Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM 12.1.4 hyper v

Created: 27 Jan 2014 • Updated: 06 Feb 2014 | 4 comments
This issue has been solved. See solution.

I have a new Server OS deployment Win 2012 R2 as the host.  I created a Hyper V machine of Win 2008 R2 where I deployed SEPM 12.1.4.  I deployed the updated client packages and none of the clients will connect to the SymantecVM SEPM. 

SEPM Debug Log

2014/01/27 14:52:20.689 [2132:9984] Update ProfileNow Request has been sent
2014/01/27 14:52:38.462 [2132:8480] AH: (InetWaiting) time out. Timeout period: 30000
2014/01/27 14:52:38.462 [2132:8480] Sylink:(EXCEPTION, err=9) Internet Session Timeout
2014/01/27 14:52:38.972 [2132:8480] AH: Setting the Browser Session end option & Resetting the URL session ..
2014/01/27 14:52:59.972 [2132:8480] <ParseErrorCode:>12029=>The attempt to connect to the server failed.
2014/01/27 14:52:59.972 [2132:8480] <ParseErrorCode:>12029=>The attempt to connect to the server failed.
2014/01/27 14:52:59.982 [2132:8480] ###### Set ACSConnec offline
2014/01/27 14:52:59.982 [2132:8480] CProfileMgrManPlugin::ReceiveMessage: enter
2014/01/27 14:52:59.982 [2132:8480] ProfileMgrMan: ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] CProfileMgrManPlugin::ReceiveMessage: exit
2014/01/27 14:52:59.982 [2132:8480] AVMan: Entering ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] AVMan: Leaving ReceiveMessage
2014/01/27 14:52:59.982 [2132:8480] LUMan: Entering ReceiveMessage with id 0x40002
2014/01/27 14:52:59.982 [2132:8480] AtpiMan: Entering ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] AtpiMan: Leaving ReceiveMessage
2014/01/27 14:52:59.982 [2132:8480] BashMan: Entering ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] BashMan: Leaving ReceiveMessage
2014/01/27 14:52:59.982 [2132:8480] CidsMan: Entering ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] CidsMan: Leaving ReceiveMessage
2014/01/27 14:52:59.982 [2132:8480] RebootMgrMan: Entering ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] RebootMgrMan: Leaving ReceiveMessage
2014/01/27 14:52:59.982 [2132:8480] RepMgtMan: Entering ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] RepMgtMan: Leaving ReceiveMessage
2014/01/27 14:52:59.982 [2132:8480] SubmissionsMan: Entering ReceiveMessage with msg id 262146
2014/01/27 14:52:59.982 [2132:8480] SubmissionsMan: Leaving ReceiveMessage

I created a firewall rule in the GPMC for port 8014 and linked the rule to the appropriate groups. . . . . .servers and clients still do not connect. . . . . .any ideas??

Operating Systems:

Comments 4 CommentsJump to latest comment

.Brian's picture

Enable sylink debugging on an affected client and let it run thru a few heartbeat attempts

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Tony K.'s picture

I have had a similar issue on my home Windows 8.1 Pro machine - I ran into the exact same problem - it has to do with the virtual network tunnel that is created on the hypervisor to the guest machines.

However, verbally - we have not recommended installing the firewall component onto Hyper-V hypervisor machines (guests are OK); this is due in how MS creates their virtual NIC and how SEP is added into the network stack - we do not allow permiscuous traffic though our firewall (packets not intended for the destination machine to pass through) - which in this case, since traffic first passes through the Hyper-Vs OS (and it's firewall) and it is determined that the traffic is for a different IP/MAC/ETC and is dropped (even though we know that the intended destination is a guest OS - SEP firewall doesn't know that)

In this case, I would just go to add/remove programs - modify Symantec Endpoint Protection, deselect Firewall from the Network Threat Protection section (Intrusioin Prevention is just fine).

You can attempt to write your own firewall rules for the hypervisor instead, however in this case, I would start with a default set and set ALL the rules to log that have a block attached and you can make adjustments from there - however, in this case for this one machine only - don't use the SEP firewall, for now.

jtchmpcdid's picture

So in troubleshooting this further. . . . . The Sym firewall was blocking network traffic through the virtual switch on the host machine and not allowing all other host P and V from connecting in to SEPM on the virtual machine. 

The cure was to create a firewall exception for port 8014 in SEPM firewall for the local network, uninstall on the host, and redeploy to host from the virtual machine with the new rule in place.  The virtual switch then passed the traffic and ALL host are happy!!

SOLUTION
Tony K.'s picture

Ah as I suspected, SEP firewall...

But uninstalling was not needed - for future, just open the SEP client and disable the Network Threat Protection (Options>Change Settings>Firewall>Uncheck Enable Firewall), make your policy changes on the SEPM then right-click on the tray icon and select update policy. The firewall will re-engage with the new rules.

I'll be honest, on my Hyper-V setup, I had a few more little things pop up too and they were related to the firewall as well. But if it's working for you, all the better :)

Don't forget to mark this thread as solved as well!