Endpoint Protection

Hi, we have a server running SEPM 11.0.6100.645, we had about 1200 SEP 11.0.7000.975 managed by the server. We have recently setup a new server running SEPM 12.1.2015.2015, I have used the client deployment wizard to update communication settings to point some SEP clients to the new server but not update the client version. I used Remote Push, Search Network\Find Computers, imported a list of 90 PCs, moved them over from "Available Computers to "Update communication settings on", put in my domain admin account, all PCs passed the "testing connection" test, clicked Next, then Send.
I then get the "Deploying Client Remotely" box, only 26 out of 70 succeeded, but I'm not sure why. The columns "Deployment Status" and "Communication Update" box have crosses in them. What troubleshooting can I do to figure out why this is failing for so many PCs?
Or is there a better way to do this? This way sounded easy, but should I be just replacing the sylink file instead?

If a client fails the "testing connection" test, I get this link http://www.symantec.com/business/support/index?page=content&id=TECH91715 for troubleshooting, those clients don't make it to the next step though (mine failed cos they were off).
Server OS = Server 2008 R2, client OS = Windows 7 with some SP1 (I've checked, the successful ones are a mix of SP1)

Thanks
Gareth

have you checked the install log on the failed clients? have you restared the clients?

the location of Sylink is different in 11.7 and 12. thats why the deploy communication settings failed.

use this tool to replace the communication setting for 11.0.7 clients

https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Hello,

Kindly share the SEP_INST.LOG file from failure system.

The below article details what to look for to get a client ready to "receive" the  communications package push attempt (you can get to this by clicking through a couple of the links in the communications package udpate article)

http://www.symantec.com/docs/HOWTO80805

Generally speaking, the most common issues are:

• firewall is blocing the connection
• remote registry service is not started on the recipient/target endpoints
• permissions
• Admin$ is unavailable

As an aside, I've always found using SylinkDrop mroe reliable, as it is initiated by the endpoint and I tend to distribute it via script.  Much like the one below (which I've posted a few variations of, all over the forums ):

On a PC that failed, c:\windows\temp\SEP_INST.LOG was not touched, I understand there might also be a log file in %temp%? Would SEP_INST.LOG go into the %temp% of the logged on user? I doubt this, but can't see a log file in there anyway. Also no SEP_INST.LOG in C:\ProgramData\Symantec\Symantec Endpoint Protection\Logs. Thanks.

The SEP_INST.log will only appear (or be updated) if the Client Deployment Wizard manages to push across the package and initiate a run on it (in which case the CDW will also give you a green tick for that system).  As the CDW is giving you a red cross for the systems in question, it normally means it failed to push the package across.

Essentially, the SEP_INST.log file is not applicable for anything with the red cross in the CDW because it won't have progressed far enough to generate this particular log file.

Thanks all. I went through the process again and chose "Save package" instead of "Remote push", I then created a task in SMP to run SylinkDrop.exe (didn't work with -silent, but was silent anyway), the clients all updated to point to the new server. Still not sure why the Remote Push didn't work, we have the remote registy service set to manual start on all PCs, and $Admin is available, not sure about Firewall, but all PCs are the same, so odd that some worked fine.

Glad the ol' SylinkDrop worked for you!

As always, it's appreciated if you could mark any posts you find useful with a "Thumbs Up" or as the Solution 

The Communication Update Package is designed to install on both 11.0.x and 12.1.x systems.

sandra