Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEPM data in console does not update although clients have latest definitions

  • 1.  SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 06:57 AM

    Hi,

    We have an environment with 3 main SEPM sites, 2 of which are working fine. The biggest site, located in the Americas, had a problem last April 13th with its 2 SEPM servers, where the SEPM services crashed after a Microsoft update. We found out a while later. After restoring the service, everything went back to normal, but now the data and information about end clients in the SEPM console does not get updated since April 16th although the end clients do have the latest definitions.

    The clients from the other two regions/sites are showing fine in the console, but not the ones in the Americas. It is confirmed that the end clients keep receiving new definitions and the definitions in the SEPM servers are fine also and not corrupted.

    Has anyone got into such problem in the past?

    We are running SEPM 11.0.5 with a mix of 11.0.5 and 11.0.7 SEP clients. The SEPM console runs on Win2k3 R2 64bit servers.

    Thanks!



  • 2.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:07 AM

    hello,

    check this public kb

    Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

     

    Article:TECH166923 | Created: 2011-08-11 | Updated: 2012-06-16 | Article URL http://www.symantec.com/docs

    The Symantec Endpoint Protection Manager does not update virus definitions successfully through LiveUpdate

    http://www.symantec.com/docs/TECH183178



  • 3.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:13 AM

     

    Hi,

    Check this article

    Test SEP to GUP and GUP to SEPM communication

    http://www.symantec.com/docs/TECH153328 

    Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

    http://www.symantec.com/docs/TECH105894

    Also if these articles are not helpful then pass on Sylink debug logs from 1 or 2 affected clients.

    The only way to know what is really going on during the communication process is to enable Sylink debugging on a client that is not updating, allow debug logging to run for 10-15 minutes, then disable again. If you like you can attach the log to the thread for review.

    How to enable Sylink Debugging for Symantec Endpoint Protection in the registry
    http://www.symantec.com/docs/TECH104758

     

    And ..

     

    Here are few Troubleshooting Articles you have have to look at:

    Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

    http://www.symantec.com/docs/TECH105894

    Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

    http://www.symantec.com/docs/TECH95790



  • 4.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:15 AM

    Hi Manish,

    Thanks for the quick reply, but I don't think that's the case, since the definitions of the clients are alright and up to date. This is not the problem.

    The problem is that although tht definitions of the clients are up to date, they do not show like this in the console. This affects reporting, monitoring and visibility over what may be happening on my end clients.

    Thanks for trying though.



  • 5.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:21 AM

    Hello,

    Please, check that clients' info dropped as .dat files in the SEPM folder program files/symantec/SEPM/data/inbox/agentinfo are parsed (their amount decreases because loaded into the DB) or if they are accumulating there (issue to load them into the DB hence not updated details in the console).

    If there's replication in place and American clients failed over to the other sites, of course you need to wait clients fail back to American SEPMs and/or replication happens.



  • 6.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:23 AM

    refer these article's.

    http://www.symantec.com/business/support/index?page=content&id=TECH104721

    Similar thread is available

    https://www-secure.symantec.com/connect/forums/sep...

     

    Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

    http://www.symantec.com/docs/TECH105894

    Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

    http://www.symantec.com/docs/TECH95790



  • 7.  RE: SEPM data in console does not update although clients have latest definitions



  • 8.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:38 AM

    Hello

    Kindly confirm the client which information is not getting update are reflecting online on SEP Server?



  • 9.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:44 AM

    Yes, they are seen as online and witha green dot.



  • 10.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 07:45 AM

    Will check this, but won't be able to right now but in 2 hours. Thank you Beppe!



  • 11.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 08:38 AM

    check it

     

    Clients cannot send data back to Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH105348



  • 12.  RE: SEPM data in console does not update although clients have latest definitions

    Posted Apr 19, 2013 09:14 AM

    Try this document

     

    Symantec Endpoint Protection Manager does not parse client forwarded logs in a timely manner.