Endpoint Protection Small Business Edition

 View Only

  • 1.  SEPM 12.1.4 hyper v

    Posted Jan 27, 2014 04:11 PM

    I have a new Server OS deployment Win 2012 R2 as the host.  I created a Hyper V machine of Win 2008 R2 where I deployed SEPM 12.1.4.  I deployed the updated client packages and none of the clients will connect to the SymantecVM SEPM. 

    SEPM Debug Log

    2014/01/27 14:52:20.689 [2132:9984] Update ProfileNow Request has been sent
    2014/01/27 14:52:38.462 [2132:8480] AH: (InetWaiting) time out. Timeout period: 30000
    2014/01/27 14:52:38.462 [2132:8480] Sylink:(EXCEPTION, err=9) Internet Session Timeout
    2014/01/27 14:52:38.972 [2132:8480] AH: Setting the Browser Session end option & Resetting the URL session ..
    2014/01/27 14:52:59.972 [2132:8480] <ParseErrorCode:>12029=>The attempt to connect to the server failed.
    2014/01/27 14:52:59.972 [2132:8480] <ParseErrorCode:>12029=>The attempt to connect to the server failed.
    2014/01/27 14:52:59.982 [2132:8480] ###### Set ACSConnec offline
    2014/01/27 14:52:59.982 [2132:8480] CProfileMgrManPlugin::ReceiveMessage: enter
    2014/01/27 14:52:59.982 [2132:8480] ProfileMgrMan: ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] CProfileMgrManPlugin::ReceiveMessage: exit
    2014/01/27 14:52:59.982 [2132:8480] AVMan: Entering ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] AVMan: Leaving ReceiveMessage
    2014/01/27 14:52:59.982 [2132:8480] LUMan: Entering ReceiveMessage with id 0x40002
    2014/01/27 14:52:59.982 [2132:8480] AtpiMan: Entering ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] AtpiMan: Leaving ReceiveMessage
    2014/01/27 14:52:59.982 [2132:8480] BashMan: Entering ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] BashMan: Leaving ReceiveMessage
    2014/01/27 14:52:59.982 [2132:8480] CidsMan: Entering ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] CidsMan: Leaving ReceiveMessage
    2014/01/27 14:52:59.982 [2132:8480] RebootMgrMan: Entering ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] RebootMgrMan: Leaving ReceiveMessage
    2014/01/27 14:52:59.982 [2132:8480] RepMgtMan: Entering ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] RepMgtMan: Leaving ReceiveMessage
    2014/01/27 14:52:59.982 [2132:8480] SubmissionsMan: Entering ReceiveMessage with msg id 262146
    2014/01/27 14:52:59.982 [2132:8480] SubmissionsMan: Leaving ReceiveMessage

     

    I created a firewall rule in the GPMC for port 8014 and linked the rule to the appropriate groups. . . . . .servers and clients still do not connect. . . . . .any ideas??



  • 2.  RE: SEPM 12.1.4 hyper v

    Posted Jan 27, 2014 04:17 PM

    Enable sylink debugging on an affected client and let it run thru a few heartbeat attempts

    How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry



  • 3.  RE: SEPM 12.1.4 hyper v

    Posted Feb 04, 2014 03:10 PM

    I have had a similar issue on my home Windows 8.1 Pro machine - I ran into the exact same problem - it has to do with the virtual network tunnel that is created on the hypervisor to the guest machines.

     

    However, verbally - we have not recommended installing the firewall component onto Hyper-V hypervisor machines (guests are OK); this is due in how MS creates their virtual NIC and how SEP is added into the network stack - we do not allow permiscuous traffic though our firewall (packets not intended for the destination machine to pass through) - which in this case, since traffic first passes through the Hyper-Vs OS (and it's firewall) and it is determined that the traffic is for a different IP/MAC/ETC and is dropped (even though we know that the intended destination is a guest OS - SEP firewall doesn't know that)

     

    In this case, I would just go to add/remove programs - modify Symantec Endpoint Protection, deselect Firewall from the Network Threat Protection section (Intrusioin Prevention is just fine).

     

    You can attempt to write your own firewall rules for the hypervisor instead, however in this case, I would start with a default set and set ALL the rules to log that have a block attached and you can make adjustments from there - however, in this case for this one machine only - don't use the SEP firewall, for now.



  • 4.  RE: SEPM 12.1.4 hyper v
    Best Answer

    Posted Feb 04, 2014 04:51 PM

    So in troubleshooting this further. . . . . The Sym firewall was blocking network traffic through the virtual switch on the host machine and not allowing all other host P and V from connecting in to SEPM on the virtual machine. 

     

    The cure was to create a firewall exception for port 8014 in SEPM firewall for the local network, uninstall on the host, and redeploy to host from the virtual machine with the new rule in place.  The virtual switch then passed the traffic and ALL host are happy!!



  • 5.  RE: SEPM 12.1.4 hyper v

    Posted Feb 06, 2014 10:56 AM

    Ah as I suspected, SEP firewall...

    But uninstalling was not needed - for future, just open the SEP client and disable the Network Threat Protection (Options>Change Settings>Firewall>Uncheck Enable Firewall), make your policy changes on the SEPM then right-click on the tray icon and select update policy. The firewall will re-engage with the new rules.

    I'll be honest, on my Hyper-V setup, I had a few more little things pop up too and they were related to the firewall as well. But if it's working for you, all the better :)

     

    Don't forget to mark this thread as solved as well!