Endpoint Protection

 View Only
  • 1.  SEPM 11. 06 Location Awareness

    Posted Aug 02, 2011 03:35 AM

    Hi Guys,

     

    I have deployed 3 SEPM servers, A,B and C in windows domain. These A, B and C servers are connected by VPN and on three different sites. 

    The problem I am facing is that, when a condition is met the client looks for the update from the alotted server but the Client is not showing up in SEPM server (not in the default or migrated one). And SEP Client is showing Server Offline , although it is getting the definition update from the migrated server. is there a way I can sort out this problem, as in this way I do not have any control on the clients if they auto migrate. 

    I have checked, the client is showing up with a green dot if migrated to any server manually by dropping sylink file. But can not get it via location awareness..



  • 2.  RE: SEPM 11. 06 Location Awareness

    Posted Aug 02, 2011 03:38 PM

    Are those SEPMs in replication?



  • 3.  RE: SEPM 11. 06 Location Awareness

    Posted Aug 02, 2011 10:08 PM

    No, 



  • 4.  RE: SEPM 11. 06 Location Awareness

    Posted Aug 02, 2011 10:26 PM

    Just want to clear, they can not replicate I believe as they are not on the domain / site, they all are separate installation. I installed them as the default domain and site on every location, I think I should have mentioned this first.



  • 5.  RE: SEPM 11. 06 Location Awareness
    Best Answer

    Posted Aug 03, 2011 09:16 AM

    The communication between clients and SEPMs is secured with digital certificates, different per each SEPM installation. If they are in replication, they share those certificates to allow the client roaming otherwise it is not possible. When you replace the sylink.xml, you are replacing the certificate as well on that client, that's why it works. I don't know your LU policy to explain why it works, I suspect it is set to use LU servers.

    To workaround it, you might disable the secure communication:

    Clients > select a group > policies on the right > General settings in blue > Security settings > uncheck the last option.

    Test it for a small group, if it meets your needs, you can do the same for the other groups.

    By doing it you allow the clients to connect and interact to any SEPM, including a fake one for hacking...



  • 6.  RE: SEPM 11. 06 Location Awareness

    Posted Aug 03, 2011 10:22 PM

    Thanks Beppe, I did test these settings yesterday in my test environment, unchecking the secure settings was not working for me but replication was. 

    Thanks for your support.