Endpoint Protection

 View Only

  • 1.  SEPM 12.1 RU5 Service Accounts , less permissions

    Posted Dec 09, 2014 05:02 AM

    Hi All,

    We have upgraded SEPM to RU5 , SEPM was automatically configured to use some service accounts to start the services.

    Also I have goine throught the below to article

    Troubleshooting log on as a service permissions for Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH216042

    Symantec Endpoint Protection Manager 12.1 RU5 and higher installs its services with reduced privileges and permissions

    http://www.symantec.com/docs/TECH224312

     

    After upgrade SEPM to 12.1.5, if i export managed install package(12.1.4MP1) from SEPM - installation gives the below error message

    SEP install error.jpg

     

    But if i export unamanged package of the same version - installation successful.

    Also i am able to install self managed package on the client - so i reckon there is no issue at client end.

     

    1.Already deleted and imported the SEP 12.1.4MP1 client package in to SEPM 12.1.5

    2.Ran repair installation for SEPM

    3.Ran upgrade.bat , SCA.bat

    4.Restarted SEPM server.

    5.Client end : Ran cleanwipe then tried - no go

     

    If i change the semsrv & semwebsrv services to use local system account. will that cause any issue? also what is the default password for these 3 accounts?

     

    Provided all necessary logs to Symantec, But yet to hear back from them..

     

    Thanks

    Sankara



  • 2.  RE: SEPM 12.1 RU5 Service Accounts , less permissions

    Posted Dec 09, 2014 05:52 AM

    There's no issue with swapping the SEPM services back to the local system account.

    As far as the virtual accounts used by the 12.1RU5SEPM, there are no passwords assigned to these specifically.  They exist only to run the service for which they are named.  You can find more information about virtual accounts in the below MS link:

    http://technet.microsoft.com/en-us/library/dd548356(v=ws.10).aspx

    Essentially, the SEPM is now taking advantage of a MS technology that's been around for a while, to improve accountability and visibility.



  • 3.  RE: SEPM 12.1 RU5 Service Accounts , less permissions

    Posted Dec 10, 2014 08:05 AM

    Thanks SML,

    Ok i understand that this issue is nothing to do with those services accounts.

    Any guess or idea..why the managed instal package is not working?

     

    Thanks,

    Sankara

     



  • 4.  RE: SEPM 12.1 RU5 Service Accounts , less permissions

    Posted Dec 11, 2014 08:21 AM

    If exporting an unmanaged client works fine, then I can only assume there's something hokey going on when the SEPM attempts to retrieve config information.

    Does the same happen if you export a managed client with no policies or group assigned?  Similarly, does the issue occur when exporting an unmanaged client that includes customised policies from a specific group?

    Finally, does this happen via both the Client Deployment Wizard as well as when exporting direct from ADMIN -> Install Packages?