Endpoint Protection

 View Only
  • 1.  SEP Clients Missing Policy Serial Number

    Posted Feb 05, 2013 01:12 PM

    On our Windows (all platforms) servers and PC's, running with SEP 12.1 RU2, some are randomly losing the Policy Serial Number in the SEPM console. After a week or two, the quantity gets quite large (dozens). I can correct by pushing down to these clients a Communication Update Package, and all is well. Except, after a few days, the issue pops up again and the numbers of client missing the Policy Serial Number begins mounting again. These clients still show with a green circle/check mark as healthy under health state, and have updated definitions.

    On the client side, you see the green circle/check mark saying no problems detected, and updated defs. However, in the Troubleshooting portion of the GUI, the Group and Policy Serial Number are empty, and the location awareness is Disabled (Enabled is normal - normal clients have Group and Policy Serial Number populated as well). If I right click on the shield and click update policy, nothing changes.

    Has anyone seen this? Any ideas what's going on and how to keep this from happening? Thanks!!

     



  • 2.  RE: SEP Clients Missing Policy Serial Number

    Posted Feb 05, 2013 01:27 PM

    I've seen it happen when clients lose connection the SEPM. Can you check in System log to see if they did at some point?



  • 3.  RE: SEP Clients Missing Policy Serial Number

    Posted Feb 05, 2013 02:33 PM
    In the 4-5 clients without the Policy Serial Number, I did find event(s) ID 101 - SEP client is unable to connect to the management server. In each case though, it's shortly followed by event ID 100, which says the SEP client is able to connect to the SEPM. This could be due to brief WAN interruptions (hard to say). Could that interruption corrupt or sever the policy? It seems like a brief interruption should yield this result.


  • 4.  RE: SEP Clients Missing Policy Serial Number

    Posted Feb 05, 2013 02:49 PM

    I have seen this before, especially at our remote sites with a slow WAN link. They do eventually come back so I don't worry about it. But nonetheless, I have seen it before.



  • 5.  RE: SEP Clients Missing Policy Serial Number

    Posted Feb 05, 2013 05:40 PM

    Maybe only temporary doe to issues on the connection to SEPM? What happens if you force the policy update from client GUI?



  • 6.  RE: SEP Clients Missing Policy Serial Number

    Posted Feb 06, 2013 01:45 AM

     

    Check console logs for errors writing policy changes to the Symantec Endpoint Protection Manager

    • From the console machine, inspect the following log files for errors:

      %temp%\scm-ui.log 
      %temp%\scm-ui.err

     

    http://www.symantec.com/business/support/index?page=content&id=TECH105907