SEP Clients not connecting to SEPM.
I have approximately 700 systems in my organization. A few hundred of these systems are reporting as offline when I personally confirmed on the client itself that they are online, and convinced that they are connected and reporting to the right server.
We run Vist 32-bit and Win 7 32-bit. The vista systems are connecting without issues. 90% of the Win 7 systems are not.
I have tested replacing the sylink.xml file and connecting on the client through help - troubleshooting - connection status that solved nothing.
I have rebuilt the server, several times. I even rebuilt it and manually installed each of the 700 systems. That also solved nothing.
I have tried SEPM with an embedded database and with an SQL database. Neither made a difference. Currently we are remaining on the SQL database.
I have verified connections to the database and it works, which makes sense because all the vista systems are working.
I have tried installing SEP 12.1.1000.157, SEP 12.1.1101.401, SEP 12.1.2015.2015 and none of the successfully report.
Ghosting these systems is not feasible as there must be an actual solution and I cannot insist that a few hundred systems get rebuilt.
I have tried every solution in the SEP Clients Not Connecting technical solutions page that Symantec put out.
I have tested the network and there are no issues within it that I can find.
I have tried linking it through active directory and it is still not locating those few hundred that are online, it is still linked to Active Directory.
I turned debugging on for one of the systems and returned this one interesting tidbit in the log:
2013/01/02 11:45:06.980 [3144:2388] <mfn_PostApplication>===SEND EVENT_SERVER_REQUIRES_CLIENT_APPLEARNING ===
2013/01/02 11:45:08.010 [3144:2388] AH: Setting the Browser Session end option & Resetting the URL session ..
2013/01/02 11:45:08.774 [3144:2388] <ParseHTTPStatusCode:>468=>468 Request not allowed<ParseHTTPStatusCode:>468=>468 Request not allowed
Also, my SEPM is currently 12.1.2015.2015 and this has been an issue even when it was on all the other versions listed above.
Looking for a solution. Thank you.
Comments 10 Comments • Jump to latest comment
Hello,
So, 90% of the Win 7 systems are not communicating to the SEPM server, correct?
Are these Windows 7 machines installed with SEP 12.1.2015?
Make sure the UAC and Windows Firewall Services are stopped and Disabled.
Could you please upload us the Sylink.log from the Windows 7 machine, so that we could understand the root cause of the issue.
Check the Article below on How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry?
http://www.symantec.com/docs/TECH104758
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
can you post the entire log?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Please get the sylink logs from the client using the KB
http://www.symantec.com/docs/TECH104758
Prachand MCSE-2012 Symantec Technical Specialist (SCTS)
You can also run wireshark on one of the affected clients and force a client check in. Set a display filter to show only traffic to/from your client and SEPM. This should confirm communication (or not).
SEP Knowledge Base
Endpoint SWAT
Sounds like it could be a possible duplicate HWID issue. I would follow the steps in the document below to identify any clients that my share a HWID.
http://www.symantec.com/docs/TECH163349
If I was able to help resolve your issue please mark my post as solution.
Debug log attached, sylink incoming. UAC and firewall are off by GPO settings. Yes, 90% of Win 7 systems. No, they are not all 12.1.2015, they are mostly 12.1.1101 and 12.1.1000. The one I am currently working on I upgraded to 12.1.2015 as a test, still no connection. I will try the HWID instructions and post the results.
I cannot follow this KB: http://www.symantec.com/docs/TECH104758
When I go to create the string value under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink it tells me it cannot write to the registry. For that matter, I can't write to the registry at all under Symantec Endpoint Protection and all it's child objects. I can write above without any issues.
You need to disable tamper protection and then try creating that value. Only sylink file wil have more info.
Do you use any Firewall in your network? like ISA or Threat management gateway TMG ?
try synching the database as mentioned in this discussion.
https://www-secure.symantec.com/connect/forums/sep...
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Hello,
To use the steps in the Article above, you may have to disable the Tamper Protection from the Symantec Endpoint Protection Manager, which would allow the changes to be made.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
HWID KB solved this on 5 systems. I installed it manually because it is erroring when I create because it has no sylink file. Even errors when I export a sylink and zipped them together. I will deploy this via SCCM instead. Probably faster that way anyhow. Thank you all very much for your assistance!!!
Would you like to reply?
Login or Register to post your comment.