Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP CLIENT 11.0.5 Win64 Connect to Outside Management Server

Created: 09 Mar 2010 • Updated: 21 May 2010 | 13 comments
This issue has been solved. See solution.

Cant You help me Please

My SEP Client connect and Manage foreign management server

I have problem with sep client 11.0.5 Win64.
1-  when Click hepl & Support >  Trobleshooting > Management > server 10.6.42.159
     (ip address 10.6.42.159 is foreign number not from my management server) My server 192.168.0.1
 2- Open SEPM >home > Top source Attack :
   

  Attacking Host Number of Attacks Percent
 
10.6.42.159 10 76.9%
 
216.239.61.100 2 15.4%
 
216.239.61.104 1 7.7%
Total 13 100%

2-Ceck via Dev Viewer tool we found strange device (with red colour) 

   ROOT\LEGACY_NULL\0000
   [class name]: <Unknown>
   [guid]: {8ecc055d-047f-11d1-a537-0000f8753ed1}
   [device id]: ROOT\LEGACY_NULL\0000
   [MFG string]: (null)
   [provider]: <Unknown>
   [driver data]: Not Available
   [driver version]: <Unknown>
   [hidden device]: true
   [Disabled]: false
   [PNP device]: false
   [can be disabled]: true
   [device node]: 0x1f08

someone help me please

Comments 13 CommentsJump to latest comment

P_K_'s picture

Replace the sylink on the client

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}

1. Copy of the file Sylink.xml from the server from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\

2.  On the client computer , click Start > Run, type smc -stop, and click OK.

3.  Copy the Sylink.xml into the C:\Program Files\Symantec\Symantec Endpoint Protection folder, and replace any existing Sylink.xml file.

4. Click Start > Run, type smc -start, and click OK.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
abdi_cinta's picture

i try same  method before send this message (i try sylinkdrop on 1 week)

export communication setting then replace xml file using sylink drop report sucsess replace
but after 1 day my client reconnect this strange address

i have change c:\windows\system32\drivers\ect\hosts to & define my local server & client, but same fail, after one day sep client reconnect foreign address to.

ip addres managing  my client, report as  attacker host on spem.

abdi_cinta's picture
 
 
 
 
 
abdi_cinta's picture

SEP CLIENT 11.0.5 Win64 Connect to Outside Management Server

To Symantec & All Friend on this forum

I am try all method this forum but fail. SEP Client Win64 reconnect  outside  from management server.

but essential problem location  was found, locate on SEPM Policy > Policy Components > Management Server List >Prioryity 1> 
How to Modify or Delete this List Content because Tab  Protected From Delete Or Modify.

Aniket Amdekar's picture

You can create an install setting where the radio button for "Reset client server communication settings" is checked.

Then you can export an install package with this setting. Deploy this package to the machine and let us know if that works.

I think the issue you are facing could be due to corrupt information in registry for the SEPM IP address at the following registry location.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink

Aniket

AravindKM's picture

Go to one working PC.Take a copy of sylik.xml and serdef.dat (Both will be in C:\Program Files\Symantec\Symantec Endpoint Protection).Replace it in the problematic client after removing the original files along with it's backup files.Reboot the PC and Try.. 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Rafeeq's picture

on the problomatic machine remove sylink.bak, sylink.xml, serdef.dat and serdef.dat.bak ( can  take a copy if you like)
replace all four from a client machine files which is working fine.

abdi_cinta's picture

Thank's  i will try all method from this forum, and just wait on 24 our to ensure success or fail.

abdi_cinta's picture

To Symantec & All Friend on this forum

I am try all method but fail. SEP Client Win64 reconnect  outside  from management server.

but essential problem location  was found, locate on SEPM Policy > Policy Components > Management Server List >Prioryity 1> 
How to Modify or Delete this List Content because Tab  Protected From Delete Or Modify.

Rafeeq's picture

you cannot modifiy or delete the default one, if you  have added other list then uncheck inheritence from the clients group and you can edit that.

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/e2ac3b646ae21969882573c20063533f?OpenDocument 

AravindKM's picture

As Refeeq told create a new management server list with proper server IP address and port no.Then assign it to the groups . 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

abdi_cinta's picture

Thank's To Symantec Support & All Of Friend on www.secure.symantec.com Forum.

Now my SEP client  Win64 Connect to My SEPM server with correct IP Address.

Solution :
- Renew  Management Server List Policy
- All IP/Client Excluded from Intrusion Prevension
- Add IP Host List Policy

then i see my client sucsess, connect to management server with green Indicator on system tray.

just leave small problem, after create new management server list & assign,
unable to delete default management server list policy  as old list, uncheck inherit tab modify & delete steel inactive,
May be  Corrupt Regestry Or File System, Should i running Symantec Regestry Fix tool ?. 

Thank's to All Idea & Mtehod

Rafeeq's picture

you can delete your Default list , when its not in use on any of the groups, the location use count should be 0 only then you can delete.

Good to hear that your issue is resolved. Please mark the post as resolved.