Video Screencast Help

Temporary disable client update definition from SEPM

Created: 09 Feb 2014 • Updated: 11 Feb 2014 | 34 comments
This issue has been solved. See solution.

Hi,

Any services can be temporary stopped the client update definition from SEPM ??

Since hugh traffic make normal operation freezed .....

I want stop temporary then enable it later.

Thanks

Operating Systems:

Comments 34 CommentsJump to latest comment

.Brian's picture

This is not a normal situation but what you can do is go to the Clients page and select the group for which the problem is occuring, select the Policies tab and select Communication Settings

Under Download, uncheck "Download policies and content frm the management server"

Again, not a normal thing to do so you should troubleshoot the issue. Are you using GUPs? This will help lighten the bandwidth load

Capture_9.JPG

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

See here:

Distributing content using Group Update Providers

About the types of Group Update Providers

About the effects of configuring more than one type of Group Update Provider in your network

With GUPs, you have the ability to set a specific machine or machines so they can provide content to clients on the LAN so they don't have to come back across the WAN to get updates from the SEPM. This greatly reduces bandwidth. I highly suggest using these.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

Hi Bria,

Thanks.

Is anyway to check GUP is succeed or not ??

.Brian's picture

You can see here:

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

Hi Brian,

Thanks.

Then I should wait the update the see the result ?? Or I can manually to control the update for checking ??

Because I haven't found any info about GPU server this moment.

 

Otherwise, should I uncheck "Use the default management server" ??

sepm2.jpg
.Brian's picture

Do a search to check that the machine became a GUP

Searching for the clients that act as Group Update Providers

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Did the clients pickup the new policy change?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

I have updated the policy in GUP server.

Just tried to search but still failure.

.Brian's picture

If you go to the GUP and check the System log, does it show an entry relating to it becoming a GUP?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

Hi Brian,

- What's the Event ID ??

- Otherwise, any port needed ?

.Brian's picture

There won't be an event ID in the SEP logs, there will be a statement that says something to the effect of "Start using Group Update Provider"

GUPs and clients talk over tcp 2967

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

- Just checked no this log....

- If 2967 is not allowed, will it affect remote server to be a GUP server ?? Or just affect connect between GUP client and server ??

Rafeeq's picture

it will affect both, gup will not get update from sepm and gup will not be able to update other clients

William Lawance's picture

ok.

Otherwise, is the live update of GUPs can connect to either Symantec server or SEPM ??

.Brian's picture

LiveUpdate goes out to Symantec over 80 or 443 so that will be different

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

I mean live update from Symantec or SEPM will affect establishment of GUP server ??

.Brian's picture

The client will get the new policy change from the SEPM, once it loads the new policy to tell it to become a GUP, it will do so.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Clients get updates from the GUP over 2967, GUP gets updates from the SEPM pver 8014

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

Checked 8014 was opened in SEPM and succeed to telnet from GUP. But no log about GUP.

 

.Brian's picture

and you followed this article and the new policy is aplied to the correct groups?

http://www.symantec.com/docs/HOWTO26824

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

and this new policy has also been applied to the group which contains the machine you want to be the GUP?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
.Brian's picture

Looks to be, are you using any location awareness?

Enabling location awareness for a client

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

- Just checked. All setting same as your reference link.

- Is it means definition of GUP server must update from SEPM ??

James007's picture

Just Check Gup System are showing True in SEP client property As per below screen shot

GUP.JPG

William Lawance's picture

Just checked the remote server can act as GUP but doesn't know the client can update through it or not.

Since the port 2967 not blocked but can't be telent.

James007's picture

Does windows firewall are disabled ?

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

 

Article:TECH104539 | Created: 2008-01-01 | Updated: 2011-09-15 | Article URL http://www.symantec.com/docs/TECH104539

 

.Brian's picture

Did you also apply the policy to the group the clients are in?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Great, glad it's working for you.

Take care

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

If you experiencing BW issue due to SEPM, then for the time being

Stop the SEPM service ( Symantec endpoint manager service)