SEPM not showing proper status of SEP agent.
Created: 06 Aug 2010 | 8 comments
I am facing issue related reporting in SEPM. I have check some clients are online, update and connected with SEPM. i am wondering when i checked with SEPM console and its showing same clients offline . After that I have find lots of entries in SEPM. whats going on hare don't
know. i using SEPM MR5 and clients MR6A and same MR5.
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
Delete a few clients that are showing offline and wait for them to check in. Check them in their respective group or the default, they should check in.
Prachand MCSE-2012 Symantec Technical Specialist (SCTS)
They may be duplicate entries
Try this
to remove the duplicate entries in the SEPM database:
http://127.0.0.1:9090/servlet/ConsoleServlet?Actio...
Ref:remove the duplicate entries in the SEPM
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
After delete few clients that’s not reflecting again SEPM.
Try by clicking on update policy in the client.In the client go to help and support---->trouble shooting and see it belongs to which group client has to appear in the same group in server.If it is showing multiple entry normally among that only one will show online status....
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Can get the sylink log from the client?
Prachand MCSE-2012 Symantec Technical Specialist (SCTS)
FIX: Symantec Clients not reporting into the Symantec Manager console
Overview
There is an issue with the Symantec clients on imaged PC’s not reporting status back to the Symantec Endpoint Protection manager console. These clients are receiving signature and policy updates from the console, but the console does not recognize these clients as managed systems. The root cause is a conflict in the Symantec hardware ID’s (lack of uniqueness) on the imaged systems. In order to correct this, the hardware ID must be deleted in 2 locations, then reboot the PC, which forces Symantec to generate a new, unique hardware ID.
Prerequisites:
The Symantec hardware id is located in 2 places on the PC:
You must delete the sephwid.xml file, then clear the value from the HardwareID registry key. After both references have been deleted, reboot the PC and the Symantec Client on the PC will generate a new, unique key. The sephwid.xml file can be deleted remotely and the registry key value can be cleared remotely, as shown below. If the user is not logged in, you may also reboot the PC remotely. These instructions assume that the updates will be performed remotely, but you may perform these updates while logged onto the PC, using Windows explorer and the regedit utility.
**You may perform these updates remotely while the user is logged on, as the changes will not affect the user experience or become active until the PC has been rebooted.
i will check and update you.
Check another example for diff issue. in SEPM moniter report virus name, colure doesnt match with current data. showing attacker machine infected with w32.sillyFDC & IP adress is 172.28.10.205. but when i mannuly check thier is no such virus as per report said. i think hare i need to be flush SEPM database for stop such kind of issue. what you suggest for me?
check attch & today SEP log file.
Would you like to reply?
Login or Register to post your comment.