Video Screencast Help

SEP Client unable to connect to management server across VPN

Created: 16 Nov 2009 • Updated: 23 May 2010 | 31 comments

This issue is driving me insane.

I'm running version 11.4202.75.

I work remotely and have the endpoint client installed on my laptop, I connect to our network using the standard MS VPN.

Because I only want to use the VPN for traffic that applies to the corporate LAN I have  the "use gateway on remote network" option unticked.  When I do this however, the SEP client's green
"connected" light goes out and it stops recieving updates from the server.  If I have the "use gateway on remote network" option ticked, the light comes back and all is well.  Except I can't work like this because all my internet traffic gets sent to the VPN tunnel instead of using the local route.

I've been to the Symantec forums and they've advised using the SylinkDrop tool to reset the connection to the server.  Done this and it didn't help.

Anyone have any idea how I can get this to work?  I should note that in exactly the same circumstances on XP, it works without any issue.

The SEPM is running on the server that's set up as the VPN server.

Comments 31 CommentsJump to latest comment

pete_4u2002's picture

can you post the sylink monitor logs from the client machine while it is supposed to be connected to SEPM by VPN?

Log might reveal the information the reason it i sunable to connect to SEPM.

Gabriel Valentine's picture

Here it is.... it's bloody long though.

11/17 17:18:37 [2872] <CSyLink::mfn_DownloadNow()>
11/17 17:18:37 [2872] </CSyLink::mfn_DownloadNow()>
11/17 17:19:00 [1496] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
11/17 17:19:00 [2876] AH: (InetWaiting) urgent exit event on InetCtrlBlock: 02F4F1B0
11/17 17:19:00 [2876] Throw Internet Exception, Error Code=997;AH: failed to send request...
11/17 17:19:00 [2876] <MaintainPushConnection:>COMPLETED
11/17 17:19:00 [2876] <ScheduleNextUpdate>new scheduled heartbeat=32 seconds
11/17 17:19:00 [2876] HEARTBEAT: Check Point 8
11/17 17:19:00 [2876] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
11/17 17:19:00 [2876] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
11/17 17:19:00 [2876] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 17:19:00 ======
11/17 17:19:00 [2876] <IndexHeartbeatProc>Set Heartbeat Result= 2
11/17 17:19:00 [2876] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 0, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
11/17 17:19:00 [2876] Use new configuration
11/17 17:19:00 [2876] HEARTBEAT: Check Point Complete
11/17 17:19:00 [2876] <IndexHeartbeatProc>Done, Heartbeat=32seconds
11/17 17:19:00 [2876] </CSyLink::IndexHeartbeatProc()>
11/17 17:19:00 [2876] <CheckHeartbeatTimer>====== Heartbeat loop stops at 17:19:00 ======
11/17 17:19:33 [2876] <CheckHeartbeatTimer>====== Heartbeat loop starts at 17:19:33 ======
11/17 17:19:33 [2876] <GetOnlineNicInfo>:Netport Count=2
11/17 17:19:33 [2876] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.81" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
11/17 17:19:33 [2876] <CalcAgentHashKey>:CH=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/17 17:19:33 [2876] <CalcAgentHashKey>:CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/17 17:19:33 [2876] <CalcAgentHashKey>:C=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net
11/17 17:19:33 [2876] <CalcAgentHashKey>:CKey=699F25EA15A348EC340E1C88D457724A
11/17 17:19:33 [2876] <CalcAgentHashKey>:UCH=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/17 17:19:33 [2876] <CalcAgentHashKey>:UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/17 17:19:33 [2876] <CalcAgentHashKey>:UC=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net
11/17 17:19:33 [2876] <CalcAgentHashKey>:UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/17 17:19:33 [2876] <DoHeartbeat>HardwareID=5EC2F53FE5E1861CF3A205ED08C3A5FA
11/17 17:19:33 [2876] <DoHeartbeat>CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/17 17:19:33 [2876] <DoHeartbeat>CKey=699F25EA15A348EC340E1C88D457724A
11/17 17:19:33 [2876] <DoHeartbeat>UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/17 17:19:33 [2876] <DoHeartbeat>UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/17 17:19:33 [2876] <DoHeartbeat> Set heartbeat event
11/17 17:19:33 [2876] Use new configuration
11/17 17:19:33 [2876] <CSyLink::IndexHeartbeatProc()>
11/17 17:19:33 [2876] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 02FAF8D0
11/17 17:19:33 [2876] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 17:19:33 ======
11/17 17:19:34 [2876] HEARTBEAT: Check Point 1
11/17 17:19:34 [2876] Get First Server!
11/17 17:19:34 [2876] <GetFirstServer> Using server 'exchange2'
11/17 17:19:34 [2876] HEARTBEAT: Check Point 2
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
11/17 17:19:34 [2876] HEARTBEAT: Check Point 3
11/17 17:19:34 [2876] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
11/17 17:19:34 [2876] HEARTBEAT: Check Point 4
11/17 17:19:34 [2876] <IndexHeartbeatProc>===Get Index STAGE===
11/17 17:19:34 [2876] ************CSN=27
11/17 17:19:34 [2876] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=D7DA6A8DC0A8A8C9013BC30A30036475&chk=4E6313D06F2BB70FB75CCBCD71F04A86&ck=699F25EA15A348EC340E1C88D457724A&uchk=DE3D153FD54C95FEA534B4015C5004FB&uck=C73BF2BA462EF0900A38F47ABBFA3FB6&hid=5EC2F53FE5E1861CF3A205ED08C3A5FA&groupid=522A30AAC0A8A8C90054F742E2D7BCD7&mode=0&hbt=300&as=27&cn=[hex]416C6578&lun=[hex]616C6578616E6465722076616C656E74696E65&udn=[hex]43414C4C495354412E4E4554
11/17 17:19:34 [2876] <GetIndexFileRequest:>http://exchange2:80/secars/secars.dll?h=3E6764337DD7499596FA0169D432188061F8E4B4E315CD5E7590C36D303BE1085D3077281646EC50939EBC072538E2B89481C5F6D6A5405BD31753B217640F9CB9F44065F4950BB84E6D33023E32D45B33B7BD7471EC49E1EF61E87EC44EBF0F17EED6E26380FC0F24F5CE0A7B68ACE6C865D280A02BFA396B78247BF9EE65D60BC30C550F7876E196D0810994010E794226A4CE0FEA8A892EAF6C0A1945490EA75DFCF66F96AD0D6AF4888DBA7F0FB14D376A0C51F6BC93FFEE3FE2A552669924637696DB7D24FB30E4D50E62408414F43A0787FB77C5310742E338FF742923DABD0C371B2E601E99F8C986243D087D8375B73EF369B8D26713ECA43FFDB5608DAA7602DE1BA7959ED6E2C513C31C07AEF1F15FF301884E21CA7EE6C918A6B69A051E0FE84666784E68C380ACA2854501C8639C5558A9AB3DC822D1B4BC8204002AF2EB91187DDDBF5582108332DD25549AC3187117262458D43580ADF20E333E6FE3278BE83ECF99656C2225C55DB0E1390D077F2ADAA59F49EB633A7740FB42061A823E2008D34FF48E2D77AEA242D50C5FB9891E700FD31C81B0FBF9C0C2
11/17 17:19:34 [2876] <GetIndexFileRequest:>SMS return=200
11/17 17:19:34 [2876] <ParseHTTPStatusCode:>200=>200 OK
11/17 17:19:34 [2876] <FindHeader>Sem-HashKey:=>4E6313D06F2BB70FB75CCBCD71F04A86
11/17 17:19:34 [2876] <FindHeader>Sem-LANSensor:=>0
11/17 17:19:34 [2876] <FindHeader>Sem-Signatue:=>52E64466F8517567F17A870032BEDD926FC7AE9E59CD361C70EB57654E15F060A84D0E8D0AD682819171CD9EC0977BC1E7CAE4EC02E6D96D3A1C059F485DE1AECB11CA9B3BBA583FF26FAC0F8E530BB96488BB556BD71687D6775B4ECD1BF26AFE9368835C583D04D98253AA1FB55695FEA29435332E6604AB9284A825919B55
11/17 17:19:34 [2876] <mfn_DoGetIndexFile200>Content Lenght => 1381
11/17 17:19:34 [2876] SignIf::VerifySignature(data, dataLen, sig, sigLen) => Verification Successful..
11/17 17:19:34 [2876] <mfn_DoGetIndexFile200>Index File: <?xml version="1.0" encoding="UTF-8" ?><GroupIndex SiteID="7FB25CBAC0A8A8C9017E7F889CE862E3" ServerID="29B539DEC0A8A8C9008A3D8F33257905" GroupID="7D12445BC0A8A8C9011C3288B5220984" GroupCheckSum="842CEA790A323210858413531" LastModifiedTime = "17/11/2009 13:27:40">    <Profile Checksum="78F54506A15F4B587FB0101842D9D444" SerialNumber="7D12-09/09/2009 11:15:28 529" LastModifiedTime="30/10/2009  09:50:36"/>    <ConfigFile Checksum="52D684F82EF06416D8260FD10415FAA5" LastModifiedTime="17/11/2009  13:27:40"/>    <IDSFile Checksum="8D937E9F1FFE34C1564A124A523A3A52" LastModifiedTime="30/10/2009  09:45:42"/>    <SylinkFile Checksum="D551191A25A797EEFCAD1D1E927ED293" LastModifiedTime="30/10/2009  09:50:36"/>    <LSProfile Checksum="A22B26D1D42362F93E93F6DFC22F26B2" SerialNumber ="7D12-09/09/2009 11:15:28 529" LastModifiedTime ="30/10/2009  09:50:36"/>
