Video Screencast Help

SyLink utilty is failing to repalce SyLink files on client machines

Created: 08 Nov 2012 | 5 comments


Our "Domain controller/Endpoint Management" server failed the other day and I had to rebuild it.

I re-installed Endpoint Protection, (v12.1.671.4971), and tried to deploy the SyLink files to all my clients, using the SyLinkreplacer utility, ( v21.1). Not a single machine got updated.

I tried re-deploying the client software but, even though all the clients were deployed successfully, none of them could talk to the management server.

I traced this back to the permissions on the SyLink files under c:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config

I can't change the permissions manually and I can't take ownership of the files.

The only option at this time is to uninstall the client and then deploy them again.

This would be very disruptive and I am hoping somebody has an alternative for me.

Thanks in advance

Comments 5 CommentsJump to latest comment

ᗺrian's picture

You can also use the sylinkdrop utility. How many clients is this needed for?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


This seems to be a Server Certificate issue.

Could you let us know if the IP address and host name was kept the same on the server machine?

What OS is installed on the Server machine?

Could you please upload the sylink.log from 1 of the client machine to check the root cause of the issue?

Here is an article on how to collect the Sylink.log - 

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

C0ppert0p's picture


Thanks for the quick response.

The IP and hostname remained the same.

The OS is Windows server 2008 r2, sp1

I found one sylink log file on a client: C:\WINDOWS\SYSTEM32\ESUG\SYLINK_COPY_FAIL.LOG. It contained "DEV-100", ( the name of the server )

I ran the app2.bat file manually on the client server and attached the out

IMHO it is the copying of the sylink.xml file that is the issue here. Access is denied to the account running the batch file. The local administrator account is running app2.bat

The local administrator account is part of the "Enterprise Admins" group.

SYSTEM owns C:\Program Files (x86)\Symantec\Symantec Endpoint Protection

I've also tried running the app2.bat file as "SYSTEM" I still get "Access is denied"

app2_bat_debug.txt 3.14 KB
C0ppert0p's picture

It turns out the sylinkreplacer utility I was using was not 12.1. It was the previous version. 12.1 works fine.


Chetan Savade's picture


There are two different Sylink replacer tools.

One for SEP 11 version & other is for SEP 12.1

Reason behind is sylink file location has changed since SEP 12.1 version.

What is the location for Sylink.xml in Symantec Endpoint Protection 12.1?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<