Endpoint Protection

Hi!

We just moved our Symantec Endpoint Protection Manager to a new (virtual) server. Since then, all (new) computers we're trying to deploy SEP to shows up as "unknown" and not "unmanaged". We haven't altered any thing on the client installation images etc.

We still have the old server running with SEPM too until everything works as it should. Yet, on that one the same computers are listed as "unmanaged". We get "failed" trying to deploy to the "unknown" computers from the new one, but get "successful" (and SEP gets correctly installed) deploying from the old server to the "unmanaged computers".

What could make the difference? Cannot be a client issue as far as we can see.

Regards
Andreas Sandin

if the old SEPM is online and there is no changes in the communication between client and server, then client should not be offline. The explination you provided reveals you ttrying to remote install the SEP client, can you confirm?

Hi,

Ports required by Find Unmanaged Computers: 

Either TCP port 139 or 445 need to be open for the installation package to be delivered to the remote computer. If UDP port 137 is closed, the Endpoint Protection Manager will not be able to list the hostname of the computer during the initial scan. (Though deployment can still be carried out by manually entering the IP address of the prospective client.)

Article URL http://www.symantec.com/docs/TECH102582

pete_4u2002>> Yes, I'm trying to remotely install SEP. No changes made what so ever. Successfully replicated the database with all settings, clients etc from the old server.

Chetan>> The ports you mention are open. Trying with the client's IP address still list it as "unknown" instead of "unmanaged".
 

What else could trigger this unknown/unmanaged problem?

 

Did you include the policy from one of the group while exporting the package and installing on client?

Has the client been successfully installed?

If yes, can you post the sylink log from client, that's not connecting to SEPM?

All the policies got replicated as well. The clients can only be manually installed as of now. Also, a lot of pepole are mentioning the SEPM_Inst.log in the case of not being able to deploy SEP, but this log isn't  even created (in C:\Users\[user account]\AppData\Local\Temp) as it should, even if the installation doesn't succeed. Which might point to an access problem (?) from the beginning.

Yet, we're using the same domain admin account from both the old and the new server.

Regards
Andreas

Hi,

I have few questions for you.

What is operating system for old & new server ?

Which Symantec version you are using ?

It's not creating installation logs means it is not even started installation (may be package is not copied), I believe something is wrong with server and client communication.

Which Communication Ports does Symantec Endpoint Protection 11.0 use?

http://www.symantec.com/docs/TECH102416

Hi again,

Old server: Windows Server 2008 Datacenter x64
New one: Windows Server 2008 Datacenter R2 x64

Version of Symantec Endpoint Protection Manager: 11.0.4014.26
Version of Symantec Endpoint Protection deployed to clients: 11.0.5002.333

Yes, I also feel that it comes down to a communication problem between the server and the clients. The server i obviously able find client, but not all information about them, so they get listed as unknown. And deploying SEP to the clients fails because of the same communication problem?

TCP ports used by SEPM are 135 445 according to some investigation over here. No UDP port used.

check this 

https://www-secure.symantec.com/connect/forums/client-deployment-failed#comment-5283271

Hi,

Hi,

FW is turned off.

Regards
Andreas

Hi PHS IT,

Click on Start, Click Run and type gpedit.msc

Expand Computer Configuration, then Windows Settings, then Security Settings, then Local Policies, and then Security Options

Click on Network security: LAN Manager Authentication level

Choose the Authentication Level as "Send NTLM 2 Response Only" from the drop down menu

Check this article :

http://www.symantec.com/docs/TECH95594

Hi!

Performed mentioned changes, and now new clients get listed under "Unmanaged computers". Still I get "Failed" as status. No SEP_log to be found in %TEMP% dir or in c:\windows\temp. THe only thing I find is the vpremote.exe and vpremote.dat in C:\TEMP.

Kind regards
Andreas

Hi,

Your new server is Windows Server 2008 Datacenter R2 x64.

For which clients you are getting failed as status. Windows 7 64 bit ? 32 bit ? or XP ?

All clients we are deploying to are Windows 7 32-bits.

Regards
Andreas

Hi,

There is known issue for Server 2008 64 bit & windows 7 64 bit.

In your case it's 32 bit.  

Still I will suggest try following steps & let me know.

1. Open services.msc and go to properties of the "Symantec Endpoint Protection Manager" Service

2. Click on the Logon tab and click on "This account"

3. Enter the Administrator credentials

4.Click on OK and restart the SEPM service

5. Now login to the SEPM console and Deploy it using the "Find Unmanaged computers" .

https://www-secure.symantec.com/connect/forums/client-deployment-failed#comment-5283271

That solved it!

Thank you so very much!

Kind regards
Andreas