    <LiveUpdate>
        <File Checksum="0308F2CB59229AE05AA646E25CD443BB" DeltaFlag="1" FullSize="62112389" LastModifiedTime="1258389710343" Moniker="{C60DC234-65F9-4674-94AE-62158EFCA433}" Seq="91116002"/>
         <File Checksum="D115E4DA5A4167809E97F76CFA27118B" DeltaFlag="1" FullSize="62303577" LastModifiedTime="1258389544843" Moniker="{1CD85198-26C6-4bac-8C72-5D34B025DE35}" Seq="91116002"/>
         <File Checksum="046CA34D4E7587C90B925D4751A43E28" DeltaFlag="1" FullSize="1321545" LastModifiedTime="1258067651809" Moniker="{42B17E5E-4E9D-4157-88CB-966FB4985928}" Seq="91112001"/>
         <File Checksum="685EDC5DDDCE3CC9AEF65C6AEAE0E630" DeltaFlag="1" FullSize="1305315" LastModifiedTime="1258067640700" Moniker="{D3769926-05B7-4ad1-9DCF-23051EEE78E3}" Seq="91112001"/>
         <File Checksum="68C4C5BE3E972821ED843BBA5B84213D" DeltaFlag="1" FullSize="88188" LastModifiedTime="1247207581828" Moniker="{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}" Seq="80820001"/>
         <File Checksum="F4286532909E2F82210CE9C395F87B12" DeltaFlag="1" FullSize="1662247" LastModifiedTime="1247207591703" Moniker="{DB206823-FFD2-440a-9B89-CCFD45F3F1CD}" Seq="80820001"/>
         <File Checksum="0F054FB3479A756BED2FA478E7A2B426" DeltaFlag="1" FullSize="1419193" LastModifiedTime="1247207598734" Moniker="{C13726A9-8DF7-4583-9B39-105B7EBD55E2}" Seq="80820001"/>
         <File Checksum="0A04C29AAE70E453EAC717D2A11A5660" DeltaFlag="1" FullSize="669829" LastModifiedTime="1249826504731" Moniker="{C25CEA47-63E5-447b-8D95-C79CAE13FF79}" Seq="80929016"/>
         <File Checksum="C7F16A99E82BE7DD29A73559D8497F89" DeltaFlag="1" FullSize="650307" LastModifiedTime="1249826510293" Moniker="{ECCC5006-EF61-4c99-829A-417B6C6AD963}" Seq="2008021700"/>
         <File Checksum="8D0D7D7837032D27429315B0736B3207" DeltaFlag="1" FullSize="6487" LastModifiedTime="1258008974733" Moniker="{4F889C4A-784D-40de-8539-6A29BAA43139}" Seq="91111048"/>
         <File Checksum="47D89561788816E354CC8DE1D886EEF7" DeltaFlag="1" FullSize="570905" LastModifiedTime="1258141126295" Moniker="{812CD25E-1049-4086-9DDD-A4FAE649FBDF}" Seq="91113018"/>
         <File Checksum="4EEBED4644BAD0810EEDE7924FB761C0" DeltaFlag="1" FullSize="570930" LastModifiedTime="1258141132342" Moniker="{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}" Seq="91113018"/>
         <File Checksum="9AD1E4866236FA955F733BBDFE64D936" DeltaFlag="1" FullSize="76812" LastModifiedTime="1258389714421" Moniker="{CC40C428-1830-44ef-B8B2-920A0B761793}" Seq="91116017"/>
         <File Checksum="752935F5DEDFCC07599ED0793BFEE1BD" DeltaFlag="1" FullSize="76800" LastModifiedTime="1258389743609" Moniker="{E5A3EBEE-D580-421e-86DF-54C0B3739522}" Seq="91116017"/>
    </LiveUpdate>
</GroupIndex>
11/17 17:19:34 [2876] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
11/17 17:19:34 [2876] <GetIndexFileRequest:>COMPLETED
11/17 17:19:34 [2876] <IndexHeartbeatProc>GetIndexFile handling status: 0
11/17 17:19:34 [2876] <IndexHeartbeatProc>Switch Server flag=0
11/17 17:19:34 [2876] HEARTBEAT: Check Point 5.1
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
11/17 17:19:34 [2876] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {1CD85198-26C6-4bac-8C72-5D34B025DE35} Seq:91116002
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
11/17 17:19:34 [2876] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {42B17E5E-4E9D-4157-88CB-966FB4985928} Seq:91112001
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
11/17 17:19:34 [2876] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {D3769926-05B7-4ad1-9DCF-23051EEE78E3} Seq:91112001
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
11/17 17:19:34 [2876] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {DB206823-FFD2-440a-9B89-CCFD45F3F1CD} Seq:80820001
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
11/17 17:19:34 [2876] <mfn_LiveUpdate:> Agent returned closest matching seq: <None>
11/17 17:19:34 [2876] <Add2LUFileList:>Adding LU Info to LU Download File List: {4F889C4A-784D-40de-8539-6A29BAA43139}91111048
11/17 17:19:34 [2876] <Add2LUFileList:>File Info already exists, hence updating: {4F889C4A-784D-40de-8539-6A29BAA43139}91111048
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
11/17 17:19:34 [2876] <mfn_LiveUpdate:> Agent returned closest matching seq: <None>
11/17 17:19:34 [2876] <Add2LUFileList:>Adding LU Info to LU Download File List: {812CD25E-1049-4086-9DDD-A4FAE649FBDF}91113018
11/17 17:19:34 [2876] <Add2LUFileList:>File Info already exists, hence updating: {812CD25E-1049-4086-9DDD-A4FAE649FBDF}91113018
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
11/17 17:19:34 [2876] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {E1A6B4FF-6873-4200-B6F6-04C13BF38CF3} Seq:91113018
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
11/17 17:19:34 [2876] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {CC40C428-1830-44ef-B8B2-920A0B761793} Seq:91116017
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
11/17 17:19:34 [2876] <mfn_LiveUpdate:> Agent returned closest matching seq: <None>
11/17 17:19:34 [2876] <Add2LUFileList:>Adding LU Info to LU Download File List: {E5A3EBEE-D580-421e-86DF-54C0B3739522}91116017
11/17 17:19:34 [2876] <Add2LUFileList:>File Info already exists, hence updating: {E5A3EBEE-D580-421e-86DF-54C0B3739522}91116017
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_SERVER_ONLINE
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
11/17 17:19:34 [2876] <ScheduleNextUpdate>Reset Heartbeat factor index, hearbeat=300 seconds
11/17 17:19:34 [2876] HEARTBEAT: Check Point 6
11/17 17:19:34 [2876] <mfn_PostAgentInfo>===REQUESTING PLUG-IN OP-STATE: AVMan
11/17 17:19:34 [2876] <mfn_PostAgentInfo>===REQUESTING PLUG-IN OP-STATE: LUMan
11/17 17:19:34 [2876] <mfn_PostAgentInfo>===REQUESTING CMC OP-STATE ===
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_SERVER_REQUIRES_CLIENT_SESTATE
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_SERVER_REQUIRES_CLIENT_SESTATE, return=0
11/17 17:19:34 [2876] ReasonDescForFailure*** = Host Integrity check is disabled.
11/17 17:19:34 [2876] ReasonDescForFailure*** = Host Integrity check is disabled.
11/17 17:19:34 [2876] *** = <SSAInfo NameSpace="rpc" AgentID="D7DA6A8DC0A8A8C9013BC30A30036475" ComputerID="A62BB0B9C0A8A8C9013BC30AE737EE59" HardwareKey="5EC2F53FE5E1861CF3A205ED08C3A5FA" GroupID="7D12445BC0A8A8C9011C3288B5220984">
<AgentHIInfo Status="3" ReasonCode="0" ReasonDescForFailure="Host Integrity check is disabled."/>
<SSAHostInfo>
<NetworkIdentity UserDomain="CALLISTA.NET" LogonUser="alexander valentine" HostDomain="callista.net" HostName="Alex" HostDesc=""/>
<SSAProduct Version="11.0.4202.75"/>
<SSAOS Version="6.1.7600" Desc="Windows Vista" Type="16777218" ServicePack="" Language="9"/>
<Processor ProcessorType="x86 Family 6 Model 23 Stepping 10" ProcessorClock="2793" ProcessorNum="2"/>
<Memory Size="3711086592"/>
<Disk Letter="C:\" Size="107396575232"/>
<BIOS Version="DELL   - 27d9040f"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="7D12-09/09/2009 11:15:28 529"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-720"/>
<DNSs><DNS Address="192.168.168.210"/><DNS Address="192.168.168.201"/></DNSs>
<DHCPServer Address="192.168.1.1"/><SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.81" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs><Firewall OnOff="0" Installed="0"/>
</SSAHostInfo>
<RebootRequired Status="0"></RebootRequired>
<InstalledFeatures><Feature Id ="256"/></InstalledFeatures>
</SSAInfo>

