Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM replication partner

Created: 06 Sep 2012 • Updated: 11 Sep 2012 | 10 comments
This issue has been solved. See solution.

I have a main Symantec Endpoint Protection Manager (SEPM1), I have done a replication partner on a server in my DR (SEPMDR). I can see from the management server that replication is being done.

I stopped service Symantec Endpoint Protection Manager to be able to test SEPM1. There is a client installed on SEPM1, on SEPMDR I can see that the client on SEPM1 has connected, but when I check the actual client (Help and Support> Troubleshooting) there is no green dot. Is this normal?

What test can I do on the SEPMDR to check that clients have connected? If SEPM1 is unavailable for 2-3 days, will the clients update normally?

Any tip, link will be very helpful.

Comments 10 CommentsJump to latest comment

pete_4u2002's picture

 there is no green dot. Is this normal?

yes, in case if the Management server list is not set for that group the client will not fall back to other SEPM

create a management server where the prioirty 1 is the existing SEPM, priority 2 is the DR SEPM

 

check this article to create a MSL

http://www.symantec.com/business/support/index?page=content&id=HOWTO55402

 

Ashish-Sharma's picture

Hi,

Do you have configure Failover between replication ?

What is Management Server List and how to configure Failover between replication partners using embedded database.

https://www-secure.symantec.com/connect/articles/w...

Thanks In Advance

Ashish Sharma

 

 

Chetan Savade's picture

Hi,

Replication enables data to be duplicated between databases one separate sites so that both databases contain the same information. If one database fails, you can manage the entire site by using the information on the database from another site.

After configuring replication please set Management Server List (MSL) with the correct priority for failover.

By default, the management servers are assigned the same priority when configured for failover and load balancing. If you want to change the default priority after installation, you can do so by using the Symantec Endpoint Protection Manager console. Failover and load balancing can be configured only when a site includes more than one management server.

What test can I do on the SEPMDR to check that clients have connected? If SEPM1 is unavailable for 2-3 days, will the clients update normally?

--> You are testing in correct way, however green dot should stay on the client to receive the latest updates.

Check following articles as well:

Description of the different shield icon statuses in the System Tray for Symantec Endpoint Protection

http://www.symantec.com/docs/HOWTO55020

How replication works

http://www.symantec.com/docs/HOWTO55328

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Gavinash's picture

Dear Chetan,

Management Server List has already been configured as per extract from sylink.xml below:

- <ServerList Name="New Management Server List">

- <ServerPriorityBlock Name="Priority1">

<Server Address="198.16.4.57" HttpsVerifyCA="0" VerifySignatures="1" />

</ServerPriorityBlock>

- <ServerPriorityBlock Name="Priority2">

<Server Address="198.20.4.57" HttpsVerifyCA="0" VerifySignatures="1" />

</ServerPriorityBlock>

</ServerList>

Have I set the priority correctly, 198.16.4.57 is the main SEPM?

I saw that client do failover on the SEPMDR, some client appear with green dot on SEPM and some as 'The client can communicate with Symantec Endpoint Protection Manager at another site'. But still when I check the client, Help and Support>Troubleshooting> Server is Offline.

The strange thing though is that when I check the policy serial number in the SEPMDR, there is no serial number at all. Is this normal? Is there a way for me to remedy to this?

Please find report from sylink monitor:

09/07 13:51:38 [3004] <GetIndexFileRequest:>SMS return=500
09/07 13:51:38 [3004] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
09/07 13:51:38 [3004] HTTP returns status code=500
09/07 13:51:38 [3004] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
09/07 13:51:38 [3004] <GetIndexFileRequest:>COMPLETED
09/07 13:51:38 [3004] <IndexHeartbeatProc>GetIndexFile handling status: 500
09/07 13:51:38 [3004] <IndexHeartbeatProc>Switch Server flag=1
09/07 13:51:38 [3004] HEARTBEAT: Check Point 5.1
09/07 13:51:38 [3004] <ScheduleNextUpdate>new scheduled heartbeat=2048 seconds
09/07 13:51:38 [3004] HEARTBEAT: Check Point 8
09/07 13:51:38 [3004] Get Next Server!
09/07 13:51:38 [3004] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
09/07 13:51:38 [3004] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
09/07 13:51:38 [3004] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:51:38 ======
09/07 13:51:38 [3004] <IndexHeartbeatProc>Set Heartbeat Result= 1
09/07 13:51:38 [3004] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
09/07 13:51:38 [3004] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
09/07 13:51:38 [3004] Use new configuration
09/07 13:51:38 [3004] HEARTBEAT: Check Point Complete
09/07 13:51:38 [3004] <IndexHeartbeatProc>Done, Heartbeat=2048seconds
09/07 13:51:38 [3004] </CSyLink::IndexHeartbeatProc()>

Any help will be much appreciated.

Chetan Savade's picture

Hi,

Compare Sylink.xml file of both the clients which are online and offline.

MSL mentioned above seems to be correct however it should be applied to all the groups/clients.

MSL is same on another SEPM right?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Gavinash's picture

Dear Chetan,

MSL is the same on the main SEPM and replication partner. This is the correct way to do it?

Please find error report from sylink monitor: 

<GetIndexFileRequest:>SMS return=503
<ParseHTTPStatusCode:>503=>503 SERVICE NOT AVAILABLE
[3004] HTTP returns status code=503

What could be the cause of the problem?

Chetan Savade's picture

Hi,

Q. MSL is the same on the main SEPM and replication partner. This is the correct way to do it?

--> It's correct.

Do one thing, replace Sylink.xml of offline machines and re-check whether failover is taking place or not.

After replacing sylink.xml client must come online with green dot.If not then there is a communication problem.

Restoring communication to clients with a new Sylink.xml file

http://www.symantec.com/business/support/index?page=content&id=TECH106288

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Chetan Savade's picture

Check this video also.

Replication Concepts and Configuration

https://www-secure.symantec.com/connect/videos/rep...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Gavinash's picture

I have been able to solve the problem

All I had to do is copy everything in folder

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent from the main server to the replication server.

SOLUTION
Ashish-Sharma's picture

hi,

Check SEP client are able to telnet ?

Thanks In Advance

Ashish Sharma