Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM data in console does not update although clients have latest definitions

Created: 19 Apr 2013 | 11 comments

Hi,

We have an environment with 3 main SEPM sites, 2 of which are working fine. The biggest site, located in the Americas, had a problem last April 13th with its 2 SEPM servers, where the SEPM services crashed after a Microsoft update. We found out a while later. After restoring the service, everything went back to normal, but now the data and information about end clients in the SEPM console does not get updated since April 16th although the end clients do have the latest definitions.

The clients from the other two regions/sites are showing fine in the console, but not the ones in the Americas. It is confirmed that the end clients keep receiving new definitions and the definitions in the SEPM servers are fine also and not corrupted.

Has anyone got into such problem in the past?

We are running SEPM 11.0.5 with a mix of 11.0.5 and 11.0.7 SEP clients. The SEPM console runs on Win2k3 R2 64bit servers.

Thanks!

Operating Systems:

Comments 11 CommentsJump to latest comment

W007's picture

hello,

check this public kb

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

Article:TECH166923 | Created: 2011-08-11 | Updated: 2012-06-16 | Article URL http://www.symantec.com/docs

The Symantec Endpoint Protection Manager does not update virus definitions successfully through LiveUpdate

http://www.symantec.com/docs/TECH183178

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

bLuEJaY's picture

Hi Manish,

Thanks for the quick reply, but I don't think that's the case, since the definitions of the clients are alright and up to date. This is not the problem.

The problem is that although tht definitions of the clients are up to date, they do not show like this in the console. This affects reporting, monitoring and visibility over what may be happening on my end clients.

Thanks for trying though.

Ambesh_444's picture

Hi,

Check this article

Test SEP to GUP and GUP to SEPM communication

http://www.symantec.com/docs/TECH153328 

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/docs/TECH105894

Also if these articles are not helpful then pass on Sylink debug logs from 1 or 2 affected clients.

The only way to know what is really going on during the communication process is to enable Sylink debugging on a client that is not updating, allow debug logging to run for 10-15 minutes, then disable again. If you like you can attach the log to the thread for review.

How to enable Sylink Debugging for Symantec Endpoint Protection in the registry
http://www.symantec.com/docs/TECH104758

And ..

Here are few Troubleshooting Articles you have have to look at:

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/docs/TECH105894

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

http://www.symantec.com/docs/TECH95790

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Beppe's picture

Hello,

Please, check that clients' info dropped as .dat files in the SEPM folder program files/symantec/SEPM/data/inbox/agentinfo are parsed (their amount decreases because loaded into the DB) or if they are accumulating there (issue to load them into the DB hence not updated details in the console).

If there's replication in place and American clients failed over to the other sites, of course you need to wait clients fail back to American SEPMs and/or replication happens.

Regards,

Giuseppe

bLuEJaY's picture

Will check this, but won't be able to right now but in 2 hours. Thank you Beppe!

consoleadmin's picture

Hello

Kindly confirm the client which information is not getting update are reflecting online on SEP Server?

Thanks.