11/17 17:19:34 [2876] <mfn_PostAgentInfo>Volatile op-state damper: 0, Interval passed: 131
11/17 17:19:34 [2876] <mfn_PostAgentInfo>Free memory difference: 154148864, Threshold: 338246850
11/17 17:19:34 [2876] <mfn_PostAgentInfo>Free disk space difference: 311296, Threshold: 11474221665
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_SYLINK_QUERY_COMMANDSTATUS
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_SYLINK_QUERY_COMMANDSTATUS, return=0
11/17 17:19:34 [2876] <IndexHeartbeatProc>===UPLOAD STAGE===
11/17 17:19:34 [2876] <PostEvent>going to post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG
11/17 17:19:34 [2876] <PostEvent>done post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG, return=0
11/17 17:19:34 [2876] <IndexHeartbeatProc>===PREPARE EVENT LOG STAGE===
11/17 17:19:34 [2876] <PrepareEventLog>initialized technology extension processing ok
11/17 17:19:34 [2876] <CalcEventLogIndex>Need to send Event Log Type(0) from id 29 to 29
11/17 17:19:34 [2876] <PrepareEventLog>Allow total logs to send=1
11/17 17:19:34 [2876] <PrepareEventLog>nSecurityRecordsTotal=0
11/17 17:19:34 [2876] <PrepareEventLog>nSecurityRecordsToSend=0
11/17 17:19:34 [2876] <PrepareEventLog>nSystemRecordsTotal=1
11/17 17:19:34 [2876] <PrepareEventLog>nSystemRecordsToSend=100
11/17 17:19:34 [2876] <PrepareEventLog>nTrafficRecordsTotal=0
11/17 17:19:34 [2876] <PrepareEventLog>nTrafficRecordsToSend=0
11/17 17:19:34 [2876] <PrepareEventLog>nRawRecordsTotal=0
11/17 17:19:34 [2876] <PrepareEventLog>nRawRecordsToSend=0
11/17 17:19:34 [2876] <PrepareEventLog>nProcessRecordsTotal=0
11/17 17:19:34 [2876] <PrepareEventLog>nProcessRecordsToSend=0
11/17 17:19:34 [2876] <PrepareEventLog>nLANSensorRecordsTotal=0
11/17 17:19:34 [2876] <PrepareEventLog>nLANSensorRecordsToSend=0
11/17 17:19:34 [2876] <PrepareEventLog>nTechExtensionRecordsTotal=0
11/17 17:19:34 [2876] <PrepareEventLog>nTechExtensionRecordsToSend=0
11/17 17:19:34 [2876] <MakeSystemLog>The size of SYSTEM event logs is 402.
11/17 17:19:34 [2876] <SyLink>The size of SYSTEM event logs is 402.
11/17 17:19:34 [2876] <MakeSecurityLog>Attached total 0 bytes SECURITY event logs.
11/17 17:19:34 [2876] <MakeTrafficLog>Attached total 0 bytes TRAFFIC event logs.
11/17 17:19:34 [2876] <MakeRawTrafficLog>Attached total 0 bytes RAW TRAFFIC event logs.
11/17 17:19:34 [2876] <MakeProcessLog>Attached total 0 bytes process event logs.
11/17 17:19:35 [2876] <IndexHeartbeatProc>===COMPRESS EVENT LOG STAGE===
11/17 17:19:35 [2876] <IndexHeartbeatProc>===SEND EVENT LOG STAGE===
11/17 17:19:35 [2876] ************CSN=28
11/17 17:19:35 [2876] <mfn_MakePostUrl:>Request is: action=195&hostid=D7DA6A8DC0A8A8C9013BC30A30036475&chk=4E6313D06F2BB70FB75CCBCD71F04A86&ck=699F25EA15A348EC340E1C88D457724A&uchk=DE3D153FD54C95FEA534B4015C5004FB&uck=C73BF2BA462EF0900A38F47ABBFA3FB6&groupid=522A30AAC0A8A8C90054F742E2D7BCD7&as=28&cn=[hex]416C6578&lun=[hex]616C6578616E6465722076616C656E74696E65&udn=[hex]43414C4C495354412E4E4554
11/17 17:19:35 [2876] <SendEventLogToServer>http://exchange2:80/secars/secars.dll?h=3E46F2A3E4FCD7441917C0CFE2D6431F4014F0B56765FC20B9FFDB6E9648E72F008FD6965E9DF5B9D04B5C2A6C5B74011BBF0F4D86774AFE16DB3C4DFAC63FE3BF16EE15CCC31A808E3353E08F2E25FEF237FC6F56FDABE8147E6565500D9CE89C517D38458F9A596C79FF511E50A2EC664AF0A6271D0E8048C6A9D0705C4D3EFE5142C782A498154FFB7F2F96E463FDC62939F6222D004391FD358B2EEE8F35C8938227420ED8E7CEA427E860E948229AF08C8386E4681311025A5EF799BAA2133C11BF6FB76FFE218CDD5B664738EA7F02C67B3265E597E081DAF165BC3F19F51FC6978BE8919306ECEEBF4A8325747F51E03BF34C03141B97DE4B02F6AEC1055018C481D8CBD33B2E54E8054820C8FBA2BFCDF895DCF88E24A6B9F324028F5671CE2AC702256F358C68ADA8138EEDA85DF7892CF724091E429FC5748D0616AD50471E61D68BF714BBCBA0E35C154D2C1FAC00D5C25E7C10B1AD32C7821FDA
11/17 17:19:35 [2876] <SendEventLogToServer>eventlog-->SMS, size=349
11/17 17:19:35 [2876] <SendEventLogToServer>uploads the eventlog to server, size=349
11/17 17:19:35 [2876] <SendEventLogToServer>Query return code = 200
11/17 17:19:35 [2876] <SendEventLogToServer>EventLog-->SEM DONE!
11/17 17:19:35 [2876] <PostEvent>going to post event=EVENT_SERVER_EVENT_LOG_SENT
11/17 17:19:35 [2876] <PostEvent>done post event=EVENT_SERVER_EVENT_LOG_SENT, return=0
11/17 17:19:35 [2876] <IndexHeartbeatProc>Communication Mode=0(Push Mode)
11/17 17:19:35 [2876] <IndexHeartbeatProc>Enter Push Session
11/17 17:19:35 [2876] <IndexHeartbeatProc>Setting the session timeout on Profile Session (for MaintainPushConnection) to 320000
11/17 17:19:35 [2876] <MaintainPushConnection:>Push Connecton!
11/17 17:19:35 [2876] ************CSN=29
11/17 17:19:35 [2876] <mfn_MakeGetPushUrl:>Request is: action=128&hostid=D7DA6A8DC0A8A8C9013BC30A30036475&chk=4E6313D06F2BB70FB75CCBCD71F04A86&ck=699F25EA15A348EC340E1C88D457724A&uchk=DE3D153FD54C95FEA534B4015C5004FB&uck=C73BF2BA462EF0900A38F47ABBFA3FB6&groupid=522A30AAC0A8A8C90054F742E2D7BCD7&mode=0&as=29
11/17 17:19:35 [2876] <MaintainPushConnection:>http://exchange2:80/secars/secars.dll?h=0A4CACDA4D6A55D015422BD1A1E5554B4014F0B56765FC20B9FFDB6E9648E72F008FD6965E9DF5B9D04B5C2A6C5B74011BBF0F4D86774AFE16DB3C4DFAC63FE3BF16EE15CCC31A808E3353E08F2E25FEF237FC6F56FDABE8147E6565500D9CE89C517D38458F9A596C79FF511E50A2EC664AF0A6271D0E8048C6A9D0705C4D3EFE5142C782A498154FFB7F2F96E463FDC62939F6222D004391FD358B2EEE8F35C8938227420ED8E7CEA427E860E948229AF08C8386E4681311025A5EF799BAA2133C11BF6FB76FFE218CDD5B664738EA7F02C67B3265E597E081DAF165BC3F19F51FC6978BE8919306ECEEBF4A832574391FE0515EB5360A94CF27C43F6F36813094F1E9A242ED28DA2D3F10E095F5FD
11/17 17:19:38 [2872] <CSyLink::mfn_DownloadNow()>
11/17 17:19:38 [2872] </CSyLink::mfn_DownloadNow()>
11/17 17:20:11 [2880] <LUThreadProc>Starting LU download.
11/17 17:20:11 [2880] <LUThreadProc>Got a valid context from GetCurrentServerEx
11/17 17:20:11 [2880] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
11/17 17:20:11 [2880] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{4F889C4A-784D-40de-8539-6A29BAA43139}/91111048/Full.zip
11/17 17:20:11 [2880] <GetLUFileRequest:>IIS URL: /content/{4F889C4A-784D-40de-8539-6A29BAA43139}/91111048/Full.zip
11/17 17:20:11 [2880] <GetLUFileRequest:>http://exchange2:80/content/{4F889C4A-784D-40de-8539-6A29BAA43139}/91111048/Full.zip
11/17 17:20:11 [2880] <GetLUFileRequest:>download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{4F889C4A-784D-40de-8539-6A29BAA43139}911110481.TMP
11/17 17:20:11 [2880] <GetLUFileRequest:>IIS return=200
