Video Screencast Help

The Symantec Management Client service entered the stopped state

Created: 13 Dec 2009 • Updated: 07 Jan 2011 | 8 comments
This issue has been solved. See solution.

Have installed SEP client (11.0.5002.333) on a Windows XP SP2 computer, this client install has run fine on all other computers (approx 330) on the network, except on THIS machine, the install completes, the services attempt to start, and the Symantec Management Client services starts and stops! Try to start this service manually and you get the "The Symantec Management Client service on Local Computer started and then stopped. Some services stop automatically if they have no work to do..." Well this service DOES have work to do, and I'd like it to do it!

I haven't found anything else in trawling these forums that can helop me, does anyone have any ideas? I've tried completely uninstalling the client from the machine, but nothing is working... very frustrating! I have even installed a generic client installation without the specific sylink.xml file pointing to the group on the SEPM server, but no joy.

Any help or suggestions would be appreciated!

Thanks
Vance

Comments 8 CommentsJump to latest comment

AravindKM's picture

Try scanning that pc with some online scanners and see any virus is present
You can also scan the pc with NSS tool in safe mode..

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

vmachine's picture

I will try scanning the PC with some online tools and get back regarding the outcome. Similar with NSS. Thanks!

vmachine's picture

Update: Scanning with a number of online scanner tools found only the conflicker.ae worm, attempting to reinstall/restart that service is still unsuccessful. Haven't had a chance to boot into Safe mode and run NSS yet, hoping to do that tonight.

sandeep_sali's picture

Can you let me know the size of this file.

C:\Program Files\Symantec\Symantec Endpoint Protection\
file. In case its somewhere around 30 KB its fine , else you can try replacing it from a working machine

Thanks & Regards

Sandeep C Sali

SOLUTION
vmachine's picture

Hi Sandip, that file is exactly 30KB in size, thanks.

EDIT: File size was 30KB, but it needed replacing anyway. Copy the file from another machine that is working correctly solved my problem. Thanks Sanidip!

John Thomson's picture

# Go to Services.msc
# Make sure the  Service called System Event Notification Service is started and automatically
# If that is stopped,then start that Service.
# Then Start the Symantec Management Client Service
# If it doesn't works need to enable the debug log and then check the debug log

How to debug the Symantec Endpoint Protection 11.x client
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090611252048

Hope this will be helpful for you

vmachine's picture

Hi john

This was great, thank you!

Enabled the debug log, tried (and failed) to start the SMC service. Debug log contained:

12/18 10:45:35 [2960:2692] Enterprise version, Build 301!!!
12/18 10:45:35 [2960:3992] IsAlone() = 004DD580
12/18 10:45:35 [2960:3992] Service ThreadID 7C809728
12/18 10:45:35 [2960:3992] Loading C:\Program Files\Symantec\Symantec Endpoint Protection\Cltdef.dat
12/18 10:45:35 [2960:3992] ImportFromStream :  loadXML failed
12/18 10:45:35 [2960:3992] Fail to import profile from C:\Program Files\Symantec\Symantec Endpoint Protection\Cltdef.dat.bak
12/18 10:45:35 [2960:3992] ProfileMan: cannot load client profile C:\Program Files\Symantec\Symantec Endpoint Protection\Cltdef.dat
12/18 10:45:35 [2960:3992] Service Start Initialize() Failed!
12/18 10:45:35 [2960:3992] Service is shutting down
12/18 10:45:35 [2960:3992] Saving SMC State
12/18 10:45:35 [2960:3992] Skip saving state because Engine is not running
12/18 10:45:35 [2960:3992] Stopping SyLink...
12/18 10:45:35 [2960:3992] delete SMC State...
12/18 10:45:35 [2960:3992] chmod on file C:\Program Files\Symantec\Symantec Endpoint Protection\SerState.dat to read/write.
12/18 10:45:35 [2960:3992] delete netport...
12/18 10:45:35 [2960:3992] delete IDSSignatureLib...
12/18 10:45:35 [2960:3992] Disable damper...
12/18 10:45:35 [2960:2692] System configuration has been saved.

the line that has been bolded shows the problem. Sandip's earlier post said to check the size of the file (he was on the right track) but the debug log shows it can't be loaded. Deleted this file and copied one from another machine that's working successfully, and the service starts up perfectly!

Thanks again John, a good tip for debugging! =)

Regards
Vance