Video Screencast Help

Sylink.XML questions

Created: 06 Feb 2013 • Updated: 22 Feb 2013 | 12 comments
This issue has been solved. See solution.

Hi All,

I'm bit confused and would like to have a explanation of the Sylink.XML as per below:

 

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<ServerSettings DomainId="DDA7F0F3A8D97FBC013787BA81A98BAF" NameSpace="rpc">
  <CommConf>
    <AgentCommunicationSetting AlwaysConnect="1" CommunicationMode="PULL" DisableDownloadProfile="0" Kcs="E4CD62F55D794B0B7277C87811567F1A" PullHeartbeatSeconds="300" RandomizationEnabled="1" RandomizationRange="300" RememberCurrentGroup="0" RememberCurrentPolicyMode="1" UploadCmdStateHeartbeatSeconds="300" UploadLearnedApp="1" UploadLogHeartbeatSeconds="300" UploadOpStateHeartbeatSeconds="300"/>

    <ServerList Name="Default Management Server List for DMZ">
      <ServerPriorityBlock Name="Priority1">
        <Server Address="192.168.1.110" HttpPort="8014" HttpsVerifyCA="0" VerifySignatures="1"/>
        <Server Address="SEPM-DMZ01-VM" HttpPort="8014" HttpsVerifyCA="0" VerifySignatures="1"/>
        <Server Address="SEPM-DMZ01-vm.domain.com" HttpPort="8014" HttpsVerifyCA="0" VerifySignatures="1"/>
      </ServerPriorityBlock>
      <ServerPriorityBlock Name="Priority2">
        <Server Address="192.168.10.188" HttpPort="8014" HttpsVerifyCA="0" VerifySignatures="1"/>
        <Server Address="SEPM-Internal01-VM" HttpPort="8014" HttpsVerifyCA="0" VerifySignatures="1"/>
        <Server Address="SEPM-Internal01-VM.domain.com" HttpPort="8014" HttpsVerifyCA="0" VerifySignatures="1"/>

      </ServerPriorityBlock>
      <ServerPriorityBlock Name="Priority3">
        <Server Address="192.168.10.188" HttpPort="80" HttpsVerifyCA="0" VerifySignatures="1"/>
        <Server Address="SEPM-Internal01-VM" HttpPort="80" HttpsVerifyCA="0" VerifySignatures="1"/>
        <Server Address="SEPM-Internal01-VM.domain.com" HttpPort="80" HttpsVerifyCA="0" VerifySignatures="1"/>
      </ServerPriorityBlock>
    </ServerList>

    <ServerCertList>
      <Certificate Name="SEPM-Internal01-VM">MIICQDCCAakCBEmeFuswDQYJKoZIhvcNAQEFBQAwZzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB&#13;
==</Certificate>
      <Certificate Name="SEPM-DMZ01-VM">MIICQDCCAakCBEmuFH0wDQYJKoZIhvcNAQEFBQAwZzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB&#13;
Lol1JVRytJfbHQ==</Certificate>

    </ServerCertList>
    <LogSetting MaxLogRecords="100" SendingLogAllowed="1" UploadProcessLog="1" UploadRawLog="1" UploadSecurityLog="1" UploadSystemLog="1" UploadTrafficLog="1"/>
    <RegisterClient PreferredGroup="My Company\DMZ Servers" PreferredMode="1"/>
  </CommConf>
</ServerSettings>
 

 

1. Does it have to be two ports to be opened for the SEP to communicate properly with the SEPM (port 80 and 8014) ?

2. How can I change the priority or the order of the SEPM servers above ? 

3. Can I manually edit the Sylink.XML and then how to distribute the changes to the spcific group ?

Comments 12 CommentsJump to latest comment

.Brian's picture

Check this, note this contains SEP 12.1 as well

Which Communication Ports does Symantec Endpoint Protection 11.0 use?

Article:TECH102416  |  Created: 2007-01-06  |  Updated: 2012-12-24  |  Article URL http://www.symantec.com/docs/TECH102416

 

You can change priority in SEPM on management server list, see this:

Configuring a management server list

Article:HOWTO81154  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81154

 

The clients should get the updated sylink when you make the changes in SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

1. Does it have to be two ports to be opened for the SEP to communicate properly with the SEPM (port 80 and 8014) ?

the SEPMs are listening on port 8014, check for the keyword HttpPort="8014

2. How can I change the priority or the order of the SEPM servers above ?

you have to edit/create the Mnagement server list from SEPM console.

3. Can I manually edit the Sylink.XML and then how to distribute the changes to the spcific group ?
DO not make changes manually, do the changes from SEPM console.

MASH1's picture

Hi John,

 

Sylink file is the configuration file which is used for communication between SEP client and SEPM.

It holds important information like what list of SEPM, certificates, heartbeat intervals,Server  Priorities etc.

SEP clients use this file to find SEPM and communicate with it.

We should not tamper with it or make any changes in it.

Any changes made should be done from SEPM.

For the question on  ports required to open , It depends on what port have you configured while installing SEPM on the server .Usually it is Port 80 or 8014. In your case it is 8014 so you would need to open port 8014 between SEP clients and SEPM.

Priorities of SEPM can be changed using Management server list inside SEPM. (link has been provided by Brian above)

SEPM can be designed in such a way so that your clients can be in specific groups you want. Every group has different policies and communication settings. So it will have different sylink files. If you want to move a  SEP client then you can do it from SEPM directly. If the client is not communicating with SEPM for some odd reasons you can export the sylink file for the group you want the client to report and the same file would be imported on SEP client . 

 

- MASH

- MASH

Ambesh_444's picture

Hi Jhon,

I hope you have recieved your answer.

Agreed with pete...

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

John Santana's picture

many thanks Pete and Brian,

So in this case just one port (8014) that I need to open to make sure it is working.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

SebastianZ's picture

1. Does it have to be two ports to be opened for the SEP to communicate properly with the SEPM (port 80 and 8014) ?

According to your sylink I see there two servers specified:

Server Address="192.168.1.110" HttpPort="8014"
Server Address="192.168.10.188" HttpPort="80

...192.168.10.188 is as well specified for port 8014 - seems to be misconfiguration then as SEPM can listen only on one port for this communication at a time. Port 8014 would be the default in 12.1

2. How can I change the priority or the order of the SEPM servers above ?

Refer to this information:

Configuring a management server list

http://www.symantec.com/docs/HOWTO55402

3. Can I manually edit the Sylink.XML and then how to distribute the changes to the spcific group ?
 

Not recommended to do it manually. Use instead these methods:

http://www.symantec.com/docs/TECH106288

http://www.symantec.com/docs/TECH157585

 

John Santana's picture

So with the SEPM I cannot make it to be deplyoed across some servers ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Chetan Savade's picture

Hi John,

Sylink.xml stores the global communication settings. This file is for internal use only and should not be edited. It contains settings from the Symantec Endpoint Protection Manager. If you edit this file, most settings will be overwritten by the settings from the management server the next time the client connects to the management server.

Check this article

Sylink.xml and It's Contents

https://www-secure.symantec.com/connect/articles/s...

Why don't you make changes in the SEPM console and apply it on required clients.

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SOLUTION
SebastianZ's picture

If you are already on 12.1 ru2 you can use this method as well:

http://www.symantec.com/connect/articles/sep-121-r...

Chetan Savade's picture

Hi John,

Please update this thread.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

John Santana's picture

Yes it works and I know now. Thanks for the suggestion people !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.