11/17 17:20:11 [2880] <mfn_DoGetLUFile200>Downloading LU file from server. Moniker: {4F889C4A-784D-40de-8539-6A29BAA43139}Server File Path:/content/{4F889C4A-784D-40de-8539-6A29BAA43139}/91111048/Full.zipLocal Path:C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{4F889C4A-784D-40de-8539-6A29BAA43139}911110481.TMP
11/17 17:20:11 [2880] <mfn_DoGetLUFile200>Content Length => 6487
11/17 17:20:11 [2880] <UpdateLUFileList:>Updating existing Download File List with : {4F889C4A-784D-40de-8539-6A29BAA43139}91111048
11/17 17:20:11 [2880] <mfn_DoGetLUFile200>LU Content Downloaded.  Moniker: {4F889C4A-784D-40de-8539-6A29BAA43139} Target Seq:91111048 Full version:1 Delta Base Seq:
11/17 17:20:11 [2880] <PostEvent>going to post event=EVENT_LU_DOWNLOAD_COMPLETED
11/17 17:20:15 [2880] <PostEvent>done post event=EVENT_LU_DOWNLOAD_COMPLETED, return=0
11/17 17:20:15 [2880] <mfn_DoGetLUFile200> Download LU file succeeded. FileName: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{4F889C4A-784D-40de-8539-6A29BAA43139}911110481.TMP Moniker: {4F889C4A-784D-40de-8539-6A29BAA43139} Seq: 91111048 File size: 6487
11/17 17:20:15 [2880] <mfn_DoGetLUFile200>completed.
11/17 17:20:15 [2880] File download returns status code=0
11/17 17:20:15 [2880] Removing LU download from queue {4F889C4A-784D-40de-8539-6A29BAA43139}
11/17 17:20:15 [2880] <GetLUFileRequest:>RECEIVE STAGE COMPLETED
11/17 17:20:15 [2880] <GetLUFileRequest:>COMPLETED
11/17 17:20:15 [2880] LU file download succeceded with HTTP status:200
11/17 17:20:15 [2880] <CExpBackoff::Decrement()>
11/17 17:20:15 [2880] Backoff wait index: 0
11/17 17:20:15 [2880] </CExpBackoff::Decrement()>
11/17 17:20:15 [2880] <LUThreadProc>Got a valid context from GetCurrentServerEx
11/17 17:20:15 [2880] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
11/17 17:20:15 [2880] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{812CD25E-1049-4086-9DDD-A4FAE649FBDF}/91113018/Full.zip
11/17 17:20:15 [2880] <GetLUFileRequest:>IIS URL: /content/{812CD25E-1049-4086-9DDD-A4FAE649FBDF}/91113018/Full.zip
11/17 17:20:15 [2880] <GetLUFileRequest:>http://exchange2:80/content/{812CD25E-1049-4086-9DDD-A4FAE649FBDF}/91113018/Full.zip
11/17 17:20:15 [2880] <GetLUFileRequest:>download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{812CD25E-1049-4086-9DDD-A4FAE649FBDF}911130181.TMP
11/17 17:20:16 [2880] <GetLUFileRequest:>IIS return=200
11/17 17:20:16 [2880] <mfn_DoGetLUFile200>Downloading LU file from server. Moniker: {812CD25E-1049-4086-9DDD-A4FAE649FBDF}Server File Path:/content/{812CD25E-1049-4086-9DDD-A4FAE649FBDF}/91113018/Full.zipLocal Path:C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{812CD25E-1049-4086-9DDD-A4FAE649FBDF}911130181.TMP
11/17 17:20:18 [2880] <mfn_DoGetLUFile200>Content Length => 570905
11/17 17:20:18 [2880] <UpdateLUFileList:>Updating existing Download File List with : {812CD25E-1049-4086-9DDD-A4FAE649FBDF}91113018
11/17 17:20:18 [2880] <mfn_DoGetLUFile200>LU Content Downloaded.  Moniker: {812CD25E-1049-4086-9DDD-A4FAE649FBDF} Target Seq:91113018 Full version:1 Delta Base Seq:
11/17 17:20:18 [2880] <PostEvent>going to post event=EVENT_LU_DOWNLOAD_COMPLETED
11/17 17:20:20 [2880] <PostEvent>done post event=EVENT_LU_DOWNLOAD_COMPLETED, return=0
11/17 17:20:20 [2880] <mfn_DoGetLUFile200> Download LU file succeeded. FileName: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{812CD25E-1049-4086-9DDD-A4FAE649FBDF}911130181.TMP Moniker: {812CD25E-1049-4086-9DDD-A4FAE649FBDF} Seq: 91113018 File size: 570905
11/17 17:20:20 [2880] <mfn_DoGetLUFile200>completed.
11/17 17:20:20 [2880] File download returns status code=0
11/17 17:20:20 [2880] Removing LU download from queue {812CD25E-1049-4086-9DDD-A4FAE649FBDF}
11/17 17:20:20 [2880] <GetLUFileRequest:>RECEIVE STAGE COMPLETED
11/17 17:20:20 [2880] <GetLUFileRequest:>COMPLETED
11/17 17:20:20 [2880] LU file download succeceded with HTTP status:200
11/17 17:20:20 [2880] <CExpBackoff::Decrement()>
11/17 17:20:20 [2880] Backoff wait index: 0
11/17 17:20:20 [2880] </CExpBackoff::Decrement()>
11/17 17:20:20 [2880] <LUThreadProc>Got a valid context from GetCurrentServerEx
11/17 17:20:20 [2880] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
11/17 17:20:20 [2880] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{E5A3EBEE-D580-421e-86DF-54C0B3739522}/91116017/Full.zip
11/17 17:20:20 [2880] <GetLUFileRequest:>IIS URL: /content/{E5A3EBEE-D580-421e-86DF-54C0B3739522}/91116017/Full.zip
11/17 17:20:20 [2880] <GetLUFileRequest:>http://exchange2:80/content/{E5A3EBEE-D580-421e-86DF-54C0B3739522}/91116017/Full.zip
11/17 17:20:20 [2880] <GetLUFileRequest:>download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{E5A3EBEE-D580-421e-86DF-54C0B3739522}911160171.TMP
11/17 17:20:20 [2880] <GetLUFileRequest:>IIS return=200
11/17 17:20:20 [2880] <mfn_DoGetLUFile200>Downloading LU file from server. Moniker: {E5A3EBEE-D580-421e-86DF-54C0B3739522}Server File Path:/content/{E5A3EBEE-D580-421e-86DF-54C0B3739522}/91116017/Full.zipLocal Path:C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{E5A3EBEE-D580-421e-86DF-54C0B3739522}911160171.TMP
11/17 17:20:21 [2880] <mfn_DoGetLUFile200>Content Length => 76800
11/17 17:20:21 [2880] <UpdateLUFileList:>Updating existing Download File List with : {E5A3EBEE-D580-421e-86DF-54C0B3739522}91116017
11/17 17:20:21 [2880] <mfn_DoGetLUFile200>LU Content Downloaded.  Moniker: {E5A3EBEE-D580-421e-86DF-54C0B3739522} Target Seq:91116017 Full version:1 Delta Base Seq:
11/17 17:20:21 [2880] <PostEvent>going to post event=EVENT_LU_DOWNLOAD_COMPLETED
11/17 17:20:23 [2880] <PostEvent>done post event=EVENT_LU_DOWNLOAD_COMPLETED, return=0
11/17 17:20:23 [2880] <mfn_DoGetLUFile200> Download LU file succeeded. FileName: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{E5A3EBEE-D580-421e-86DF-54C0B3739522}911160171.TMP Moniker: {E5A3EBEE-D580-421e-86DF-54C0B3739522} Seq: 91116017 File size: 76800
11/17 17:20:23 [2880] <mfn_DoGetLUFile200>completed.
11/17 17:20:23 [2880] File download returns status code=0
11/17 17:20:23 [2880] Removing LU download from queue {E5A3EBEE-D580-421e-86DF-54C0B3739522}
11/17 17:20:23 [2880] <GetLUFileRequest:>RECEIVE STAGE COMPLETED
11/17 17:20:23 [2880] <GetLUFileRequest:>COMPLETED
11/17 17:20:23 [2880] LU file download succeceded with HTTP status:200
11/17 17:20:23 [2880] <CExpBackoff::Decrement()>
11/17 17:20:23 [2880] Backoff wait index: 0
11/17 17:20:23 [2880] </CExpBackoff::Decrement()>
11/17 17:20:23 [2880] SyLinkDeleteConfig => Deleting instance: 03522BF8
11/17 17:20:42 [2872] <CSyLink::mfn_DownloadNow()>
11/17 17:20:42 [2872] </CSyLink::mfn_DownloadNow()>

