SEPM: clients do not receive antivirus definitions, all are outdated, communication to server is fine
I am at a point of ripping my hair out.
I am trying to upgrade/migrate few clients from SCS v10 to SEP v11.0.6005.562 , I picked a mix of operating systems on the clients to test this on.
at first I was brave and simply deployed the client by pushing it out to those few XP's and windows 7's. It seemed to went well, all clients upgraded, they are showing in SEPM, but all reported as having outdated definitions.
I have read through 100 forum threads all over the internet and I cannot come up with a plausible explanation as to why
Server is 2008 R2 x64 , brand new virtual machine , brand new install (I even tried reinstalling it using repair and afterwards starting from scratch with uninstall of SEPM and another new install).
IE ESC is OFF
Firewall on the server is OFF
I can run the SECARs test from client to server and get "OK" response
The policy ID's match, policies update, on the clients I can see in the logs that it is communicating with the correct server
there are no network issues preventing any of this from working as far as I can tell.
SEPM shows details on the clients, including the outdated definitions from 3/29/2010
Running LUALL on the client actually reports that all definitions are UP TO DATE!
I have tried uninstalling the SEP on clients, reinstalling it by doing another deploy process
LiveUpdate policy is correct, it's set for clients to hit SEPM , SEPM goes to LiveUpdate server etc.. all default settings (brand new install).
The clients CAN get policy updates, I just changed antivirus weekly scan from 8Pm to 7:59, told one client to update policy and sure enough the change showed immediately.
1) Coincidentally I see 2 interesting quirks , one I cannot see any graphics on the home page of SEPM , I believe this is unrelated to my problem as many have complained of the same issue while having full software functionality as far as clients go.
2) when I run the sym utility SyLinkMonitor I see 0 entries, both on windows 7 and XP machine. This seems strange, especially when the logs of the client install claim the software IS communicating with the SEPM.
3) I tried to figure out where the definitions are stored on one win7 machine, but the folder "virusdef"
Sorry for the ramblings :) If you have any ideas please let me know, otherwise I plan to spend the entire day in the near future on the phone with symantec support while I continue to go bald.