So we have roughly 6,000 SEP clients up and running (Most of them at version 12.1.4112. At least twice a week sometimes more often we will get a trouble ticket for a SEP client issue. Virus defs not updating, Services have stopped, Can't open SEP GUI. Stuff similar to that. 9 times out of ten re-installing the client will solve the issue (occasionely we will need to go as far as running cleanwipe and re-installing client). Usually try simple stuff first, reboot, see if services are started, Look in SEPM to see if it is asking for a reboot. Have found re-installing client is usually more efficient then looking for specific error in SEP KB article and then trying 17 steps that may or may not solve (this issue). To me a few trouble tickets per week is expected with this many clients and the nature of software (you will always have errors, corruption, etc..). Re-installing the client is quickest (most effecient) way to get problem solved and user happy again. My Boss doesn't except that answer. He wants us to collect logs and see if we can't be proactive and prevent these errors from happening.
So my questions to the forum are:
What percentage of systems having issues is normal (should this be expected)? Does anyone else try to be proactive with these issues (and what do you do)? What Logs should I be collecting (what logs would be most helpful)? Where are these logs located? What is the best way to collect them? Can this be automated? Will looking at these logs be helpful? Could I possible tell if there are settings, software, something we are running on campus that is causing issues (nothing seems to be repeatable or caused by the same thing)? Any other recommendations?
(PS- I won't be seeing responses or Answering questions until Monday, Heading out for the weekend)
Thanks for the help.