pete_4u2002's picture

for me it looks like the logs says it is connected to SEPM and download is also successful

11/17 17:20:23 [2880] <mfn_DoGetLUFile200> Download LU file succeeded. FileName: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{E5A3EBEE-D580-421e-86DF-54C0B3739522}911160171.TMP Moniker: {E5A3EBEE-D580-421e-86DF-54C0B3739522} Seq: 91116017 File size: 76800
11/17 17:20:23 [2880] <mfn_DoGetLUFile200>completed.
11/17 17:20:23 [2880] File download returns status code=0
11/17 17:20:23 [2880] Removing LU download from queue {E5A3EBEE-D580-421e-86DF-54C0B3739522}
11/17 17:20:23 [2880] <GetLUFileRequest:>RECEIVE STAGE COMPLETED
11/17 17:20:23 [2880] <GetLUFileRequest:>COMPLETED
11/17 17:20:23 [2880] LU file download succeceded with HTTP status:200

Did you collect the logs while the client is not connected to the SEPM?

Gabriel Valentine's picture

This is the log from when it is connected yes.  There are no logs when it doesn't connect.  Just a bunch of heartbeat messages.  I could post those if it helps.

Gabriel Valentine's picture

This is the log from when the SEP is NOT connected.

11/18 11:52:09 [2612] <CheckHeartbeatTimer>====== Heartbeat loop starts at 11:52:09 ======
11/18 11:52:10 [2612] <GetOnlineNicInfo>:Netport Count=2
11/18 11:52:10 [2612] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.86" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
11/18 11:52:10 [2612] <CalcAgentHashKey>:CH=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/18 11:52:10 [2612] <CalcAgentHashKey>:CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/18 11:52:10 [2612] <CalcAgentHashKey>:C=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net
11/18 11:52:10 [2612] <CalcAgentHashKey>:CKey=699F25EA15A348EC340E1C88D457724A
11/18 11:52:10 [2612] <CalcAgentHashKey>:UCH=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/18 11:52:10 [2612] <CalcAgentHashKey>:UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/18 11:52:10 [2612] <CalcAgentHashKey>:UC=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net
11/18 11:52:10 [2612] <CalcAgentHashKey>:UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/18 11:52:10 [2612] <DoHeartbeat>HardwareID=5EC2F53FE5E1861CF3A205ED08C3A5FA
11/18 11:52:10 [2612] <DoHeartbeat>CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/18 11:52:10 [2612] <DoHeartbeat>CKey=699F25EA15A348EC340E1C88D457724A
11/18 11:52:10 [2612] <DoHeartbeat>UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/18 11:52:10 [2612] <DoHeartbeat>UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/18 11:52:10 [2612] <DoHeartbeat> Set heartbeat event
11/18 11:52:10 [2612] Use new configuration
11/18 11:52:10 [2612] <CSyLink::IndexHeartbeatProc()>
11/18 11:52:10 [2612] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 02D3FDE0
11/18 11:52:10 [2612] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 11:52:10 ======
11/18 11:52:10 [2612] HEARTBEAT: Check Point 1
11/18 11:52:10 [2612] Get First Server!
11/18 11:52:10 [2612] <GetFirstSEMServer> Selecting a random server
11/18 11:52:10 [2612] <GetFirstServer> Using server '192.168.168.80'
11/18 11:52:10 [2612] HEARTBEAT: Check Point 2
11/18 11:52:10 [2612] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
11/18 11:52:10 [2612] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
11/18 11:52:10 [2612] HEARTBEAT: Check Point 3
11/18 11:52:10 [2612] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
11/18 11:52:10 [2612] HEARTBEAT: Check Point 4
11/18 11:52:43 [2608] <CSyLink::mfn_DownloadNow()>
11/18 11:52:43 [2608] </CSyLink::mfn_DownloadNow()>
11/18 11:53:43 [2608] <CSyLink::mfn_DownloadNow()>
11/18 11:53:43 [2608] </CSyLink::mfn_DownloadNow()>

sandeep_sali's picture

We see multiple entries of "LU file download succeceded with HTTP status:200". This generally occurs due to incorrect default gateway specified in the tcp/ip settings. This is the first thing that we have noticed. We are going through the logs and will keeep you updated with the latest info. Your quick response of posting the logs is appreciated

Thanks & Regards

Sandeep C Sali

sandeep_sali's picture

I would also request you to go through this link and check for suggested communication checcks when the client goes OFFLINE.

http://service1.symantec.com/SUPPORT/ent-security....

Thanks & Regards

Sandeep C Sali

Gabriel Valentine's picture

Thank you Sandip,

I've gone through this page multiple times already during my own troubleshooting.  But I've just done it again.

Policy numbers match
I can ping exchange2, exchange2.callista.net and 192.168.168.80 and recieve a response.  It should be noted that 192.168.168.201 is the LAN address of exchange2.

Pinging exchange2.callista.net [192.168.168.201] with 32 by
Reply from 192.168.168.201: bytes=32 time=43ms TTL=128
Reply from 192.168.168.201: bytes=32 time=28ms TTL=128
Reply from 192.168.168.201: bytes=32 time=42ms TTL=128
Reply from 192.168.168.201: bytes=32 time=26ms TTL=128

Ping statistics for 192.168.168.201:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 43ms, Average = 34ms

C:\Users\alex liddell.CALLISTA>ping exchange2.callista.net

Pinging exchange2.callista.net [192.168.168.201] with 32 by
Reply from 192.168.168.201: bytes=32 time=28ms TTL=128
Reply from 192.168.168.201: bytes=32 time=30ms TTL=128
Reply from 192.168.168.201: bytes=32 time=42ms TTL=128
Reply from 192.168.168.201: bytes=32 time=28ms TTL=128

Ping statistics for 192.168.168.201:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 42ms, Average = 32ms

C:\Users\alex liddell.CALLISTA>ping 192.168.168.80

Pinging 192.168.168.80 with 32 bytes of data:
Reply from 192.168.168.80: bytes=32 time=27ms TTL=128
Reply from 192.168.168.80: bytes=32 time=27ms TTL=128
Reply from 192.168.168.80: bytes=32 time=26ms TTL=128
Reply from 192.168.168.80: bytes=32 time=26ms TTL=128

Ping statistics for 192.168.168.80:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 27ms, Average = 26ms

I can log into the reporting server using 192.168.168.80/201 and exchange2 as the host names.

I can get into the SEPM using the above addresses as well.

