Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP clients connecting to GUP through LAN proxy

Created: 21 Mar 2013 | 12 comments

Dear All,

Need your expertise advice urgently on the below issue.

While monitoring, our network team has noticed SEP client machines (ver. 11.0.6MP3) connecting to the local GUP server (ver. 11.0.6MP3) through our local LAN proxy. Due to this our total proxy traffic got freezed. I believe clients should connect to GUP server via LAN not through proxy. Correct me if I am wrong..?

We are facing the above issue from last week. Till before there was no issue. Both GUP & SEP clients are in same subnet.

Does any one come across this kind of issue..? Kindly advice. Have attached sylink.log.

Operating Systems:

Comments 12 CommentsJump to latest comment

.Brian's picture

Have there been any changes made that would cause this? Any change to the policy?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jprrakash's picture

I checked with our concern team but there was no change made recently in the proxy. Also, I would confirm there is no change made in SEPM since our team is governing it.

Let me know in case of any further information.

SMLatCST's picture

Can you take a look at the registry keys discussed in the below articles and remove them?  That should get the SEP Client to connect directly.

http://www.symantec.com/docs/TECH106193
http://www.symantec.com/docs/TECH137402

Jprrakash's picture

Thanks for the link.

When I tried accessing it, it shows the "Symantec site is under maintenance". Is there any other way to check the contents in the above mentioned link.

SMLatCST's picture

Hmmm try these:

The  proxy settings can be removed by performing the following steps:

1.   Open the registry (Start->Run->type "regedit").

2.  Go to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections

3.  Delete the registry keys "DefaultConnectionSettings" and "SavedLegacySettings".

4.  Reboot the machine.

Note:  These registry keys will automatically regenerate after reboot of machine.

Jprrakash's picture

Thanks for the update.

Checked the above mentioned registry value. But couldn't find it in the problematic client machines. However, the traffic is still hitting through LAN proxy.

consoleadmin's picture

Please confirm
How many clients have the issue?
All clients are placed in a same group?

Thanks.

Jprrakash's picture

Around 500 clients are having this issue. All problematic clients are tagged under different logical groups in SEPM console.

Mithun Sanghavi's picture

Hello,

Check the Logs and found  - 

03/20 21:10:47 [5084] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87
03/20 21:10:47 [5800] <ScheduleNextUpdate>Manually assigned heartbeat=3128 seconds

Check these steps provided below on 1 of the client to check the Proxy settings on "System Account"

Check the Proxy settings in the Internet Explorer of the System Account.

Try the following steps on the SEPM server machine of Windows 2003, Windows XP.

The solution need to done for the SYSTEM account, because when LiveUpdate is scheduled  to run it uses the SYSTEM account by default:

Check the SYSTEM proxy settings by following these steps...

  1. Click 'Start' and click 'Run'
  2. Type at 12:00 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe" in the 'Run' box and click 'OK'
  3. It will create a scheduled task.
  4. Go to 'Scheduled Tasks' folder in 'Control Panel'
  5. Right click the file named 'At1' and click 'Run'. It will open an Internet Explorer page.
  6. Click 'Tools' menu, click 'Internet Options' and click on the 'Connections' tab.
  7. Verify the connection settings and proxy settings.
  8. SEP client would start getting updated with the latest definition.

Note: The above steps would not work on Windows Vista, Windows 7, Windows 2008.

Incase, of Windows Vista, Windows 7 or Windows Server 2008 / Server 2008 R2, check this Article: http://www.symantec.com/docs/TECH96141

Reference: https://www-secure.symantec.com/connect/articles/how-configure-proxy-settings-symantec-endpoint-protection-manager-sepm-121

Hope that helps!!

AttachmentSize
GUP_Whitepaper_1.1.pdf 1.41 MB

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Jprrakash's picture

I think you have misunderstood the query. There is no issue for the clients in receiving the VDF from the GUP server. However, the clients are connecting to GUP through our Proxy instead of LAN.

When we checked with Symantec, they told that SEP client use HTTP protocol (Not TCP) to communicate with GUP server.

I am totally confused...Can anyone help..?

SebastianZ's picture

Can you check on one of the affected clients in Control Panel -> Symantec Liveupdate -> is the proxy configuration specified here -> if yes can you set it not to use proxy traffic and see if the connection to GUP gets the over the LAN?