Video Screencast Help

SEP 12.1 RU2 client upgrade

Created: 31 Jan 2013 | 9 comments

Hi All,

I need help trying to understand why some of our SEP 12.1 RTM to RU2 client upgrades are failing/hanging.

Here are the details:

-all our SEPMS are running RU2
-we are using the client deployment wizard
-the deployment tool shows successful for the deployments
-the machines never update

- After a day of no change in the SEPM console showing it's using RU2 we rdp to the given servers
- Confirm that the client files were delivered to "C:\\TEMP\Clt-Inst"
- Event viewer shows no entries suggesting it started or finished any install of a symantec product
- It kicks off vpremote and creates the below log:
PRemote.exe starting up with cmdline: C:\TEMP\Clt-Inst\vpremote.exe
Starting service: vpremote.exe...
Launching Command: "C:\TEMP\Clt-Inst\vpremote.exe" -launch
The process was created successfully.
Successfully deleted service: vpremote.exe.
VPRemote.exe starting up with cmdline: "C:\TEMP\Clt-Inst\vpremote.exe" -launch
Launching installation...
Process CmdLine: "C:\TEMP\Clt-Inst\setup.exe" /s /clientremote /v"/qn /l*v "C:\WINDOWS\TEMP\\SEP_INST.LOG""
The process was created successfully.
Removing temporary installation source files from: C:\TEMP\Clt-Inst
One or more files or folders was marked for delete on reboot!
The vpremote processing has completed.

- does not create the SEP_INST.LOG
-check taskmanager and it shows the the setup.exe and msiexec.exe process's running but it just remains like this until you reboot the server at which point upon login back in nothing has changed from the original state of the server.

any ideas!!??

Comments 9 CommentsJump to latest comment

ᗺrian's picture

Check this document, specifically the piece on preparing clients for remote deployment:

Steps to prepare computers to install Symantec Endpoint Protection 12.1 client

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;color: #666666; background-color:#f2f2f2">Article:TECH163112 padding: 1px;font: 12px Arial; text-align: left;color: #666666;background-color:#f2f2f2;"> |  padding: 0px;font: 12px Arial; text-align: left;color: #666666;background-color:#f2f2f2;">Created: 2011-06-23 padding: 1px;font: 12px Arial; text-align: left;color: #666666;background-color:#f2f2f2"> |  padding: 1px;font: 12px Arial; text-align: left;color: #666666;background-color:#f2f2f2">Updated: 2012-01-17 padding: 1px;font: 12px Arial; text-align: left;color: #666666;background-color:#f2f2f2"> |  padding: 1px;font: 12px Arial; text-align: left;color: #666666;background-color:#f2f2f2">Article URL

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

bbrannan's picture

I've already gone through all the prep stages as per the document

Ashish-Sharma's picture


Check mithun comments in one of thread

Mithun Sanghavi


In the Enterprise version, you can use Upgrade Clients with Package to upgrade existing clients:

However, the following cautions apply:

  • If you upgrade from 11.x and use Application and Device Control, you must disable the Application Control rule "Protect client files and registry keys." After the clients receive the new policy, you may upgrade using AutoUpgrade.

  • Due to possible bandwidth concerns, it is best to schedule AutoUpgrade for after hours. You can also stage and select a package on a web server when you run Upgrade Clients with Package, or you can use an alternate method to deploy the upgrade package.

AutoUpgrade is enabled by default for SEP SBE, but you can disable it. Go to the Computers page in the management console, right-click your Group, select Properties, and then click Disable Automatic Client Package Updates.


Best practices for upgrading to Symantec Endpoint Protection 12.1.2

Steps to prepare computers to install Symantec Endpoint Protection 12.1 client

Thanks In Advance

Ashish Sharma

Ambesh_444's picture


Please follow the above comments, Hope above comments will help you.

Thank& Regards,


"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

bbrannan's picture

Unfortunately we cannot use the auto upgrade feature as our server upgrades need to be scheduled for particular change windows with approval of the server owners and not all these servers would reside in the same client group for that night

bbrannan's picture

I have a lab setup for testing with a server of each OS that we have. 2k3 32bit/63bit and 2k8 64bit. I also have one each of basic and full protection as well. every server fails on the upgrade.

- i have followed every article and pent the last week searching the forums and still no luck.. Everyone thus far has been recommending all these articles to follow but most of them deal with steps to insure the actual client package gets delivered, which is not currently my issue. my package is being delivered and the install kicked off but then it just does nothing. doesn't even create the sep install log even though vpremote has started the install process.

I am going to try the push deployment wizard today to see if it makes any difference.

pete_4u2002's picture

push deployment is used to push the client, correct?

can SEP be installed when exe is executed on any machine where it is failing?

bbrannan's picture

so i did a few more rounds of testing.. seems to be my server 2003 builds having the issue. the upgrade wizard shows them either as successful or failure. but when i rdp to the servers they all have the client packages delivered, it's just hit or miss if they kicked off the setup.exe via vpremote. on those that got the files but did not start the install i can get them upgraded via 2 methods.. 1. running the setup.exe manually from c:\temp\clt-inst OR 2. rdp'ing to the server and then running the wizard again while logged into the server.. this has me wondering if I read this properly......

"Prepare Windows Server 2003 computers for installation using a remote desktop connection: The Symantec Endpoint Protection Manager requires access to the system registry for installation and normal operation. To prepare a computer to install Symantec Endpoint Protection Manager using a remote desktop connection, perform the following tasks:
■ Configure a server that runs Windows Server 2003 to allow remote control.
■ Connect to the server from a remote computer by using a remote console session, or shadow the console session."

does this mean i have to rdp to each indivdual server 2003 box before attempting to run the upgrade wizard??