I can telnet to exchange2:80 and I get a blank telnet window in return.  If I enter any characters I end up with a HTTP 400 Bad Request <Invalid Verb> message.

The IIS logs do indeed show GET and POST messages but not from my IP address.

zer0's picture

This may be dns related.
Your SEP client appears to be trying to connect to the host called exchange2 which wont resolve via your home or internet dns servers

Try setting your management server list with both the fqdn and the ip address if you haven't already done so.

Z

Gabriel Valentine's picture

Thanks.  Could you explain how I set this in the management server list?  I've not encountered that part of the SEPM before.

Gabriel Valentine's picture

Thanks for posting that.  I checked our default management server list and it already has the IPs of the LAN, VPN and the Host name listed in it., but it didn't have the FQDN.

So I created a new management server list and put the FQDN in there.  This is the log I get when I connect the VPN and let the client try and connect to the server.

11/18 11:52:09 [2612] <CheckHeartbeatTimer>====== Heartbeat loop starts at 11:52:09 ======
11/18 11:52:10 [2612] <GetOnlineNicInfo>:Netport Count=2
11/18 11:52:10 [2612] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.86" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
11/18 11:52:10 [2612] <CalcAgentHashKey>:CH=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/18 11:52:10 [2612] <CalcAgentHashKey>:CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/18 11:52:10 [2612] <CalcAgentHashKey>:C=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net
11/18 11:52:10 [2612] <CalcAgentHashKey>:CKey=699F25EA15A348EC340E1C88D457724A
11/18 11:52:10 [2612] <CalcAgentHashKey>:UCH=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/18 11:52:10 [2612] <CalcAgentHashKey>:UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/18 11:52:10 [2612] <CalcAgentHashKey>:UC=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net
11/18 11:52:10 [2612] <CalcAgentHashKey>:UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/18 11:52:10 [2612] <DoHeartbeat>HardwareID=5EC2F53FE5E1861CF3A205ED08C3A5FA
11/18 11:52:10 [2612] <DoHeartbeat>CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/18 11:52:10 [2612] <DoHeartbeat>CKey=699F25EA15A348EC340E1C88D457724A
11/18 11:52:10 [2612] <DoHeartbeat>UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/18 11:52:10 [2612] <DoHeartbeat>UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/18 11:52:10 [2612] <DoHeartbeat> Set heartbeat event
11/18 11:52:10 [2612] Use new configuration
11/18 11:52:10 [2612] <CSyLink::IndexHeartbeatProc()>
11/18 11:52:10 [2612] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 02D3FDE0
11/18 11:52:10 [2612] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 11:52:10 ======
11/18 11:52:10 [2612] HEARTBEAT: Check Point 1
11/18 11:52:10 [2612] Get First Server!
11/18 11:52:10 [2612] <GetFirstSEMServer> Selecting a random server
11/18 11:52:10 [2612] <GetFirstServer> Using server '192.168.168.80'
11/18 11:52:10 [2612] HEARTBEAT: Check Point 2
11/18 11:52:10 [2612] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
11/18 11:52:10 [2612] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
11/18 11:52:10 [2612] HEARTBEAT: Check Point 3
11/18 11:52:10 [2612] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
11/18 11:52:10 [2612] HEARTBEAT: Check Point 4
11/18 11:52:43 [2608] <CSyLink::mfn_DownloadNow()>
11/18 11:52:43 [2608] </CSyLink::mfn_DownloadNow()>
11/18 11:53:43 [2608] <CSyLink::mfn_DownloadNow()>
11/18 11:53:43 [2608] </CSyLink::mfn_DownloadNow()>
11/18 11:54:44 [2608] <CSyLink::mfn_DownloadNow()>
11/18 11:54:44 [2608] </CSyLink::mfn_DownloadNow()>

Still don't get the Green connected light but it's more than what I had before having the FQDN in there.

Acretian's picture

Test the communication with the host name once you are connected thru' VPN, If it fails try using the IP.
If IP Succeds, and if it happens on only one PC, Modify the host file on the PC.

To test the communication,
http://hostname:port/secars/secars?hello/secars
you should see OK on the screen

Port - 8014 (Default)

Gabriel Valentine's picture

This is odd.

My default port is 80 (It must be an older version of the SEPM).

I've got two IP addresses for this server - since it is also the VPN server.

192.168.168.80 (Its VPN address)
192.168.168.201 (its LAN address)

If I use Firefox and connect to http://192.168.168.80:80/secars/secars?hello/secars or http://192.168.168.80:80t/secars/secars?hello/secars I get a blank page.  No OK or anything, just totally blank.  If I use IE, I get a 400 Bad Request page.  This happens when I use the host name "exchange2" as well.

Now this happens regardless of whether the SEP is in a connected state or a disconnected state.  Remember that I have a way to force the VPN to work, by ticking the "use default gateway on remote network" option.

shp's picture

According to me whenever there are two network connected to one pc there will be some misbehavior like this...

I am not sure but try by adding a route to your corporate network manually...  and add the host entry for your SEPM server.

 

Regards,
Srinivas H.P.
HCL Infosystems Ltd

AravindKM's picture

Enable location awareness and create a policy for disabling lan adapter when it is not present in office and disable vpn adapter when laptop is present in office
Refer below urls for more info
Adding a group location in Symantec Endpoint Protection (SEPM) without a wizard
Firewall - Disabling All Other Adapters
 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Gabriel Valentine's picture

Sorry but that isn't going to help me.  I need to be connected to two networks at the same time, if I'm only connected to the office network then all of my network traffic is going to go to the office then out rather than just directly using my local route which is faster.

teiva-boy's picture

 I've had this issue before in a similar networking issue, which is what it sounds like.  You need a route to be created upon connection to your VPN.  This will help establish your host knowing where to go.  I had it easy as my VPN product from Celestix based on MS technology did this for me via some automated scripts.  


There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."

Gabriel Valentine's picture

This is the result of the Route Print command when the VPN is connected and not using the default gateway on the remote network.

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
    192.168.168.0    255.255.255.0   192.168.168.80   192.168.168.86     21
   192.168.168.86  255.255.255.255         On-link    192.168.168.86    276
   203.109.193.68  255.255.255.255      192.168.1.1      192.168.1.3     21
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link    192.168.168.86    276
===========================================================================
Persistent Routes:
  None

The VPN works perfectly in these conditions for everything except the SEP.   I can browse files/folders on the network, get my mail with Exchange, access the corporate CRM.

192.168.168.0    255.255.255.0   192.168.168.80   192.168.168.86     21
   192.168.168.86  255.255.255.255         On-link    192.168.168.86    276

These two routes specifically address the VPN.  I'm not really up to how to interpret this data though, so any help would be appreciated.

192.168.168.80 is the VPN address of the server.  192.168.168.86 is the IP address of my laptop.

shp's picture

Did you try removing server name from management server list...?

In the management server list remove the name of the server and put only ip address.
Management server list available in policies tab.

Regards,
Srinivas H.P.
HCL Infosystems Ltd

Gabriel Valentine's picture

11/20 10:43:26 [840] Stored HostGUID=D7DA6A8DC0A8A8C9013BC30A30036475; outlen=16
11/20 10:43:26 [840] <RestoreSettings>Stored UserGuid=0; outlen=2

