Endpoint Protection

Hi All,

A few machines, although online in my network, but showing their "deployment status" as "No Status Reported" after searching them in SEPM console. What could be the issue here? Please suggest.

For reference, screen shot is attached here.

 

 

 

Are they reporting to SEPM? Should they have been upgraded? Thats what deployment status means...post the sylink log after enabling monitoring to determine root cause. If not reporting to SEPM then replace the sylink file on the affected machines and check again.

Hi Brian,

I have attached a screen shot for more details i.e. when I search them at SEPM console they shows "No status reported" in "Deployment Status". Although, the machines which are running fine, they shows "Deployment Status" as "Install successful" when I search them too in console.

Hi,

Are you planning to upgrade SEP clients? or have deployed packages already?

What's the upgrade path?

 

Hi Chetan,

 

We are actually upgrading sep clients from 12.1.2 to 12.1.5. So, post deployment, we are seeing such machines.

I see the screenshot but it doesn't give much info which tells me they may have checked in at one point but no longer are. Do they have the green dot?

If you want to see the communication between client/SEPM then you need to enable sylink monitoring and post the log here for review.

My other suggestion, which is a potential quick fix, is to replace the sylink file to see if it fixes the issue.

It's possible the install went bad then. But again, sylink monitoring would shine more light on the issue.

Thanks for the note.

How the upgrade was performed?
 

@Chetan - Upgrading sep from 12.1.1 to 12.1.2 via SCCM push deployment. Alhough, it seems to be working fine as more than 95% of clients got upgraded via SCCM.

@chetan - correction for above statement. Actually upgrading SEP 12.1.2 to 12.1.5.

Check SEP_inst.log for errors. Again, does the client have a green dot and reporting in? Just because it shows on SEPM doesn't mean it's reporting in currently. Or replace a sylink file.

@Brian - I have to collect these logs from client end. So, it might take some time. Is it possible to fetch these logs(SEP_ins.log) from SEPM?

Also, as you said the install went bad, so for that as you have suggested, we will try to replace sylink.

 

@Brian - Also, the clients are not showing any green dot ball at SEPM. But, when we search these clients in SEPM, they appears as shown in the attached screen shot.

 

Understood. That's because they checked in at one point but no longer are. Clients are removed after 30 days by default. You need to go that client and perform manual remediation. Run symhelp, grab logs, etc. Quickest fix is run cleanwipe and reinstall.

Not possible to get SEP_inst.log from SEPM.

If possible make a list of those clients, I think system reboot might be pending on those machines.

Reboot 3-4 machines out of list and try to push out package again.

Thanks Brian. I will check the logs(which might take more time than usual) & then I will get back here. Also, here in our environment, SEPM is synchronized with AD, where in AD there is a policy that the client will be auto removed from AD as well as SEPM console(as it is sync with AD) after 90 days.

...sounds good. thanks.

@Brian - Am I right ? If SEPM is synchronized with AD, then clients will be deleted automatically as per AD policies?

That's right Symantec Endpoint Protection integrates with Active Directory, but it does not integrate with GPOs.
 

 

AD sync is only for groups/clients, it won't use whatever policies you have set in AD.

You need to mirror SEPM to match AD in terms of when clients will be removed.

I would suggest you check whether these clients have at least rebooted once since the upgrade ? if not gather a report of such machines and try to reboot few machines which are in your control and wait for at least 2 to 3 heartbeat interval the clients should report to SEPM without any issues. if not then you need to check if the installation is successful at the client end and check its communication with SEPM. if everything fine, a sylink log would give us a clear picture of this issue.