Endpoint Protection

Greetings,

New to SEP and SEPM.  I am installing EP v 11 MR4 MP2 on my development (virtual) server for testing.  SEP installed beautifully and is working fine.  SEPM on the other hand is proving difficult.  I am now faced with the often posted 'Unable to Connect to Reporting Component'.  I have seen many references to configuring SymantecEndpointSecurity DSN in ODBC.  My issue is that I don't have anything listed under the System DSN tab.  I opted for embedded DB during install and my Embedded DB service is running just fine.  I did not choose to create or migrate to clients as of yet because I just want to confirm that I can get SEP and SEPM up and running on what I will use as my test mgmt console.

Any reason why nothing would show up under the Sys DNS tab.

Thanks in advance

If your vm is 64bit , you need to check this post..

How to work with Data Sources (ODBC) or ODBC connection in 64bit Windows

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008021900094548

 

Thanks Rafeeq. 

Was able to configure and connect to Db but am still getting 'Unable to communicate with reporting component' error...

Have tried both of these with no luck.

To enter the login credentials

1. In the Windows Control Panel, open Data Sources (ODBC).
2. On the System DSN tab, select Symantec Endpoint Security DSN, and then click Configure.
3. On the Login tab, enter the User ID DBA, and the Symantec Endpoint Protection Manager password.
4. On the Database tab, under Server, enter the name of the computer that runs Symantec Endpoint Protection Manager.
5. Under Database Name, enter the following: sem5
6. On the Network tab, under TCP/IP > Host, enter the IP address of the computer that runs Symantec Endpoint Protection Manager.(IE. HOST=10.10.10.10)
7. On the ODBC tab, click Test.
8. Click OK.

If this does not solve the problem, you may need to configure IIS Manager to use these credentials.

To configure IIS Manager

1. In IIS Manager, click Local Computer > Application Pools, right-click DefaultAppPool, and then click Properties.
2. On the Identity tab, click Predefined, and then click Local System.
3. Click OK.
4. Close IIS Manager.
5. Close and restart Symantec Endpoint Protection Manager.

go to the internet explorer & type in Http://localhost:8014/reporting 

you will get a blue login page try to log in with user SEPM username & password.

or else go to the IIS & expand the Symantec webserver & righ click on the reporting tab & click browse & try to login from there

Thanks Kavin,

Tried your IE and IIS suggestion and recieved error: Internal Server Error.

Checked Event Viewer: Security logs and see:

Login Failure
Reason: The user has not been granted the requested login type at this machine. (In this case the IIS_user)

Checked Local Security settings to ensure IIS_user can access computer from Network and is not in the Deny access setting.

Gotta figure our what is blocking IIS_user from login. 

Check the "Access this computer from the network" properties (within User Rights Assignment in Local Security Policy/Local Policies in Administrative Tools) and ensure the user is present in there

Thanks Prachand,

Sorry I didn't communicate that better in my previous post.

User is in 'Access this computer from the network'

User is not in 'Deny access to this computer from the network'

I am doing this via remote desktop..perhaps I should add user to 'Allow logon through Terminal Services' along with Remote Desktop Users?

G dude  ..see if this helps you :

http://support.microsoft.com/kb/841188

Thanks Prachand,

Still no luck. 

Administrators are not in the Power Users Group and I do not have a 'Remote 'Operators' Group...only remote desktop and Admininstrators have to stay in that group.

I have also tried ...

http://support.microsoft.com/kb/909887/

I was able to logon to SEPM by accessing the machine through VMWare console.  Still trying to connect the dots on difference between VM Console and Remote Desktop access.  I'm still convinced it's a permissions issue but danged <----(close to what I'm really thinking) if I can resolve it.

i would first ask you to change this to Network service ( local system is a security loop though :) )

To configure IIS Manager

1. In IIS Manager, click Local Computer > Application Pools, right-click DefaultAppPool, and then click Properties.
2. On the Identity tab, click Predefined, and then click Local System.( Should be Network Service Always ) 
3. Click OK.
4. Close IIS Manager.
5. Close and restart Symantec Endpoint Protection Manager.

In your group policy do u see network service listed in these two places, most of the times this should be the culprit.

1. Run gpedit.msc
2. Expand Computer Configuration > Windows Settings > Security Settings > Local Policies
3. Select User Rights Assignment in the left-hand pane
4. Go to the Adjust memory Quotas for a Process item and double click.
5. Verify that LOCAL SERVICE and NETWORK SERVICE are listed under the Local Security Setting tab.
6. Go to the Replace a process-level token item and double click. Again, verify that LOCAL SERVICE and NETWORK SERVICE are listed.
   
   Note: If the "Add User or Group..." button is disabled, it may be locked by a domain GPO (group policy object) which will require an assessment of domain GPOs.
    
7. Restart the IIS Admin service to update any changes
    

Seems like the problem is with iusr account.

To confirm this,

I would like you to put in your current logged in account in IIS
in place of IUSR_SERVERName
and password

try accessing the website....if it works fine then we sorted out the problem.

we shall concentrate on IUSR

In ad just check if IUSR is member of users...sometimes it will be member of guests and guest account would be disabled.

let me know the results..

Thanks Rafeeq,

Followed your instructions to the T.

Everything looks to be in place.  Local and Network Services are present in Adjust memory quotas and Replace a process-level token.

Changed settings in DefaultAppPool is you indicated.

Still getting:

SEPM: Unable to communicate with reporting component

and

Event Viewer/Security: The user (IIS) has not been granted the requested logon type (8) at this machine (Event_ID 534)

Downloading IIS Diag to see if it picks anything up...

BINGO!!!

IUSR was in the Guest Group which was disabled.  Probably an newb mistake but hey....I didn't even know how to turn a computer on until last week =D.

Thanks and Thanks Rafeeq!!