11/20 10:43:26 [840] <mfn_DecodeSSN>Sygate-SSN=96
11/20 10:43:26 [840] <mfn_DecodeSSN>Read CSN=97
11/20 10:43:26 [840] <mfn_DecodeSSN>Sygate-SSN=8
11/20 10:43:26 [840] <mfn_DecodeSSN>Read CSN=9
11/20 10:43:26 [840] Product Type=1,Major Ver=0,Minor Ver=0,Platform ID=2,OSType=16777218
11/20 10:43:26 [840] OS=Windows Vista; number=6.1.7600
11/20 10:43:26 [840] SyLinkCreateInstance => Instance created: 02F8A108 Registry path: SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK
11/20 10:43:26 [840] <GetOnlineNicInfo>:Netport Count=2
11/20 10:43:26 [840] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.84" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
11/20 10:43:26 [840] SyLinkCreateConfig => Created instance: 02F0A318
11/20 10:43:26 [840] UseNewConfig => Created m_hNewConfig: 02F0A318
11/20 10:43:26 [840] Importing ConfigObject: 02F06220 into: 02F0A318
11/20 10:43:26 [840] Importing ConfigObject: 02F06220 into: 02F07E30
11/20 10:43:26 [840] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
11/20 10:43:26 [840] SSA packageType is set as 105
11/20 10:43:26 [840] SyLinkDeleteConfig => Deleting instance: 02F06220
11/20 10:43:26 [840] <SetHiStatus>HI status is changed to=3; reason=0; rule=Host Integrity check is disabled.
 Host Integrity policy has been disabled by the administrator.
11/20 10:43:26 [840] SyLinkCreateConfig => Created instance: 03AA5518
11/20 10:43:26 [840] SetCurLocationName: Name is set to - Default
11/20 10:43:26 [840] SetCurLocationID: ID is set to - B989496DC0A8A8C900EBA9B0801F113A
11/20 10:43:26 [840] SyLinkCreateConfig => Created instance: 03AA67C0
11/20 10:43:26 [840] Importing ConfigObject: 03AA67C0 into: 02F0A318
11/20 10:43:26 [840] Importing ConfigObject: 03AA67C0 into: 02F07E30
11/20 10:43:26 [840] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
11/20 10:43:26 [840] SyLinkDeleteConfig => Deleting instance: 03AA67C0
11/20 10:43:26 [840] SyLinkDeleteConfig => Deleting instance: 03AA5518
11/20 10:43:26 [7900] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
11/20 10:43:26 [840] <CSyLink::Start()>
11/20 10:43:26 [840] <CSyLink::ImportConfigFile()>
11/20 10:43:26 [840] CUpdateConfig::Dump
<Client Package-Checksum: ce2e122b9c98597ee66cd77f64d4ce25, DownloadStartTime: 9:0, DurationMin: 480, RandomizeTime: 0>
11/20 10:43:26 [840] </CSyLink::ImportConfigFile()>
11/20 10:43:26 [840] <GetDomainHostName>msz_DomainName is taken from szDomainName
11/20 10:43:26 [840] <GetDomainHostName>DomainName (Final)=callista.net
11/20 10:43:26 [840] *********Netport Count=3
11/20 10:43:26 [840] Not Eth,Wireless&TokenRing-->::00-00-00-00-00-00
11/20 10:43:26 [840] Not PCI-->Bluetooth Network Connection
11/20 10:43:26 [840] Physical: Local Area Connection::00-25-64-48-f6-59::broadcom netxtreme 57xx gigabit controller
11/20 10:43:26 [840] MAC=00-25-64-48-f6-59# Wireless=
11/20 10:43:26 [840] Hardwire String=00-25-64-48-f6-59#
11/20 10:43:26 [840] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87
11/20 10:43:26 [840] <Start>Unable to create Session with 'No Proxies' settings - Error Code: 87
11/20 10:43:26 [6608] <HeartbeatThreadProc:>Thread is about to begin..
11/20 10:43:26 [5736] Successfully created the heartbeat thread
11/20 10:43:26 [840] <Start>Started, contact SMS every 300 seconds
11/20 10:43:26 [840] <PostEvent>going to post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED
11/20 10:43:26 [840] <PostEvent>done post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED, return=0
11/20 10:43:26 [840] </CSyLink::Start()>
11/20 10:43:26 [3908] <CExpBackoff::CExpBackoff()>
11/20 10:43:26 [3908] </CExpBackoff::CExpBackoff()>
11/20 10:43:26 [7928] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
11/20 10:43:26 [840] <SetClientAuth>Received new User/Domain from SMC..  User: alexander valentine User Domain: CALLISTA
11/20 10:43:26 [840] <SetClientAuth>Getting RDNS Domain Name (user domain in AD setup)..
11/20 10:43:26 [840] <GetLoginRdnsDomain>DNS domain=CALLISTA.NET
11/20 10:43:26 [840] <SetClientAuth>Setting the User Domain to RDNS Domain ..
11/20 10:43:26 [840] <SetClientAuth>Logged in user info set to: CALLISTA.NET/alexander valentine
11/20 10:43:26 [840] <SetClientAuth>Marking User Change Notify to redo registration..
11/20 10:43:27 [6608] <CheckHeartbeatTimer>====== Heartbeat loop starts at 10:43:27 ======
11/20 10:43:27 [6608] <GetOnlineNicInfo>:Netport Count=2
11/20 10:43:27 [6608] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.84" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
11/20 10:43:28 [6608] <CalcAgentHashKey>:CH=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/20 10:43:28 [6608] <CalcAgentHashKey>:CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/20 10:43:28 [6608] <CalcAgentHashKey>:C=522A30AAC0A8A8C90054F742E2D7BCD71Alexcallista.net
11/20 10:43:28 [6608] <CalcAgentHashKey>:CKey=699F25EA15A348EC340E1C88D457724A
11/20 10:43:28 [6608] <CalcAgentHashKey>:UCH=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net5EC2F53FE5E1861CF3A205ED08C3A5FA
11/20 10:43:28 [6608] <CalcAgentHashKey>:UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/20 10:43:28 [6608] <CalcAgentHashKey>:UC=522A30AAC0A8A8C90054F742E2D7BCD70alexander valentineCALLISTA.NETAlexcallista.net
11/20 10:43:28 [6608] <CalcAgentHashKey>:UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/20 10:43:28 [6608] <DoHeartbeat>HardwareID=5EC2F53FE5E1861CF3A205ED08C3A5FA
11/20 10:43:28 [6608] <DoHeartbeat>CHKey=4E6313D06F2BB70FB75CCBCD71F04A86
11/20 10:43:28 [6608] <DoHeartbeat>CKey=699F25EA15A348EC340E1C88D457724A
11/20 10:43:28 [6608] <DoHeartbeat>UCHKey=DE3D153FD54C95FEA534B4015C5004FB
11/20 10:43:28 [6608] <DoHeartbeat>UCKey=C73BF2BA462EF0900A38F47ABBFA3FB6
11/20 10:43:28 [6608] <DoHeartbeat> Set heartbeat event
11/20 10:43:28 [6608] Use new configuration
11/20 10:43:28 [6608] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 10:43:28 ======
11/20 10:43:28 [7900] SyLinkCreateConfig => Created instance: 03AA4FD0
11/20 10:43:28 [7900] Importing ConfigObject: 02F07E30 into: 03AA4FD0
11/20 10:43:28 [7900] SyLinkDeleteConfig => Deleting instance: 03AA4FD0
11/20 10:43:28 [6608] HEARTBEAT: Check Point 1
11/20 10:43:28 [6608] <GetFirstSEMServer> Selecting a random server
11/20 10:43:28 [6608] <GetFirstServer> Using server '192.168.168.80'
11/20 10:43:28 [6608] HEARTBEAT: Check Point 2
11/20 10:43:28 [6608] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
11/20 10:43:28 [6608] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
11/20 10:43:28 [6608] HEARTBEAT: Check Point 3
11/20 10:43:28 [6608] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
11/20 10:43:28 [6608] HEARTBEAT: Check Point 4
11/20 10:43:28 [6608] <RegHeartbeatProc>===Registration STAGE===
11/20 10:43:28 [6608] <MakeRegisterData:>logon id (domain/user)=CALLISTA.NET/alexander valentine
11/20 10:43:28 [6608] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="522A30AAC0A8A8C90054F742E2D7BCD7" AgentType="105" UserDomain="CALLISTA.NET" LoginUser="alexandervalentine" ComputerDomain="callista.net" ComputerName="Alex" PreferredGroup="Myompany    ‹Callista     0X1.7BB6C0P-951V" PreferredMode="1" HardwareKey="5EC2F53FE5E1861CF3A205ED08C3A5FA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CALLISTA.NET" LogonUser="alexandervalentine" HostDomain="callista.net" HostName="Alex" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="6.1.7600" Desc="WindowsVista" Type="16777218" ServicePack=""/>
<Processor ProcessorType="x86     0x1.a6c200p+536mily%20Model%20Stepping" ProcessorClock="2793" ProcessorNum="2"/>
<Memory Size="3711086592"/>
<BIOS Version="DELL%20-                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 14864788419040f"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="7D12-110.000000180.0000002009%3a450x1.b000a0p-102158"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-720" />
<DNSs><DNS Address="192.168.168.210"/><DNS Address="192.168.168.201"/></DNSs>
<DHCPServer Address="192.168.1.1"/><SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.84" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
11/20 10:43:28 [6608] <SyLink>[MakeRegisterData] registration Hardware Key=5EC2F53FE5E1861CF3A205ED08C3A5FA
11/20 10:43:28 [6608] ************Reg CSN=10
11/20 10:43:28 [6608] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1358
s_session_id: 5EC2F53FE5E1861CF3A205ED08C3A5FA
Sygate-SSN: 10
<?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="522A30AAC0A8A8C90054F742E2D7BCD7" AgentType="105" UserDomain="CALLISTA.NET" LoginUser="alexandervalentine" ComputerDomain="callista.net" ComputerName="Alex" PreferredGroup="Myompany    ‹Callista     0X1.7A8740P-951V" PreferredMode="1" HardwareKey="5EC2F53FE5E1861CF3A205ED08C3A5FA" SiteDomainName=""/>
<SSAHostInfo><NetworkIdentity UserDomain="CALLISTA.NET" LogonUser="alexandervalentine" HostDomain="callista.net" HostName="Alex" HostDesc="" />
<SSAProduct Version="11.0.4202.75" />
<SSAOS Version="6.1.7600" Desc="WindowsVista" Type="16777218" ServicePack=""/>
<Processor ProcessorType="x86     0x1.a6c200p+536mily%20Model%20Stepping" ProcessorClock="2793" ProcessorNum="2"/>
<Memory Size="3711086592"/>
<BIOS Version="DELL%20-                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 14864749939040f"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="7D12-110.000000180.0000002009%3a450x1.b000a0p-102158"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-720" />
<DNSs><DNS Address="192.168.168.210"/><DNS Address="192.168.168.201"/></DNSs>
<DHCPServer Address="192.168.1.1"/><SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.84" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
11/20 10:43:28 [6608] <SendRegistrationRequest:>http://192.168.168.80:80 [encrypted data]
11/20 10:43:28 [6608] <SendRegistrationRequest:>SMS return=200
11/20 10:43:28 [6608] <ParseHTTPStatusCode:>200=>200 OK
11/20 10:43:28 [6608] <SendRegistrationRequest:>Content Lenght => 350
11/20 10:43:28 [6608] HTTP returns status code=200
11/20 10:43:28 [6608] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
11/20 10:43:28 [6608] <SendRegistrationRequest:>COMPLETED, returned 0
11/20 10:44:33 [5736] <CSyLink::mfn_DownloadNow()>
11/20 10:44:33 [5736] </CSyLink::mfn_DownloadNow()>
11/20 10:45:34 [5736] <CSyLink::mfn_DownloadNow()>
11/20 10:45:34 [5736] </CSyLink::mfn_DownloadNow()>
11/20 10:46:37 [5736] <CSyLink::mfn_DownloadNow()>
11/20 10:46:37 [5736] </CSyLink::mfn_DownloadNow()>

