Endpoint Protection

I have a group created that has 1 out of 11 installed SEP clients being listed. However, looking at my logs that I'm receiving via syslog from the SEPM server, there are logs for all 11 clients. If I go to reports and look for the specified SEP client name that I am getting logs for, there are no results. This is the same for all 10 clients that are not appearing as "registered" SEP clients.

Any ideas?

I also tried reinstalling SEP with a newer version and policy but it appears that when the SEP client reconnected, it placed it back into the old group which doesn't appear to be working correctly. Is there a way, that I can install a new SEP client and force it to move to the new group rather then it preserving the group membership and placing it back in the broken group?

TIA

Hello,

1) You see the group of the clients they are registered to, but what do you see next to Server - Do you see any IP address or host name to the SEPM server?

2) Have you set up any different Domain on the SEPM other than the default?

3) What happens when you change the filter under clients TAB?

To get, those clients back to communication to SEPM, 

What deployment method did you use to deploy the SEP clients?

Did you use a common system image to deploy, such as utilizing Norton Ghost?

Were the clients installed as User Mode or Computer Mode?

Are you using Active Directory synchronization?

Is the SEPM using an SQL database or embedded, if SQL is the database hosted on the same server as the SEPM console?

If you view the clients locally on their respective systems, does the SEP client shield icon display a green dot?

If you open the SEP client and view Help and Support>Troubleshooting does it show the SEPM server name or IP Address and the correct group name?

If you run a search for clients from the SEPM clients page for a specific computer bane, does it return found?

Regarding your attempt to reinstall, did you simply attempt to push a new install package to the SEP client from the SEPM? If so, most likely the reason it appeared back in the same group is due to the default communications settings for install packages in the SEPM. By default, they are not configured to overwrite clients' existing communications settings. 

You can create custom installation settings to change this behavior. Navigate to Admin>Install Packages in the SEPM console. Select Client Install Settings on the upper left and choose Add Client Install Settigns under Tasks. In the window that opens you will see an option at the bottom for Upgrade settings. Ticking the radio button to Remove all previous logs and policies will configure the install to overwrite the existing settings. This should move the client to a new group.

Let us know if this helps out.

Regards.

What deployment method did you use to deploy the SEP clients? Installed SEP on each client manually with a install package specific to the group.

Did you use a common system image to deploy, such as utilizing Norton Ghost? No

Were the clients installed as User Mode or Computer Mode? Computer Mode

Are you using Active Directory synchronization? No

Is the SEPM using an SQL database or embedded, if SQL is the database hosted on the same server as the SEPM console? Its a SQL database on the same server as the console.

If you view the clients locally on their respective systems, does the SEP client shield icon display a green dot? Yes

If you open the SEP client and view Help and Support>Troubleshooting does it show the SEPM server name or IP Address and the correct group name? Yes

If you run a search for clients from the SEPM clients page for a specific computer bane, does it return found? No

Regarding your attempt to reinstall, did you simply attempt to push a new install package to the SEP client from the SEPM? If so, most likely the reason it appeared back in the same group is due to the default communications settings for install packages in the SEPM. By default, they are not configured to overwrite clients' existing communications settings.  No I created a new installation package pointing them to a test group. Installed it manually on the SEP clients and they never appeared in the new group. I did have the box checked for "Add clients automatically to the selected group." I deleted the new test group and the SEP clients continue to recieve policy updates and the SEPM is getting logs (only via syslog).

You can create custom installation settings to change this behavior. Navigate to Admin>Install Packages in the SEPM console. Select Client Install Settings on the upper left and choose Add Client Install Settigns under Tasks. In the window that opens you will see an option at the bottom for Upgrade settings. Ticking the radio button to Remove all previous logs and policies will configure the install to overwrite the existing settings. This should move the client to a new group. I am trying this method now

cant you right click on the client and move to right group? AD synched? right click on group and select SYNC

The problem is that the group isn't displaying the member/clients so that won't work and no synchronization.

is it possible that the client is in User mode and u r not able to see it?

try changing the display filter under clients tab, 

Which version is the SEPM? I just wonder if this applies to your situation, fixed in RU6 MP2:

You've probably checked, but are the missing clients in the Default Group? On one of the affected clients, in the SEP client interface under Help & Support > Troubleshooting, to which client group does the client think it's reporting?

sandra

We are currently running SEP 11 MP3

Nope all installs are Computer Mode and I tried changing the filter settings around with no luck.

Since you indicated that the clients got upgraded to a new version, was the new install package for the same group or a different group?

Can you verify via sylink.xml that the preferred group is the group that you are checking and not something like the default group?

Can you search for the clients in the clients tab and retrieve a record?

I suggest opening up a case with support. We're going to want SEPM debug logs and Sylink logs so we can verify the client is connecting to the SEPM and what the SEPM is doing when it sees the client.