SEP 11.x clients fails to get definitions from SEPM
Updated: 21 May 2010 | 18 comments
I have a clients that has stopped downloading new antivirus definitions. Last virus def are of 25/08/2009. All other clients update correctly. This clients has update truescan def but not antivirus ones. Using Sylink monitor i get a very big log, the only thing i was able to see is error 12031 while updating download file list....anyone can help? secars communications is fine...
Discussion Filed Under:
Comments
Try using Intelligent Updater
you can download Intelligent Updater from here
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce
Run this and check the status.
if it fails to update, check the logs created by intelligent updater
Can u clarify these
Can u clarify these point..
How many servers you have..?
Do you have latest update in the server..?
If you don't have update in the server you can download the jdb file and update. Then see whether it updates clients.
Even after having Latest update if doesn't work, it may be corrupt.. try to clean the updates, use the following links.
Ref:
https://www-secure.symantec.com/connect/articles/h...
Check the Client server communication.
If you have windows 2K8 check the fire wall.. If its on turn it off and try ...
Ref:
https://www-secure.symantec.com/connect/articles/t...
Try to run Live update in interactive mode, you may find more details...
Ref:
http://service1.symantec.com/SUPPORT/sharedtech.ns...
Regards,
Srinivas H.P.
HCL Infosystems Ltd
i have only one server latest
i have only one server
latest update is on server, infact other clients are correctly updated.
i'm running win2008 on troubleshootig client, but firewall is disabled
i checked and on 25 august (last updats of definitions) i saw that IE8 was installed...may it be the problem?
i'm tying to use the troubleshooting communications problems guide but i can't find Sylink.xml in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\, there are files with this name only in the subfoldes (with very long alphanumerical names) of that directory, and i don't know witch one to get...
All those Long Alphanumeric
All those Long Alphanumeric folders represent a Group of your SEPM.
Say if you want Sylink.xml for Default group then Login to SEPM - Clients- highligh Default -Click on Details ( from Clients,Policies,Details,Install Package)
you will see your policy serial number just check the first 4 digit of the Pol. Serial Number then find the folder starting with digits in agent folder and then copy the sylink.xml from that folder.
You can also open the profile.xml in the Alphanumberic folder even that tells you which group it belongs to.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
i have updated using
i have updated using intelligent updater, and i have copied the correct sylink.xml in sep folder. now i'll see if it starts gaining automatically updates again or not...
sylink.xml
You can get the Sylink.xml file from SEPM console also..
Right click on the any group select "export communication settings" select path and mode. It wil create a xml file.
Regards,
Srinivas H.P.
HCL Infosystems Ltd
anyone could have a root
anyone could have a root cause on this issue? I am having the same problem, why sep client after installation and after few days the communication between sepm and sep client was disconnected, some kind of a weird problem
:-)
it still doesn' work. Now it
it still doesn' work. Now it doesn't tell me that definiotions are out of date but there is a new revision (installed revision 32, actual = revision 55) and all the clients have got it except this one...so i think the problem is still there...and i can't follow the guide cause Steps to edit the SYSTEM account proxy settings through using a Scheduled Task: doesn't work anymore as it doesn't let me run interactive tasks using system account
Are you trying to connect to
Are you trying to connect to the machine through an RDP session . If yes Please try to create task through a console session or locally
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
it is a virtual machine, so
it is a virtual machine, so i'm using hyper-v manager to connect to it...
Since you were able to get
Since you were able to get Defs other than AV, There are chances that AV defs got corrupted and sometimes IU can fix this.
Since you have the latest defs now, you might have the issue solved.
:)
no no, it itsn't solved, it
no no, it itsn't solved, it stial hasn't downloaded latest definitions from manager server...
I looked through the sylink
I looked through the sylink log.
I found
09/09 06:00:16 [1660] <SendRegistrationRequest:>SMS return=468
09/09 06:00:16 [1660] <ParseHTTPStatusCode:>468=>468 Request not allowed
could you please tell me which version of sep is insatlled?
also you may have look to this :
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008103009471548
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Try this How to clear out
Try this
How to clear out corrupted definitions for a Symantec Endpoint Protection Client at
http://service1.symantec.com/SUPPORT/ent-security....
Title: 'Using the "Rx4DefsSEP" utility'
Document ID: 2009032409384048
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009032409384048?Open&seg=ent
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
version is
version is 11.0.4000.2295
i'll try it
Admittedly a voo-doo cure,
Admittedly a voo-doo cure, here, but I've posted voo-doo cures here before and they've been marked as The Solution. You never know where your next 25 Connect Points are going to come from, so FWIW...
We had the same situation. One SEP client absolutely would not update virus defs (Only AV is installed. This was a server, so I don't know about TrueScan.) Tried a lot of the same things you've tried, including suggestions posted here.
And opened a support case with Symantec. Burned a BUNCH of time on that, of course, but nothing changed. And then--
--I discovered that another Symantec product, Backup Exec for Windows Servers 12.5's Remote Agent, was failing on this machine. Uninstalled, reinstalled, and patched to the latest of (many) RAWS patches. And not only did RAWS work, SEP immediately started working again, too, all by itself!. And then I realized that the problem was RAWS. Don't know how or why, but that doesn't matter so much.
Reported my findings to Symantec, with the caveat that I wanted to monitor it for a few days. They IMMEDIATELY closed the case without asking for my consent. I admit, that annoyed me a bit, and still does. But in the end it was OK, I guess, because it turned out it really WAS fixed by messing with RAWS. SEP hasn't missed a definition since.
So if you have RAWS installed on this machine, mayve even if it's working, as ours was intermittantly, consider removing RAWS and reinstalling it.
HTH
Yep, on that machine is
Yep, on that machine is installed backup exec system recovery for windows, not only the agent but the manager too...i had a very few time today, tommorrow i'll try all this suggestions...
I would suggest going through
I would suggest going through these two documents in full to be sure full content delivery communication is in order:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008092511045348
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008091613592648
Cass Averill
Install and Migration Docs for SEP 12.1
Install and Migration Docs for SEP 11
Would you like to reply?
Login or Register to post your comment.