Video Screencast Help

SEP clients not connected, but SEPM shows green dot

Created: 05 Mar 2013 | 5 comments

Here is what we did;

Installed new SEPM site with two new servers (SEP-App1 and SEP-App2).  New site has a new SQL DB (SEP-SQL)

New site replicates to current site with one server (ADMSAV1) and it's DB (ADMSAVSQL).

Old site was 11.07.  New site was installed with 11.07 to maintain versions.  We are going to get rid of old site in the future (old, unsupported hardware).

 

Everything worked (all clients are 11.07).

Management list created to tell all the clients to report to Sep-App1 (SEP-App2 is a failover/load balancing server)

Replication was disabled, both sites upgraded to 12.1.2, replication re-enabled and it works (almost all the time).

 

Upgraded a group of clients to 12.1.2.  They initially connect, then no longer show connected on the client end (clients no longer have the green dot).  SEPM says they are connected (it has a green dot for associated client).

 

If I delete the registry key for the hardware ID and the associated XML file on the computer, the client immediately reconnects to the old SEPM.  As soon as it gets a policy update, the green dot on the client disappears again.  Initiating a policy update on the client side allows the green dot to momentarily show up and the troubleshooting info that can be found under help, shows the correct server for about 2 seconds, then it goes back to offline.

 

Using the communication package feature in 12.1 (which is new), the clients remain connected.  But, we are a school district with 9000 computers, never all on at once (so pushing out the client comm package will be a burden).

 

Any ideas on how to keep the clients connected?  I have already considered the sylinkreplacer, but that does not look to be any easier to use....

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

Can you enable sylink logging on one of the clients, let it run thru a heartbeat check in and post the log here once it completes?

it sounds like a sylink replacement is needed though.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

This should do it

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2013-02-26  |  Article URL http://www.symantec.com/docs/TECH104758

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Hi,

Start run

smc -stop

delete sylink.bak and SyLinkEx.bak..

smc -start

is the green dot stable? what was the priority of this server?

nadonl's picture

Rafeeq - that really made no difference for me.  Would have been nice if that fixed it, because I think we could have scripted a log in for that.

Brian81 - I have your directions but I have not done that yet.  Mainly because.....

 

It seems to be a fairly isolated problem - only the clients that updated on that first day seem to have the problem.  Clients that have updated subsequently to the first initial push are all doing okay.

 

I think we messed up the certs the first day when we stood up the new servers and made them replicate (replication failed everytime for a while).

 

The two sites are now replicating everytime, zero failures now for about 5 days.  Clients that are deploying now, connect and remain connected.  The new feature in 12, the client comm package works great to reconnect these isolated clients that I am finding.

 

Thanks to both of you for your quick responses.  I have a few vacation days coming up and I am confident that the SEPM will continue to work now....  Hopefully you will not see any posts from me next week!! (cause if you do, that means something went wrong again....).