Endpoint Protection Small Business Edition

 View Only

  • 1.  SEP 12.1 in vmWare Workstation guest client update issue

    Posted Oct 04, 2013 10:22 AM

     

    I would appreciate some help in figuring out if I am missing something about SEP or vmWare Workstation. 
     
    I'm running vmWare Workstation 9 on Win 7 Pro 64 bit. The host has 1 network adapter connecting to an old Netgear switch that does not have port security features (i.e. multiple MAC addresses on 1 port OK).
     
    The host is on a W2K3 AD network using the local addresses 192.168.1.x (main office)
    The guest is a 64bit W2K3 bridged and obtaining its IP address from the network.
     
    The guest works fine; it appears and acts as just another machine on the LAN, it can copy files to and from other machines on the network, it can be used via remote desktop from any other machine on the network, etc.
     
    The network has 3 subnets 192.168.11.x (location A), 192.168.21.x (location B), 192.168.50.x (for VPN clients).
    The network nodes are Cisco ASA 5505 routers.
     
    So with all this seemingly fine I deploy the latest version of Symantec Endpoint Protection (12.1) and distribute the SEP clients around the network, including VPN'd clients. No problem.
     
    Once in place, I find that only the host machine can contact the SEP manager on port 8014, which is what SEP uses to initiate delivery of any updates. Using network monitor, I see the packets leave other machines just fine, arrive at the host machine just fine, but they never arrive at the guest.
     
    In troubleshooting this I've tried disabling the SEP client on the host to no effect, experimented with modifications to the default firewall settings distributed by SEP, disabled the other two vnNet adapters, gone through postings here and on the vmWare boards. I did find an older post on vmWare describing a similar issue related to some older network adapters, but those are not in use here. I've read the Symantec KBs on best practices for VMs, troubleshooting network issues, etc.
     
    What it boils down to is that the 8014 packet destined for the guest can be seen arriving on the host network monitor, but not on the guest network monitor, for any machine on any subnet. Yet the same traffic arrives at the guest just fine from the host.
     
    Thanks for taking the time to read this.

     



  • 2.  RE: SEP 12.1 in vmWare Workstation guest client update issue

    Posted Oct 04, 2013 01:07 PM

    Is there any blocking showing in the Traffic log(s) on the guest(s)?



  • 3.  RE: SEP 12.1 in vmWare Workstation guest client update issue

    Posted Oct 05, 2013 07:41 AM

    _Brian, no, thanks for asking. The guest's native W2K3 firewall is turned off and the SEP client is not installed. It's just a plain vanilla W2K3 64bit instance that isn't doing anything right now but running SEP Manager.

    There is plenty of traffic between the guest and other machines on the LAN, particularly on the MS AD services port 445. So we know that the network is working as expected, it's just that the 8014 packets are somehow not making it across the bridge or evaporating when they arrive on the other side. I suspect the former because I don't see the packets in the net monitor on the guest.



  • 4.  RE: SEP 12.1 in vmWare Workstation guest client update issue

    Posted Oct 06, 2013 03:18 AM

    Windows firewall on your host network? just check if port 8014 is open between host and guest and guest to host.



  • 5.  RE: SEP 12.1 in vmWare Workstation guest client update issue

    Posted Oct 06, 2013 12:38 PM

    Thanks Rafeeq, but the windows firewall on the host machine is disabled and replaced by the SEP client's firewall.The same behavior occurs even when the SEP client on the host is disabled. This is why I suspect there may be an issue in the way VMW bridging works.



  • 6.  RE: SEP 12.1 in vmWare Workstation guest client update issue

    Posted Oct 07, 2013 04:51 AM

    your point is right, howz the bridging defined. different vlans and diff adapter for those?

    those who talk and cannot talk, whats the difference?



  • 7.  RE: SEP 12.1 in vmWare Workstation guest client update issue

    Posted Oct 19, 2013 05:05 PM

    Have you been able to get this functioning?