Endpoint Protection

 View Only
Expand all | Collapse all

SEP client loss communication with SEPM

  • 1.  SEP client loss communication with SEPM

    Posted Sep 15, 2013 09:14 PM

    Recently our SEP server hardisk have gone failure and it's located inside the virtual machine. We unable to retrive the vhd file or any database backup and server certificate. So we reinstall SEPM into new server. Can we get all the client to connect back with the SEPM server again? We have use same server name and ip address. We cannot import sylink file into each client since we have hundreds of SEP clients. Any way? Perhaps can generate server certificate somehow.



  • 2.  RE: SEP client loss communication with SEPM

    Posted Sep 15, 2013 09:17 PM

    If you're on 12.1 RU2 or higher, you can do it automatically from the SEPM using the steps here:

    Restoring client-server communications with Communication Update Package Deployment

    Article:HOWTO81109  |  Created: 2012-10-24  |  Updated: 2013-08-20  |  Article URL http://www.symantec.com/docs/HOWTO81109

     



  • 3.  RE: SEP client loss communication with SEPM

    Posted Sep 15, 2013 09:29 PM

    Unfortunately, we unable to use this method since it ask for Login Credential for default Administrator. We do not have the set the default password for client. Each client have individual login password..



  • 4.  RE: SEP client loss communication with SEPM

    Posted Sep 15, 2013 09:39 PM

    If you have a DB backup than you can do disaster recovery

    http://www.symantec.com/docs/TECH160736



  • 5.  RE: SEP client loss communication with SEPM

    Posted Sep 16, 2013 12:04 AM

    Unfortunately, we don't have any backup since all the backup is inside the failure hardisk (virtual machine).

    We did try enable automatic creation of client groups on the re-installed SEPM by editing "scm.agent.groupcreation=true" to the conf.properties file. But the client not re-appear on the SEPM client list. Any idea why? or alternate solution?



  • 6.  RE: SEP client loss communication with SEPM

    Broadcom Employee
    Posted Sep 16, 2013 01:21 PM

    Hi,

    Thank you for posting in Symantec community.

    I would be glad to answer your query.

    "scm.agent.groupcreation=true" to the conf.properties file. But the client not re-appear on the SEPM client list. Any idea why? or alternate solution?

    --> It would work if you have backup recovery file.

    As per your comment 'Each client have individual login password.'  Total how many groups were there and how many clients are listed per group.

    If you don't have a password and  recovery file then you are left with very limited options.

    What's the SEPM and SEP client version?

     



  • 7.  RE: SEP client loss communication with SEPM

    Posted Sep 16, 2013 08:50 PM

    Hi,

    --> It would work if you have backup recovery file.

    As per your comment 'Each client have individual login password.'  Total how many groups were there and how many clients are listed per group.

    If you don't have a password and  recovery file then you are left with very limited options.

    What's the SEPM and SEP client version?

     

    -- Actually we dont set client administrator password. Total client is almost 1000. So we dont think is easy job to run sylink tool on every client pc.

     

    SEPM v12.1.2

    SEPv12.1.2

     



  • 8.  RE: SEP client loss communication with SEPM

    Posted Sep 16, 2013 09:00 PM

    The only options are to replace the sylink with one from the new SEPM or upgrade to RU3 using a package from the new SEPM.



  • 9.  RE: SEP client loss communication with SEPM

    Posted Sep 16, 2013 09:07 PM

    How were these clients installed? are these in AD infrastructure or in WG?

    If you have any previous backup restore it and grab these files

    http://www.symantec.com/business/support/index?page=content&id=TECH160736



  • 10.  RE: SEP client loss communication with SEPM
    Best Answer

    Posted Sep 17, 2013 07:28 AM

    Hello,

    the SEP registration and communication is protected by using encryption key and security certificate, these are unique of each SEPM installation, this is for obvious security reasons. Being able to re-create the old security certificate is not technically possible and it would be a huge security hole.

    When you reinstall the SEPM without restoring any backup, encryption key and security certificate are different than the previous installation and SEP agents can't know them, there's no way they register into a SEPM if they are not told how to do that (i.e. knowing new SEPM's key and certificate).

    Those things are locally stored in the SEP agents, in the sylink.xml, this explains you why you need to replace that file on all clients, no workaround.

    If you can't "just" replace the sylink.xml on the clients, you have to reinstall the SEP agents (but if you can't replace a single file or run a tool remotely on multiple machines due to the exposed IT management limitations in your network, I doubt you can reinstall any software on 1000 clients in a comfortable way).

     



  • 11.  RE: SEP client loss communication with SEPM

    Broadcom Employee
    Posted Sep 17, 2013 07:32 AM

    Hi,

    Can you try to check with previous Admins if they can remember/share anything.