Endpoint Protection Small Business Edition

I've noticed lately that SEP SBE 12.0 is not sending me any emails as it has been doing for the past year.  I've got it configured to email various SEP reports at regular intevals.  This is for a client of mine - I have this setup done on other clients and am receivin their emails. 

I'm wondering how to troubleshoot this. 

I've verified there is no spam filtering on the clients end nor mine that is blocking anything.  I've double-checked that the email address/password haven't changed, and re-entered them anyway just in case.  Their server is Windows Server 2003 R2.  I have been working mostly with 2008 lately so I can't remember, but is the windows SMTP service supposed to be on a box wth SEP SBE 12.0?  I'm guessing not since it was working before, and I have exclusive access to the server so I knowI didn't remove it (if it's required). 

There was a problem with the built-in Apache server (httpd.exe) a while ago, perhaps around when this problem began, but I have no idea if that has anything to do with anything.  I use the local console for SPC, not the web-based one but in either case I don't know if those httpd errors are still occured, nor if it matters at all.

FWIW, if I go to Monitors > Logs and review the System and Server activity logs, all seems ok but then again I'm not sure what I should be looking for. 

Can anybody make any suggestions? Inside SEP or on the server?  Thank you.

Hi,

As per your comment "There was a problem with the built-in Apache server (httpd.exe) a while ago, perhaps around when this problem began, but I have no idea if that has anything to do with anything."

If possible could you please explain exact problem about Apache server & is that resolved ?

You can try to repair Symantec Protection Center through add/remove programs.

Determine if authentication is set correctly for the connection to the SMTP server
1.Log in to the SEPM

2.From the Admin tab -> Servers -> Server name -> Edit server properties -> Mail server tab

3.Click on the "Help" button and input the name as "User@domain-name.com"(As an example.). The name used has to be a valid user name that belongs to the domain.


Advanced logging for the SEPM console can be enabled by:
Stop the Symantec Endpoint Protection Manager service
Add the line scm.log.loglevel=FINEST and scm.mail.troubleshoot=1 to the bottom of the file:

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties
Restart the Symantec Endpoint Protection Manager service


Once logging is enabled, search this log for the email address the notification should have go to:

C:\Program Files\Symantec\Symantec protection Center\tomcat\logs\SecurityNotifyTask.log

-or-

C:\Program Files\Symantec\Symantec Protection Center\tomcat\logs\catalina.out

Here's an example of a log:


2009-04-15 09:57:40.125 FINE: doMail --> mail to: test@testmail.com
2009-04-15 09:57:40.453 FINE: Borrow connection from pool.
2009-04-15 09:57:40.500 FINE: Return connection to pool.
2009-04-15 09:57:40.781 FINE: updateLastRun: m_ts_currentRun: 1239814659968
2009-04-15 09:57:40.781 FINE: updateLastRun: m_sNotagIdx: E4B57451FB49480E68D7340BE4CB168A
2009-04-15 09:57:40.781 FINE: logout Tomcat

This log indicates that SEPM has sent an email...in this example to test@testmail.com...with the above information. If the issue persists, or you see "Email sending failed" error messages in the SEPM, use Wireshark to ensure that the traffic is passing correctly from the SEPM to the mail server.

Another thing you can check to see see is if the email server is rejecting it, that would show in the email servers logs.