Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP Clients Missing Policy Serial Number

Created: 05 Feb 2013 | 5 comments

On our Windows (all platforms) servers and PC's, running with SEP 12.1 RU2, some are randomly losing the Policy Serial Number in the SEPM console. After a week or two, the quantity gets quite large (dozens). I can correct by pushing down to these clients a Communication Update Package, and all is well. Except, after a few days, the issue pops up again and the numbers of client missing the Policy Serial Number begins mounting again. These clients still show with a green circle/check mark as healthy under health state, and have updated definitions.

On the client side, you see the green circle/check mark saying no problems detected, and updated defs. However, in the Troubleshooting portion of the GUI, the Group and Policy Serial Number are empty, and the location awareness is Disabled (Enabled is normal - normal clients have Group and Policy Serial Number populated as well). If I right click on the shield and click update policy, nothing changes.

Has anyone seen this? Any ideas what's going on and how to keep this from happening? Thanks!!

Comments 5 CommentsJump to latest comment

.Brian's picture

I've seen it happen when clients lose connection the SEPM. Can you check in System log to see if they did at some point?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

birdman's picture

In the 4-5 clients without the Policy Serial Number, I did find event(s) ID 101 - SEP client is unable to connect to the management server. In each case though, it's shortly followed by event ID 100, which says the SEP client is able to connect to the SEPM. This could be due to brief WAN interruptions (hard to say). Could that interruption corrupt or sever the policy? It seems like a brief interruption should yield this result.

.Brian's picture

I have seen this before, especially at our remote sites with a slow WAN link. They do eventually come back so I don't worry about it. But nonetheless, I have seen it before.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Maybe only temporary doe to issues on the connection to SEPM? What happens if you force the policy update from client GUI?

Rafeeq's picture

Check console logs for errors writing policy changes to the Symantec Endpoint Protection Manager

  • From the console machine, inspect the following log files for errors:

    %temp%\scm-ui.log 
    %temp%\scm-ui.err

http://www.symantec.com/business/support/index?pag...