Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP client loss communication with SEPM

Created: 15 Sep 2013 • Updated: 17 Sep 2013 | 10 comments
This issue has been solved. See solution.

Recently our SEP server hardisk have gone failure and it's located inside the virtual machine. We unable to retrive the vhd file or any database backup and server certificate. So we reinstall SEPM into new server. Can we get all the client to connect back with the SEPM server again? We have use same server name and ip address. We cannot import sylink file into each client since we have hundreds of SEP clients. Any way? Perhaps can generate server certificate somehow.

Operating Systems:

Comments 10 CommentsJump to latest comment

.Brian's picture

If you're on 12.1 RU2 or higher, you can do it automatically from the SEPM using the steps here:

Restoring client-server communications with Communication Update Package Deployment

Article:HOWTO81109  |  Created: 2012-10-24  |  Updated: 2013-08-20  |  Article URL http://www.symantec.com/docs/HOWTO81109

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

shafie's picture

Unfortunately, we unable to use this method since it ask for Login Credential for default Administrator. We do not have the set the default password for client. Each client have individual login password..

.Brian's picture

If you have a DB backup than you can do disaster recovery

http://www.symantec.com/docs/TECH160736

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

shafie's picture

Unfortunately, we don't have any backup since all the backup is inside the failure hardisk (virtual machine).

We did try enable automatic creation of client groups on the re-installed SEPM by editing "scm.agent.groupcreation=true" to the conf.properties file. But the client not re-appear on the SEPM client list. Any idea why? or alternate solution?

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

"scm.agent.groupcreation=true" to the conf.properties file. But the client not re-appear on the SEPM client list. Any idea why? or alternate solution?

--> It would work if you have backup recovery file.

As per your comment 'Each client have individual login password.'  Total how many groups were there and how many clients are listed per group.

If you don't have a password and  recovery file then you are left with very limited options.

What's the SEPM and SEP client version?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

shafie's picture

Hi,

--> It would work if you have backup recovery file.

As per your comment 'Each client have individual login password.'  Total how many groups were there and how many clients are listed per group.

If you don't have a password and  recovery file then you are left with very limited options.

What's the SEPM and SEP client version?

-- Actually we dont set client administrator password. Total client is almost 1000. So we dont think is easy job to run sylink tool on every client pc.

SEPM v12.1.2

SEPv12.1.2

.Brian's picture

The only options are to replace the sylink with one from the new SEPM or upgrade to RU3 using a package from the new SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Can you try to check with previous Admins if they can remember/share anything.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Rafeeq's picture

How were these clients installed? are these in AD infrastructure or in WG?

If you have any previous backup restore it and grab these files

http://www.symantec.com/business/support/index?page=content&id=TECH160736

Beppe's picture

Hello,

the SEP registration and communication is protected by using encryption key and security certificate, these are unique of each SEPM installation, this is for obvious security reasons. Being able to re-create the old security certificate is not technically possible and it would be a huge security hole.

When you reinstall the SEPM without restoring any backup, encryption key and security certificate are different than the previous installation and SEP agents can't know them, there's no way they register into a SEPM if they are not told how to do that (i.e. knowing new SEPM's key and certificate).

Those things are locally stored in the SEP agents, in the sylink.xml, this explains you why you need to replace that file on all clients, no workaround.

If you can't "just" replace the sylink.xml on the clients, you have to reinstall the SEP agents (but if you can't replace a single file or run a tool remotely on multiple machines due to the exposed IT management limitations in your network, I doubt you can reinstall any software on 1000 clients in a comfortable way).

Regards,

Giuseppe

SOLUTION