Video Screencast Help

SEPM Client View behaving differently

Created: 15 Nov 2013 | 6 comments

In the SEPM client view - after a disaster recovery dry run - I have different behavior than expected. Not all clients are shoing as "online" and the clients themselves are missing their green dots. The few clients that have done a sylink.xml on do not show up in the manager after the fact. 

I've followed these instructions for creating the backups and performing the recovery. http://www.symantec.com/docs/TECH102333 In my case we did not want to restore from a backup database, but have the clients themselves repopulate it, to try to elimate issues with erroneous reporting.

I can see the time the clients last talked to the server, and they seem to connect, but not stay connected. Not sure what to think at this point. Running 11.0.73 on Windows 2008 R2.

Thanks in advance for your help!!

Operating Systems:

Comments 6 CommentsJump to latest comment

Brɨan's picture

Have you tried manually replacing the sylink file?

You can can enable sylink logging to see whats going on

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry
padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH104758 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2008-01-18 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2013-02-26 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH104758

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

How many clients are facing the issues with?

What OS are these clients (in question) running on?

Could you please upload us the sylink.log from these client machines which would help us understand the root cause of the issue - 

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

TThorn's picture

Afternoon - Manually replacing the sylink file unfortunately does not make the clients appear in the management console. All clients that I can see have the old sylink from the previous server. No issues before using the sylink to regain communications. The JKS file has been restored along with the Domain ID from the previous Server install. There is no continuity between OS versions and the client behavior. Our landscape consists of Professional versions of Windows from everything from XP to 8.1 (only a couple 8's and 8.1 machines) Most PCs running are XPs, Window 7's, along with several Windows 2008 & 2008 R2 machines. I would say the clients communicate briefly with the server, but either only a certain percentage stay, or only for a certain timeframe. I cannot get them all to show "online" at the same time. The last status change for every PC in the console is within the last hour though.

Brɨan's picture

Can you post the sylink debug log file for review?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

TThorn's picture

Now neither one of the servers is communicating well with the clients. I have been asked to concetrate on the older server and get it properly working again before moving on with the issue on the new one. Here is my sylink debug log file. I'm still having issues connecting new pcs using the sylink file to the server. An "update policy" command issued on the client side helps bring some of the clients back online but doesn't work for all. I've also been told this was unacceptable and that the server should be gaining the commucations by itslef without client intervention. Is there a way to force the clients to update their Policy not just the content and have them connect and appear online from the server?

Recap - I need to update the policy from the server, without intervention on the clients; is this possible and how?

Not all clients are communicating even after "update policy" on the tested pcs, or using the sylink.xml file.

I've attached the debug log. I have a much larger one going over several hours if there is no useful information from this one.

Thanks in advance for all your help and support!!!!

-Travis 

AttachmentSize
sylink_Nov182013-2.txt 199.24 KB