Endpoint Protection

 View Only
  • 1.  SEP 12.1 RU2 client upgrade

    Posted Jan 31, 2013 05:14 PM

    Hi All,

    I need help trying to understand why some of our SEP 12.1 RTM to RU2 client upgrades are failing/hanging.

    Here are the details:

    -all our SEPMS are running RU2
    -we are using the client deployment wizard
    -the deployment tool shows successful for the deployments
    -the machines never update

    - After a day of no change in the SEPM console showing it's using RU2 we rdp to the given servers
    - Confirm that the client files were delivered to "C:\\TEMP\Clt-Inst"
    - Event viewer shows no entries suggesting it started or finished any install of a symantec product
    - It kicks off vpremote and creates the below log:
    PRemote.exe starting up with cmdline: C:\TEMP\Clt-Inst\vpremote.exe
    Starting service: vpremote.exe...
    Launching Command: "C:\TEMP\Clt-Inst\vpremote.exe" -launch
    The process was created successfully.
    Successfully deleted service: vpremote.exe.
    VPRemote.exe starting up with cmdline: "C:\TEMP\Clt-Inst\vpremote.exe" -launch
    Launching installation...
    Process CmdLine: "C:\TEMP\Clt-Inst\setup.exe" /s /clientremote /v"/qn /l*v "C:\WINDOWS\TEMP\\SEP_INST.LOG""
    The process was created successfully.
    Removing temporary installation source files from: C:\TEMP\Clt-Inst
    One or more files or folders was marked for delete on reboot!
    The vpremote processing has completed.

    - does not create the SEP_INST.LOG
    -check taskmanager and it shows the the setup.exe and msiexec.exe process's running but it just remains like this until you reboot the server at which point upon login back in nothing has changed from the original state of the server.

     

    any ideas!!??

     



  • 2.  RE: SEP 12.1 RU2 client upgrade

    Posted Jan 31, 2013 05:17 PM

    Check this document, specifically the piece on preparing clients for remote deployment:

    Steps to prepare computers to install Symantec Endpoint Protection 12.1 client

    Article:TECH163112  |  Created: 2011-06-23  |  Updated: 2012-01-17  |  Article URL http://www.symantec.com/docs/TECH163112

     



  • 3.  RE: SEP 12.1 RU2 client upgrade

    Posted Jan 31, 2013 06:22 PM
    I've already gone through all the prep stages as per the document


  • 4.  RE: SEP 12.1 RU2 client upgrade

    Posted Jan 31, 2013 09:08 PM

    HI,

    Check mithun comments in one of thread https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-1212-client-push-problem

    Mithun Sanghavi

    Hello,

    In the Enterprise version, you can use Upgrade Clients with Package to upgrade existing clients:

    However, the following cautions apply:

    • If you upgrade from 11.x and use Application and Device Control, you must disable the Application Control rule "Protect client files and registry keys." After the clients receive the new policy, you may upgrade using AutoUpgrade.

    • Due to possible bandwidth concerns, it is best to schedule AutoUpgrade for after hours. You can also stage and select a package on a web server when you run Upgrade Clients with Package, or you can use an alternate method to deploy the upgrade package.

    AutoUpgrade is enabled by default for SEP SBE, but you can disable it. Go to the Computers page in the management console, right-click your Group, select Properties, and then click Disable Automatic Client Package Updates.

    Reference:

    Best practices for upgrading to Symantec Endpoint Protection 12.1.2

    http://www.symantec.com/docs/TECH163700

    Steps to prepare computers to install Symantec Endpoint Protection 12.1 client

    http://www.symantec.com/docs/TECH163112

     



  • 5.  RE: SEP 12.1 RU2 client upgrade

    Posted Jan 31, 2013 11:54 PM

    Hi,

    Please follow the above comments, Hope above comments will help you.



  • 6.  RE: SEP 12.1 RU2 client upgrade

    Posted Feb 04, 2013 11:11 AM
    Unfortunately we cannot use the auto upgrade feature as our server upgrades need to be scheduled for particular change windows with approval of the server owners and not all these servers would reside in the same client group for that night


  • 7.  RE: SEP 12.1 RU2 client upgrade

    Broadcom Employee
    Posted Feb 04, 2013 11:55 AM


  • 8.  RE: SEP 12.1 RU2 client upgrade

    Posted Feb 04, 2013 12:03 PM

    I have a lab setup for testing with a server of each OS that we have. 2k3 32bit/63bit and 2k8 64bit. I also have one each of basic and full protection as well. every server fails on the upgrade.

    - i have followed every article and pent the last week searching the forums and still no luck.. Everyone thus far has been recommending all these articles to follow but most of them deal with steps to insure the actual client package gets delivered, which is not currently my issue. my package is being delivered and the install kicked off but then it just does nothing. doesn't even create the sep install log even though vpremote has started the install process.

     

    I am going to try the push deployment wizard today to see if it makes any difference.



  • 9.  RE: SEP 12.1 RU2 client upgrade

    Broadcom Employee
    Posted Feb 04, 2013 12:07 PM
    push deployment is used to push the client, correct? can SEP be installed when exe is executed on any machine where it is failing?


  • 10.  RE: SEP 12.1 RU2 client upgrade

    Posted Feb 04, 2013 12:47 PM
    so i did a few more rounds of testing.. seems to be my server 2003 builds having the issue. the upgrade wizard shows them either as successful or failure. but when i rdp to the servers they all have the client packages delivered, it's just hit or miss if they kicked off the setup.exe via vpremote. on those that got the files but did not start the install i can get them upgraded via 2 methods.. 1. running the setup.exe manually from c:\temp\clt-inst OR 2. rdp'ing to the server and then running the wizard again while logged into the server.. this has me wondering if I read this properly...... "Prepare Windows Server 2003 computers for installation using a remote desktop connection: The Symantec Endpoint Protection Manager requires access to the system registry for installation and normal operation. To prepare a computer to install Symantec Endpoint Protection Manager using a remote desktop connection, perform the following tasks: ■ Configure a server that runs Windows Server 2003 to allow remote control. ■ Connect to the server from a remote computer by using a remote console session, or shadow the console session." does this mean i have to rdp to each indivdual server 2003 box before attempting to run the upgrade wizard??