Endpoint Protection

During a support call with Symantec the KCS key was changed on the master server and over 900 endpoints are now offline. Sylinkreplacer doesn't work in our enviroment, probably because we have UAC turned on. The built in tool in SEPM won't work because it has been hoplessly bugged for some time now. SylinkDrop isn't working for us on a scripted deployment because it fails with error 14, unless a user is logged into the machine; If I log into it and run the remote script it works fine. This is a problem because the majority of the endpoints offline are servers with no lone logged into them.

All of our endpoints are 12.1.5, and I'm using the latest versions of the support tools.

I believe this may have been some sort of bug. 12.1.6 was just released so that may have corrected it

New fixes in Symantec Endpoint Protection 12.1.6

http://www.symantec.com/docs/TECH230558

Update. Disabled UAC on a machine, and verified remote registry is turned on, but Sylinkreplacer sitll fails. The client lists the error in system32\esug\sylinktemp\b.txt of "Failed to Open registry..." Opertion was run with the Domain Admin account.

Hey Brian, which part was a bug you think is fixed? If we have to update the client that would probably require a reboot which wouldn't be possible right now.

I'm attempting to find some older threads on this.

Have you tried pushing a new sylink from the SEPM?

I have tried, but it bugs out completely if you try to push more than 9 clients at a time (instant fail, confirmed bug via support). Even if I do less than that 75% of them still end up failing.

That may have been bug I was thinking of...pushing from SEPM.
 

That would be even  better, then I could just update the management servers and push out the comm files. I'll give it a shot.

Comm updates still fail on SEPM 12.1.6, unless the client is logged into. Looks like its the same issue SyLinkDrop has.

Hi,

Do you have old backup of communication settings?

Also, have you tried this KB - Symantec Endpoint Protection Manager: Remote Push of Communication Update Package for Windows client fails

http://www.symantec.com/docs/TECH224943

I dont think that KB applies. It isn't pushing Mac packages, it simply won't run unless the client is logged into. It behaves exactly the same way as Sylinkdrop problem we have, which makes sense being it looks like this uses the same utility.

Restoring an old com settings file isn't really an option. The orginal issue is it seems the management servers gave out mixed KCS keys after replication was setup. So, no matter which settings file we use half of them won't connect.

Luckily I turned tamper protection off awhile back fearing a situation like this. I was able to script an smc -stop/copy sylink operation. It's kind of messy being I need a different version of it for 32 bit, 64 bit, and each SEP version, but it works.

I am having an issue on the workstations that have passwords though. The password has a space at the end, and I don't think that is making it through.