communicate with Clients

    Posted Apr 21, 2009 10:37 AM
    Hi, I've just finished setting up a new server with SBS2008 and am now trying to setup SEP 11.

    I have installed SEMP on the server OK, reconfigured live updates to use a local admin OK (as server is on an MoD secure intranet)

    Updated the server with latest updates - So Far So Good

    Next I searched for unmanaged clients and found 2, the server and a laptop I'm using as a test client.

    I selected install to client and the server said successful but the laptop failed, however after playing with the Windows Firewall exceptions settings on the client, I was eventually able to deploy to the client laptop as well.

    When I restarted the laptop it did not ask me if I wanted to use the Client Firewall instead of the Windows one, (like it always did with AV10 etc) so now I have two active firewalls !!!

    From the SEP Manager if I try to remotely scan or update either or both clients I just get an error message saying that I need to wait until the clients have logged in. If on the laptop client I try to manually update the definitions, it just says waiting for server to respond.

    I suspect that it might me the as yet unremoved windows firewall, but as it has not been automatically removed and the option to switch it off is removed and I don't know how to remove it in Group Policy, I was wondering if there was an easier way of doing it from SEPM ???

    Or is my problem the result of something else ? I found an article about if SEP & WSUS both use the default web page, but they don't appear to, each one is listed separately, so I don't know ??

    Any suggestions gratefully received.
    Regards, Dave.


  • 2.  RE: SEP 11 & SBS2008 Can't communicate with Clients

    Posted Apr 21, 2009 10:45 AM

    Are u able to post any screenshots?



  • 3.  RE: SEP 11 & SBS2008 Can't communicate with Clients

    Posted Apr 21, 2009 10:53 AM

    First, it seems to be very strange that SEP didn't disable the standard Windows Firewall. But you can always do it via Group Policy. It lies in Machine\Administrative templates\Network\Network connections, and the parameter name is "Disable Windows Firewall".

    Second, seems that the clients also cannot communicate with server from their side. As far as i know, there is quite undisableable Windows Firewall in WIndows 2008. Have you set up proper ports/programs exclusions for SEPM on server side?


  • 4.  RE: SEP 11 & SBS2008 Can't communicate with Clients

    Posted Apr 21, 2009 11:06 AM

    The only article I could find on disabling windows firewall related to server 2003, SBS2008 appears to be quite different and I really did not want to change something unless I was certain I was changing the correct thing.

    I can confirm that clients don't appear to be able to comunicate with server and server can't see the clients are logged in although it can see the clients otherwise it would not have been able to deploy the client software to them.

    I don't understand "there is quite undisableable Windows Firewall in WIndows 2008" ??? but I don't think I have made any changes to server firewall.... I will go and check / set those now.

     

    Dave



  • 5.  RE: SEP 11 & SBS2008 Can't communicate with Clients



  • 6.  RE: SEP 11 & SBS2008 Can't communicate with Clients

    Posted Apr 21, 2009 11:26 AM
    Go to Symantec site & go to knowledgebase where everything are available it will be very much helpful.


  • 7.  RE: SEP 11 & SBS2008 Can't communicate with Clients

    Posted Apr 30, 2009 01:34 PM
    I assume that your SEPM is installed on the port 8014 [ you can check that in IIS manager ].

    You need to create a TCP exception for the port 8014. Then you can do an "Update Policy" on the clients and check if there is a green dot on the SEP shield icon.

    Cheers,
    Aniket Amdekar


  • 8.  RE: SEP 11 & SBS2008 Can't communicate with Clients

    Posted Apr 30, 2009 01:39 PM
    Hello,

    Have you tried running the Symantec support tool?

    http://www.symantec.com/techsupp/home_homeoffice/products/sep/Sep_SupportTool.exe

    Thomas