Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

SEP client in wrong group

Created: 05 May 2010 • Updated: 07 Nov 2010 | 15 comments
Ren's picture

SEMP in RU5
After installing new SEP Client RU5/RU6, group membership is different than stated in sylink.xml. Installation package is exported from SEPM, with demand to "add client automatically to selected group" and sylink.xml is OK. But still, after installation, opening client GUI - troubeshooting, group is different. Also, the client cannot be found from SEPM, but client communicates with SEPM (green dot), online etc. Whats wrong?

Comments 15 CommentsJump to latest comment

AravindKM's picture

In  SEPM go to the group which the client is showing in the troubleshooting window.You will be able to see that client.Right click on it and move to the group which you required.You can also use shift,ctrl keys if you are having multiple clients to move .

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Ren's picture

No, as I said, the client is NOT really visible in this group in SEPM, where I can see, its kinda belong (from client side).

AravindKM's picture

it may be in the user mode.Go to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log open ersecreg.log .In this file search for the problematic client.Are you able to find it?If you are able to find pls paste that line here.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Ren's picture

Yes, the log contains the client:

05/05 14:23:01 [2324:26384] 10.212.80.85<AgentInfo DomainID="4F7D0xxx0B1EA22592D572C" AgentType="105" UserDomain="xxx.COM" LoginUser="xxx" ComputerDomain="xxx.com" ComputerName="xxx" PreferredGroup="My%20Company%5cGROUPNAME" PreferredMode="1" HardwareKey="C0C1408E4693FECBExxx1C21710" SiteDomainName=""/>

and the GROUPNAME is correct. This is also in sylink.xml. But on some reason, I see from client troubleshooting, that group is different.

AravindKM's picture

In SEPM Clients--->Clients click on "set display filter" change the selection to show all users and computers and try.Are you imaged this computer with an image which is already having SEP?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Ren's picture

Changeing display filter did´nt help. No, its fresh (wmvare) XP setup, without SEP installed. Also some real PCs from other countries, struggling with the same problem.

AravindKM's picture

if you are using SEP  as a part of your image you have to follow this doc
Configuring Symantec Endpoint Protection client for deployment as part of a drive image

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Vikram Kumar-SAV to SEP's picture

In SEPM try searc clients-- and search the client ,then check in which group it belongs..it might be in user Mode..so once you find it..you can change the group.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Ren's picture

Searcing COMPUTER from SEPM does not give the result. Search result is just empty.
But searching USER was successfull. Switched it to computer mode and now its findable.
So the client was set into user mode. Why? Exported install pack defines the client to be in computer mode? I dont use any client in user-mode in my environment.

Vikram Kumar-SAV to SEP's picture

It does happen sometimes that client after installation changes to client mode..
It might have been either accidently changed to user mode or some setting left over from previous install would have changed it to user mode.

However its good to know that your issue has been resolved.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Ren's picture

.. it is solved that I finally found my "lost" clients, but I still dont know the reason, WHY it was happening and how to ensure, it wont happen again. It all started kinda lately and I´ve got the same complains from other colleagues that client are put into wrong group. What might cause that? i discovered, there are actually number of clients in user-mode..

Vikram Kumar-SAV to SEP's picture

Did u or any admins right-clicked and switched any clients in User Mode before..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Ren's picture

It is possible yes.. Why?
Currently there is apx 210 clients set to user-mode. Definetly not on purpos. It must be some kind of bug or something else..

AravindKM's picture

I had read some were that if any one client is switched to user node all/many other client may get  a tendency to automatically to switch to user mode.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Ren's picture

tendency? automatically?
sounds like a virus in antivirus system....