Endpoint Protection Small Business Edition

 View Only
Back to discussions
Expand all | Collapse all

Server Health Alert is showing POOR

  • 1.  Server Health Alert is showing POOR

    Posted May 13, 2013 12:41 AM

    HI everyone,

    Even though my SEP server which is configured on WIN SERVER 2008 which has C drive of 199 GB out of which 129 GB is free and has Physical memory(MD) details: Total:4085, Cached:65,Available:813 I am getting the server health as poor.

     

    Could some one help me out on this please!!!!!!

     

    XXXXXX health status: poor.
    Reason: Memory on your Symantec Endpoint Protection Manager server is running low.
    Status reported on May 13, 2013 3:09:43 AM.


     

    Symantec Endpoint Protection
     
    Site Status Report
                Print      

     

    Symantec Endpoint Protection Manager Real-time Summary Report
    Report Time: 05/13/2013 03:10:55
    This is a real-time summary of the health status of all sites and information on all servers on the local site.
    Site Information  
    Site Name Health Status Reason
    Site XXXXXXX Poor A server on the site had low memory, low disk space or was overloaded.
     
    Server Information
    Status Details
    Server Name Status Health Status Reason CPU Usage Memory Usage Free System Disk Space Free Data Disk Space
    XXXXXXXX Online Poor Server is low on memory. 11% 99% (99%) 137224 MB 137224 MB
     
    Throughput Details on Last Heartbeat
    Server Name Heartbeat Policies Downloaded Intrusion Prevention Downloaded Learned Applications Client Logs Received
    XXXXXXXX 0 0 0 0 0
     
    Local Site Information -- Throughput sampling from last heartbeat
    Total installed clients 442
    Total online clients 26
    Total clients not reporting status 3
    Policies downloaded per second 0
    Intrusion Prevention signatures downloaded per second 0
    Learned applications per second 0
    Enforcer system logs per second 0
    Enforcer traffic logs per second 0
    Enforcer packet logs per second 0
    Client information updates per second 0
    Client security/system/traffic logs received per second 0

    Regards,

    Anoop Jeevan.



  • 2.  RE: Server Health Alert is showing POOR

    Posted May 13, 2013 12:47 AM

    Tuning the Performance of the Symantec Endpoint Protection Manager console

    http://www.symantec.com/docs/TECH105179

    Monitoring Server Health on Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH122731

    look this

    https://www-secure.symantec.com/connect/forums/poor-health-status-server



  • 3.  RE: Server Health Alert is showing POOR

    Broadcom Employee
    Posted May 13, 2013 12:50 AM

    you need to monitor what memory usage was at the time, is it showing up daily?



  • 4.  RE: Server Health Alert is showing POOR

    Trusted Advisor
    Posted May 13, 2013 08:32 AM

    Hello,

    In your case, this may happen when there is not enough memory for Java.

    I would suggest you to adjust the Java heap space assigned to the SEPM service and consoles as suggested in the Article below:

    Tuning the Performance of the Symantec Endpoint Protection Manager console

    http://www.symantec.com/docs/TECH105179

    Monitoring Server Health on Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH122731

    Hope that helps!!



  • 5.  RE: Server Health Alert is showing POOR

    Posted May 13, 2013 12:06 PM

    This is only a snapshot. So what could've happened was the SEPM was under a heavy load (updating clients, polices, etc) causing a rise in CPU and RAM and the snapshot was taken when this was going on. If you check the system, what does it show now?

    I get this every now and then and we just verify what was going on. It's usually caused by this but the system returns to normal rather quickly.

    Run another Site Status report from the SEPM to verify

    To run a Site Status Report one time:
     

    1. In the SEPM console, click on Reports.
    2. In Quick Reports, choose Report Type: System
    3. Select Site Status.
    4. Click Create Report.


  • 6.  RE: Server Health Alert is showing POOR

    Posted May 15, 2013 08:50 AM

    @pete_4u2002: Hi pete,

    I have created the notification of "Server Health Alert" with damper "10 Hours", I get the mail to my email id . Randomly its showing health is poor and some times good.

     

    @Mithun & Manish,

    Could i do those changes with out any problem, i have a bad experience of crashing my SEPM when  messing with SEPM services and properties in regedit earlier.

     

    Guys, Please advice.

    Sorry for late reply.

     

    Thanks,

    Anoop Jeevan



  • 7.  RE: Server Health Alert is showing POOR

    Posted May 15, 2013 08:56 AM

    Did you read my post? What happens when you manually run the snapshot?

    Are you able to monitor the SEPM CPU and RAM usage?

    This doesn't necessarily mean there is an issue. If the SEPM is under heavier load at the time the snapshot is taken, it could be because the SEPM is handing out updates to client, etc. After that, it should return to normal usage.



  • 8.  RE: Server Health Alert is showing POOR

    Posted May 15, 2013 09:36 AM
      |   view attached

    @Brian,

    Thanks for replying,

    I manually run the snapshot and am attaching it here. I wonder why it is showing some times good and poor. Also the memory usage is 99% earier when health status is poor. Now even though health status is good, memory usage is 81% . What factors effect memory usage?

    Shall i follow the steps suggested by @Mithun & Manish? will it affect my server in any way??

    Regards,

    Anoop Jeevan.



  • 9.  RE: Server Health Alert is showing POOR

    Trusted Advisor
    Posted May 15, 2013 10:13 AM

    Hello,

    Yes, you could try our steps as well. Those would surely assist you. smiley



  • 10.  RE: Server Health Alert is showing POOR

    Posted May 15, 2013 12:13 PM

    First off, what are specs of the hardware? How much RAM, how many procs?



  • 11.  RE: Server Health Alert is showing POOR

    Posted May 16, 2013 07:43 AM
      |   view attached

    @Brian,

     

    Attached the memory specs screenshot, please suggest

     

    Regards,

    Anoop Jeevan.



  • 12.  RE: Server Health Alert is showing POOR

    Posted May 20, 2013 12:32 PM

    HI brian,

    ANy update on the provided memory specs??

     

    Regards,

    Anoop Jeevan.



  • 13.  RE: Server Health Alert is showing POOR

    Posted May 20, 2013 12:39 PM

    It looks to meet the minimum requirement.

    How many clients? Pull or push mode? If pull, what is the heartbeat set to? Do you have GUPs in place to dsitribute content locally?

    As I said, since this is only a snapshot, the SEPM couldn've been under a heavy load at the time the snapshoit was taken. It doesn't necessarily mean something is wrong.



  • 14.  RE: Server Health Alert is showing POOR

    Posted May 20, 2013 02:00 PM

    @Brian

    Clients less than 440, Communication settings is Push mode, No GUPs

     

    Regards,

    Anoop Jeevan.



  • 15.  RE: Server Health Alert is showing POOR

    Posted May 20, 2013 02:45 PM

    If you're in Push mode, that means the clients keep a constant connection to the SEPM so they can update policies as soon as a new one becomes available. This is the likely source of your problem.

    With that many clients, this could cause some trouble. I would strongly suggest switching to Pull mode and setting a heartbeat of 15-30 minutes, especially if you don't update policies very often.

    I would also suggest setting up GUP at the local site(s) to handle content distribution.

    Here is a very similar thread here, please read thru it, especially the solution:

    http://www.symantec.com/connect/forums/pull-mode-push-mode