Endpoint Protection

Dear All,

Need your expertise advice urgently on the below issue.

While monitoring, our network team has noticed SEP client machines (ver. 11.0.6MP3) connecting to the local GUP server (ver. 11.0.6MP3) through our local LAN proxy. Due to this our total proxy traffic got freezed. I believe clients should connect to GUP server via LAN not through proxy. Correct me if I am wrong..?

We are facing the above issue from last week. Till before there was no issue. Both GUP & SEP clients are in same subnet.

Does any one come across this kind of issue..? Kindly advice. Have attached sylink.log.

 

 

Have there been any changes made that would cause this? Any change to the policy?

I checked with our concern team but there was no change made recently in the proxy. Also, I would confirm there is no change made in SEPM since our team is governing it. Let me know in case of any further information.

Can you take a look at the registry keys discussed in the below articles and remove them?  That should get the SEP Client to connect directly.

http://www.symantec.com/docs/TECH106193
http://www.symantec.com/docs/TECH137402

Thanks for the link. When I tried accessing it, it shows the "Symantec site is under maintenance". Is there any other way to check the contents in the above mentioned link.

Hmmm try these:

The  proxy settings can be removed by performing the following steps:

1.   Open the registry (Start->Run->type "regedit").

2.  Go to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections

3.  Delete the registry keys "DefaultConnectionSettings" and "SavedLegacySettings".

4.  Reboot the machine.

Note:  These registry keys will automatically regenerate after reboot of machine.

Thanks for the update. Checked the above mentioned registry value. But couldn't find it in the problematic client machines. However, the traffic is still hitting through LAN proxy.

Please confirm How many clients have the issue? All clients are placed in a same group?

Around 500 clients are having this issue. All problematic clients are tagged under different logical groups in SEPM console.

Hello,

Check the Logs and found  - 

Check these steps provided below on 1 of the client to check the Proxy settings on "System Account"

Check the Proxy settings in the Internet Explorer of the System Account.

Try the following steps on the SEPM server machine of Windows 2003, Windows XP.

The solution need to done for the SYSTEM account, because when LiveUpdate is scheduled  to run it uses the SYSTEM account by default:

Check the SYSTEM proxy settings by following these steps...

1. Click 'Start' and click 'Run'
2. Type at 12:00 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe" in the 'Run' box and click 'OK'
3. It will create a scheduled task.
4. Go to 'Scheduled Tasks' folder in 'Control Panel'
5. Right click the file named 'At1' and click 'Run'. It will open an Internet Explorer page.
6. Click 'Tools' menu, click 'Internet Options' and click on the 'Connections' tab.
7. Verify the connection settings and proxy settings.
8. SEP client would start getting updated with the latest definition.

Note: The above steps would not work on Windows Vista, Windows 7, Windows 2008.

Incase, of Windows Vista, Windows 7 or Windows Server 2008 / Server 2008 R2, check this Article: http://www.symantec.com/docs/TECH96141

Reference: https://www-secure.symantec.com/connect/articles/how-configure-proxy-settings-symantec-endpoint-protection-manager-sepm-121

Hope that helps!!

Check it, may be help you https://www-secure.symantec.com/connect/forums/sep-update-fails-even-after-telnet-gup-successful

I think you have misunderstood the query. There is no issue for the clients in receiving the VDF from the GUP server. However, the clients are connecting to GUP through our Proxy instead of LAN. When we checked with Symantec, they told that SEP client use HTTP protocol (Not TCP) to communicate with GUP server. I am totally confused...Can anyone help..?

Can you check on one of the affected clients in Control Panel -> Symantec Liveupdate -> is the proxy configuration specified here -> if yes can you set it not to use proxy traffic and see if the connection to GUP gets the over the LAN?