Endpoint Protection

 View Only
Expand all | Collapse all

SEPM console shows that clients are without virus definitions.

Migration User

Migration UserOct 14, 2011 09:12 AM

Migration User

Migration UserOct 18, 2011 08:45 AM

  • 1.  SEPM console shows that clients are without virus definitions.

    Posted Oct 13, 2011 06:07 AM

    Good day.

    Configuration:

    Windows 2k8R2, SQL database, 2 SEPM servers at one site.

    SEP 11.07

    Number of clients: 700-1k

    Problem:

    After LU that was run manually, the information at SEPM console became incorrect. It shows a great number of clients without last definitions..

    And after some time, the number of such clients become greater..

    At clients machines all looks correct. They are still geting all new updates. How to fix that ?

    Screens and SEPM logs at attachment.

    Such  situation on Both SEPM servers, but they have single database.

    P.S. Sorry for my English and Russian localization at screens.

    Attachment(s)

    zip
    SEPM_logs.zip   5.14 MB 1 version


  • 2.  RE: SEPM console shows that clients are without virus definitions.

    Broadcom Employee
    Posted Oct 13, 2011 06:16 AM

    have the clients reporting to SEPM?

    restart the SEPM and teh DB service.



  • 3.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 13, 2011 06:57 AM

    The cleint screen shot shows that It has definitions of 5th october / 6th october

    so the clients are indeed out of definitions.

    Follow this discussion

    https://www-secure.symantec.com/connect/forums/after-upgrating-ru7-antivirus-definition-dont-update#comment-6056041



  • 4.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 13, 2011 07:00 AM

    Are you synching SEPM with AD?

    In your SEPM logs (scm-server-0/1.log) there are a lot of LDAP 49 errors. These are hints for AD synch problems. For example, see here:

    http://www.symantec.com/docs/TECH93212



  • 5.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 13, 2011 07:38 AM

    I had the same error, but i notice that the only think that i change to SEPM was at Security Status -> Preferences at "Logs and Reports" the date format from MMDDYY to DDMMYY.

    When i turn this back to default value (MMDDYY) on the next SEPM status refresh everything was fine again!

    I could't believe this, we was trying to find out whats happening almost 3 days and the only "error" was that we change the date format!!angry



  • 6.  RE: SEPM console shows that clients are without virus definitions.

    Trusted Advisor
    Posted Oct 13, 2011 08:25 AM

    Hello,

    Try this Steps:

     

    1 - In the Security Status windows click in Preferences;

    2 - Click on the tab Logs and Reports;

    3 - Change the date format from DDMMYYYY to MMDDYYYY. Hit OK

    4 - Wait a few seconds in the Home screen. (Clicking on Refresh wont have any effect).



  • 7.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 14, 2011 08:52 AM

    SEPM servers was restarted...

     

    Client says, that it's near impossible to restart database... Database is clustered SQL server .. SEP DB is only one nod of it..



  • 8.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 14, 2011 08:57 AM

    Thx.. That's not screens with actual date... they was made some days before.. All dates are correct..

    So, thats not this issue, but thx..



  • 9.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 14, 2011 08:59 AM

    Thx.. Send this recomendation..

    We have tried it, but it's takes no effect..



  • 10.  RE: SEPM console shows that clients are without virus definitions.

    Broadcom Employee
    Posted Oct 14, 2011 09:08 AM

    can you copy the sylink log from client and also the screenshot of the client on the SEPM reflecting the definition.



  • 11.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 14, 2011 09:12 AM

    thx... we will fix that..



  • 12.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 14, 2011 09:44 AM

    sylink is cfg file of network communications..  thats not log.. what log do you need ? or you need xml ?

    one of client status screens is alredy here ... you can't see definitions version and last scan information on effectred clients..



  • 13.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 14, 2011 10:48 PM


  • 14.  RE: SEPM console shows that clients are without virus definitions.

    Posted Oct 18, 2011 08:45 AM
      |   view attached

    thx.. sylink.log collected

    Attachment(s)

    zip
    Sylink_4.zip   8 KB 1 version