Video Screencast Help

SEP Clients not connecting to SEPM.

Created: 02 Jan 2013 • Updated: 02 Jan 2013 | 10 comments
This issue has been solved. See solution.

I have approximately 700 systems in my organization. A few hundred of these systems are reporting as offline when I personally confirmed on the client itself that they are online, and convinced that they are connected and reporting to the right server.

We run Vist 32-bit and Win 7 32-bit. The vista systems are connecting without issues. 90% of the Win 7 systems are not.

I have tested replacing the sylink.xml file and connecting on the client through help - troubleshooting - connection status that solved nothing.

I have rebuilt the server, several times. I even rebuilt it and manually installed each of the 700 systems. That also solved nothing.

I have tried SEPM with an embedded database and with an SQL database. Neither made a difference. Currently we are remaining on the SQL database.

I have verified connections to the database and it works, which makes sense because all the vista systems are working.

I have tried installing SEP 12.1.1000.157, SEP 12.1.1101.401, SEP 12.1.2015.2015 and none of the successfully report.

Ghosting these systems is not feasible as there must be an actual solution and I cannot insist that a few hundred systems get rebuilt.

I have tried every solution in the SEP Clients Not Connecting  technical solutions page that Symantec put out.

I have tested the network and there are no issues within it that I can find.

I have tried linking it through active directory and it is still not locating those few hundred that are online, it is still linked to Active Directory.

I turned debugging on for one of the systems and returned this one interesting tidbit in the log:

2013/01/02 11:45:06.980 [3144:2388] <mfn_PostApplication>===SEND EVENT_SERVER_REQUIRES_CLIENT_APPLEARNING ===
2013/01/02 11:45:08.010 [3144:2388] AH: Setting the Browser Session end option & Resetting the URL session ..
2013/01/02 11:45:08.774 [3144:2388] <ParseHTTPStatusCode:>468=>468 Request not allowed<ParseHTTPStatusCode:>468=>468 Request not allowed

Also, my SEPM is currently 12.1.2015.2015 and this has been an issue even when it was on all the other versions listed above.

Looking for a solution. Thank you.
 

Comments 10 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

So,  90% of the Win 7 systems are not communicating to the SEPM server, correct?

Are these Windows 7 machines installed with SEP 12.1.2015?

Make sure the UAC and Windows Firewall Services are stopped and Disabled.

Could you please upload us the Sylink.log from the Windows 7 machine, so that we could understand the root cause of the issue.

Check the Article below on How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry?

http://www.symantec.com/docs/TECH104758

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

P_K_'s picture

Please get the sylink logs from the client using the KB

http://www.symantec.com/docs/TECH104758

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

_Brian's picture

You can also run wireshark on one of the affected clients and force a client check in. Set a display filter to show only traffic to/from your client and SEPM. This should confirm communication (or not).

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Cameron_W's picture

Sounds like it could be a possible duplicate HWID issue. I would follow the steps in the document below to identify any clients that my share a HWID.

http://www.symantec.com/docs/TECH163349

If I was able to help resolve your issue please mark my post as solution.

SOLUTION
ldupuis87's picture

Debug log attached, sylink incoming. UAC and firewall are off by GPO settings. Yes, 90% of Win 7 systems. No, they are not all 12.1.2015, they are mostly 12.1.1101 and 12.1.1000. The one I am currently working on I upgraded to 12.1.2015 as a test, still no connection. I will try the HWID instructions and post the results.

AttachmentSize
debuglog.txt 15.98 KB
ldupuis87's picture

I cannot follow this KB: http://www.symantec.com/docs/TECH104758

When I go to create the string value under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink it tells me it cannot write to the registry. For that matter, I can't write to the registry at all under Symantec Endpoint Protection and all it's child objects. I can write above without any issues.

Rafeeq's picture

You need to disable tamper protection and then try creating that value. Only sylink file wil have more info.

Do you use any Firewall in your network? like ISA or Threat management gateway TMG ? 

try synching the database as mentioned in this discussion.

https://www-secure.symantec.com/connect/forums/sep...

 

Mithun Sanghavi's picture

 

Hello,

To use the steps in the Article above, you may have to disable the Tamper Protection from the Symantec Endpoint Protection Manager, which would allow the changes to be made.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ldupuis87's picture

HWID KB solved this on 5 systems. I installed it manually because it is erroring when I create because it has no sylink file. Even errors when I export a sylink and zipped them together. I will deploy this via SCCM instead. Probably faster that way anyhow. Thank you all very much for your assistance!!!