No green light on the client still.

shp's picture

I think when client tries to access the server exchange2 it send the dns request to internet DNS server so it wont find the ip and shows offline.

Regards,
Srinivas H.P.
HCL Infosystems Ltd

teiva-boy's picture

What DNS are you using?

 When on the VPN, perhaps use your internal corporate DNS?  Rather than your home ISP DNS?

There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."

Gabriel Valentine's picture

When I'm connected to the VPN, if I do an NSLookup it returns my corporate DNS rather than my home DNS.  Looking at the sylink logs, it's using 192.168.168.210 which is our primary DNS server in the office.

Acretian's picture

Can you try to change the order of connections and check

to change the binding orders:

- go into the control panel
- open network connections
- at the top of the window, click on the Advanced menu, choose ADVANCED
SETTINGS

Click on the arrows to change the order

shp's picture

HI... did you resolve the issue.... 

Regards,
Srinivas H.P.
HCL Infosystems Ltd

Gabriel Valentine's picture

<SSAProfile Version="5.0.0" SerialNumber="7D12-110.000000180.0000002009%3a450x0.3000b0p-102258"/>
<SSAIDS Version="" SerialNumber=""/>
<SSAUTC Bias="-720" />
<DNSs><DNS Address="192.168.168.210"/><DNS Address="192.168.168.201"/></DNSs>
<DHCPServer Address="192.168.1.1"/><SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.87" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
11/20 11:03:09 [6164] <SendRegistrationRequest:>http://192.168.168.201:80 [encrypted data]
11/20 11:03:09 [6164] <SendRegistrationRequest:>SMS return=200
11/20 11:03:09 [6164] <ParseHTTPStatusCode:>200=>200 OK
11/20 11:03:09 [6164] <SendRegistrationRequest:>Content Lenght => 350
11/20 11:03:09 [6164] HTTP returns status code=200
11/20 11:03:09 [6164] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
11/20 11:03:09 [6164] <SendRegistrationRequest:>COMPLETED, returned 0

This is a log posted from my latest attempt after doing everything that has been suggested in this forum so far, thanks heaps for all the help!

The problem isn't solved still, I don't have my green light on the client, but this log seems to indicate that the client IS connecting to the server.  The DNS addresses are correct for our corporate servers, the registration request to going to the right server and being returned with an OK.  But it seems to still be having trouble downloading any virus definition updates from the server.

I'm going to switch my VPN to the method that works and collect a log from that to post here.

<DNSs><DNS Address="192.168.168.210"/><DNS Address="192.168.168.201"/></DNSs>
<DHCPServer Address="192.168.1.1"/><SSANICs><SSANIC Ip="192.168.1.3" Mac="00-25-64-48-f6-59" Gateway="192.168.1.1" SubnetMask="0.0.0.0"/><SSANIC Ip="192.168.168.86" Mac="00-00-00-00-00-00" Gateway="0.0.0.0" SubnetMask="0.0.0.0"/></SSANICs>
</SSAHostInfo>
</SSARegData>
11/20 11:11:14 [1224] <SendRegistrationRequest:>http://exchange2.callista.net:80 [encrypted data]
11/20 11:11:14 [1224] <SendRegistrationRequest:>SMS return=200
11/20 11:11:14 [1224] <ParseHTTPStatusCode:>200=>200 OK
11/20 11:11:14 [1224] <SendRegistrationRequest:>Content Lenght => 350
11/20 11:11:14 [1224] HTTP returns status code=200
11/20 11:11:14 [1224] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
11/20 11:11:14 [1224] <SendRegistrationRequest:>COMPLETED, returned 0
11/20 11:11:14 [1224] HEARTBEAT: Check Point 5.1
11/20 11:11:14 [1224] <ScheduleNextUpdate>Manually assigned heartbeat=3 seconds
11/20 11:11:14 [1224] <PostEvent>going to post event=EVENT_SERVER_ONLINE
11/20 11:11:14 [1224] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
11/20 11:11:14 [1224] HEARTBEAT: Check Point 8
11/20 11:11:14 [1224] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
11/20 11:11:14 [1224] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
11/20 11:11:14 [1224] <RegHeartbeatProc>====== Registration Procedure stops at 11:11:14 ======
11/20 11:11:14 [1224] HEARTBEAT: Check Point 10
11/20 11:11:15 [1224] HEARTBEAT: Check Point Complete
11/20 11:11:15 [1224] <RegHeartbeatProc>Done, Heartbeat=3seconds
11/20 11:11:15 [1224] <CheckHeartbeatTimer>====== Heartbeat loop stops at 11:11:15 ======
11/20 11:11:19 [1224] <CheckHeartbeatTimer>====== Heartbeat loop starts at 11:11:19 ======

This is the log from when it works.  It's connecting to exchange2.callista.net rather than 192.168.168.201 but all the other information is equal.  I just don't get it.

shp's picture

as i have already mentioned....
Go to management server list in the SEPM.
Remove the hostname from list.... Then update the client to get new management server list...

Then it will not connect to the server name... It will contact the ip address... 

Regards,
Srinivas H.P.
HCL Infosystems Ltd

Gabriel Valentine's picture

Yes I have tried this but the comment did not display properly so I couldn't report back on it.

It changed nothing - beyond getting me to this point.  At present the hostname is not present in the management server list, only the two IP addresses 192.168.168.201 and 192.168.168.80.

Frosty's picture

Hey there,
I'm really new to SEP so I probably can't add a lot of value, but it seemed to me that possibly:
(1) you have a firewall that is not allowing HTTP traffic through on the port that the SEP client + server requires (ought to be possible to construct a simple test of this); or
(2) your IIS installation is 'locked down' to only respond to certain internal LAN addresses and you maybe haven't allowed it to respond to the VPN addresses of 192.168.168.0 / 24
Apologies in advance if this doesn't help or is wasting your time!
Steve.

stlow's picture

If I understand your problem well, I think it could be due to some routing problem. Correct me if I am wrong. When you ticked 'use gateway on remote network' which I assume is gateway 192.168.168.201, the green light is on and when it is unticked, which I assume it is connected to gateway 192.168.168.80, it does not work.

If it is right, it could be due to routing from 192.168.168.80 to your SEPM server. Maybe you can check on it. Else if using gateway 192.168.168.201 is working, you can try use 'route add' to make all connection to SEPM to go through gateway 192.168.168.201.

Hope this is helpful.