Video Screencast Help

Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

Created: 27 Sep 2012 • Updated: 03 Oct 2012 | 9 comments
This issue has been solved. See solution.


We migrated our SEP Management Server to a new Windows server ond followed the migrate with replication partner method. It worked well and the old server is now uninstalled and removed.

- The SEP clients check in to the new server and  show up in the client part och Endpoint Protection Manager.

- The SEP client do have a "green dot" at the Symantec Shield at all times.

- The SEP client does havend does have the latest updates and policy.

Our problem now is this:

- The SEP Clients do NOT stay online in the SEPM. The show up "Green" a short while now and then but are mostly shown as offline. If we do a manual connect they show up short time again. 

- When they are offline we do not se any information about "Last Time Status Changed" "Virus Defs." "Policy Serial.." "Last scan" etc.. we do see "Name" and "Logon User". No info is saved.

- Connection Status in the troubleshooting part in SEP client show that they have connected recently to the correct server.

- We have reinstalled som clients did not fix this.

- We hava replaced the symlink.xml with SymlinkDrop.exe and the "Trouble Shooting" part in SEP client no fix.

- We have imported policy manualy, no fix.

Regards, Birger Jarl

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture


This steps apply only two or three system

Try to create New Test group and export SEP client package.

When you are exporting package,you must switch the option "Remove all logs,communication settings.." from Installation Settings under Admin/Install Packages/ tab and export package with this installation settings you created.

How to create Client Install Packages to migrate clients and move them to a different SEPM

Thanks In Advance

Ashish Sharma

consoleadmin's picture


The legacy proxy settings can be removed by performing the following steps:

1.   Open the registry (Start->Run->type "regedit").

2.  Go to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InternetSettings\connections

3.  Delete the registry keys "DefaultConnectionSettings" and "SavedLegacySettings".

4.  Reboot the machine.

Note:  These registry keys will automatically regenerate after reboot of machine.

Also, this also could be caused due to incorrect proxy server information in the following registry location: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InternetSettings

Removing the incorrect proxy info from this key and then rebooting allowed the client to communicate normally.

One important thing to keep in mind is that any incorrect proxy information must also be removed from the following two locations as well:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

If the settings are not removed from these two keys, they will repopulate the Internet Settings key after every reboot.


Mithun Sanghavi's picture


Could you let us know what version of SEP are you running?

What is the OS running on the SEPM server?

Secondly, Could you check at what priority is newer SEPM under MSL.

To check the MSL, 

  1. In the Symantec Endpoint Protection Manager console, click Policies.
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists

Make sure you have deleted the IP address of older SEPM server OR  have the IP address / host name of current SEPM server changed moved to Top priority.

Also, make sure you have the older Replication partner deleted from the Latest SEPM server.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

BirgerJarl's picture


SEPM Version = 12.1.671.4971

OS = Windows Server 2008 R2

The priority of the new server was 1 (High) before i removed and uninstalled the old server from the MSL/replication. The MSL does only contain the new server now with IP and name. And check ins do occur but client are not online all time.

Could the registry change by "gsp_sepm" do the trick?

To create a new package group by "Ashish Sharma"? 


Mithun Sanghavi's picture


Yes, you could work on the steps provided by gsp_sepm and check on 1 of the client machines, if that helps.

However, I would suggest you to make sure you migrate the SEP Version: 12.1.671.4971 to SEP Version 12.1 RU1 and Later to SEP Version 12.1 RU1 MP1 and check if that resolves the issue.

When Migrating from SEP 12.1 RTM >> SEP 12.1 RU1 >> SEP 12.1 RU1 MP1, you would need to migrate SEPM as well as all SEP clients.

Here are few steps to look at for Migration:

1) How to upgrade the Symantec Endpoint Protection Manager (SEPM) to Version 12.1 RU1

2) a) Upgrading or migrating to Symantec Endpoint Protection 12.1.1000 (RU1)

b) Upgrading or migrating to Symantec Endpoint Protection 12.1.1101 (RU1 MP1)

3) Steps to prepare computers to install Symantec Endpoint Protection 12.1 client

4) Activating your Symantec Endpoint Protection 12.1 product license

Also, check the Articles for the Migration on :

Quick Access to Symantec Knowledgebase Articles of Symantec Endpoint Protection 12.1

Upgrade clients to SEP 12.1 by Auto upgrade feature

WhitePaper for Migration:

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Paul Murgatroyd's picture

Hi Johan,

A couple of things to check:

1. Is the Windows Firewall active on the SEPM server?  If so, is it blocking port 8014?

2. How many clients do you have and what is the communication mode? (push or pull)

3. When the client goes offline in the SEPM, does it go offline on the client too (still has the green dot or not?)

4. Any recent error messages in scm-server*.log in \Symantec Endpoint Protection Manager\tomcat\logs ?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

BirgerJarl's picture


It works now. I downloaded the latest version from fileconnect "Symantec_Endpoint_Protection_12.1_RU1_MP1" started the upgrade process with setup and all default next next... and after this it works as it should. I did not follow all the steps in the post above only a plain upgrade with the standard installation package.

Something in the installation or database must have been corrupt because no other changes to the server or clients was done.

Thank you for your input.

Regards, Briger Jarl