Video Screencast Help

SEPM says clients online but local client says not

Created: 08 May 2013 • Updated: 09 May 2013 | 7 comments
This issue has been solved. See solution.

Here's an interesting one.

I've just upgraded our SEPM from RU6 MP3 to 12.1 RU2 upgrade went ok and clients checked into the manager.

SEPM is reporting that the clients online and checking in but when I check the local client on the SEPM it has no green dot and troubleshooting is showing offline.

I can't update the sylink file as the original installation was done by someone else and nobody seems to have the client stop/uninstall password.

Local client is now upgraded to 12.1 RU2 and initially checked in and now reporting offline again. All Defs are up to date.

Operating Systems:

Comments 7 CommentsJump to latest comment

W007's picture

This is resolved on SEPM 12.1.2 MP1

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Pack 1

Article:TECH204685  |  Created: 2013-04-03  |  Updated: 2013-04-24  |  Article URL http://www.symantec.com/docs/TECH204685
 
Clients report to the Symantec Endpoint Protection Manager as offline, even though they are online
Fix ID: 3002170
Symptom: Clients will randomly report into the Symantec Endpoint Protection Manager as offline, even though they are actively online and available.
Solution: Updated the client USN management to properly update the client status in the Symantec Endpoint Protection Manager reports.

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

GeoGeo's picture

Thanks Manish,

But I'm getting the opposite to this issue the SEPM is saying online the clients are not.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

Rafeeq's picture

should be a port issue.

 

How to bypass the IIS proxy after upgrading to Symantec Endpoint Protection Manager 12.1

 
open sylink and check what port its trying to communication. To double check, export communication settings from new 12.1 SEPM and check the port.
W007's picture

Are the client are update ?

Check Windows firewall and UAC should be disable

try to restart sep client system

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

I know you said the clients are up-to-date, but can you tell from the policy serial number if they are picking up policy changes too?

If so, you should be able to just move them to a different group, disable the smc password protection, replace the copmmunications file, and move them back (as an initial bit of troubleshooting).

If they are not connecting to the SEPM at all, then I'd recommend following through the various tests described in the below article:

http://www.symantec.com/docs/HOWTO80740

And possibly enable & post the sylink logs for a deeper understanding of what the SEP Client thinks is happening:

http://www.symantec.com/docs/TECH104758

akgs's picture

i have this issue but only when the duplicate host entry forund on server as well as in network. one of the clients was in workgroup and other is in domain.

Check the mac address of online entry, is it same?

Try the step on client

Checked the client status: offline
Took the backup of the registry
Delete the following registry keys:
 HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
 HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Set the proxy enable in the registry to 0 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Uncheck the proxy setting option in the internet options settings.
Reboot the system.

GeoGeo's picture

Thanks all for help have managed to track down the original password import new sylink files which seems to be resolving the issue.

Although it is rather an odd issue even when I delete the machines they check back in but don't recieve latest policy even though everything is correct in the existing sylink file.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

SOLUTION