Video Screencast Help

What triggers a change of the policy serial number?

Created: 07 Sep 2011 | 14 comments

I know this may sound like an obvious question but I'm noticing that when I make a change to one of my SEP policies the serial number doesn't change. Am I misunderstanding what triggers a change?

Comments 14 CommentsJump to latest comment

sandra.g's picture

The client's policy serial number won't change until it heartbeats in and gets the new policy from the SEPM. Or did you mean something else?

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

fixerr's picture

The policy number of your client will change on the next heartbeat interval.  Means once when the client communicate with the symantec endpoint protection manager.  The default heartbeat interval is 300 seconds ie., 5 minutes.

 

 

 

Don't forget to mark your thread as 'solved' with the answer that best helped you!
 

Don't forget to mark your threat as "SOLVED' with the answer that helped you!!!!!!!

CaryC's picture

The policy serial will change if you made any change in that particular policy. Make sure you are looking at the correct group in your SEPM as it seems each group gets its own unique serial number depending on the policy applied.

Godspeed25's picture

As mentioned above, the policy serial number change is triggerd by the heartbeat interval (i.e. once in 300 secs). If you want to make sure if the number is Policy serial number is changed, try these,

 

Go to the client computer and right click on the sep shield on the right hand bottom corner and click update policy.

Or

Wait for 2 - 5 mins and check the policy serial number

Or

Restart the client computer.

Regards,

Godspeed.

James-x's picture

Hello Jimmie Jines,

I may be misunderstanding you, but do you mean to say that the policy serial number is not updating in the Symantec Endpoint Protection Manager or is it not updating on the SEP client? Please clarify.

I understood you to mean the former.

The policy serial number in the SEPM should update within a minute or two of you making any policy change in the SEPM. (Note: The serial number will only update for groups in which a policy change took place. Editing a policy shared between multiple groups will result in multiple groups updating their serial numbers.)

If the policy serial numbers in the SEPM are not updating, then please reply back and attach the following two log files for review:

  • C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\scm-server-0.log
  • C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\catalina.out

Regards,

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

Jimmie Jines's picture

When I make changes to the policies in the SEPM console I'm not seeing the policy number that is displayed in the upper right hand corner of the console change. I've attached the logs as requested.

AttachmentSize
catalina.txt 4.42 KB
scm-server-0.txt 11.78 KB
James-x's picture

Hello Jimmie Jines,

I reviewed the logs you provided, but unfortunately did not find what I was looking for. I need you to enable some finer level debug logging for the SEPM, reproduce the issue, and collect logs again.

Please enable finest debug logging, per the instructions in the following document. NOTE: You do NOT need to enable the IIS logging mentioned in step 3.

Once this logging is enabled, please make a policy change in the SEPM. After this, wait five minutes and then run the collectLog.cmd utility located in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools  This utility will create a ZIP file called SEPM_Logs.zip. Please upload this to the thread so I can review the logs.

Regards,

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

Jimmie Jines's picture

The link you have takes me to the home of the Support site. I searched using "How to create a debug log for debugging the Symantec Endpoint Protection Manager (SEPM) using the = Finest switch" and was presented with version 11.x docs. The directories it mentions don't exist on my server. Do you have a revised link?

James-x's picture

Try the link again. (I just confirmed that it worked.)

I've noticed we seem to have some weird bug where the first time you try a link to a particular article in our knowledgebase, you are taken to the Symantec Support Site. Clicking the link a second time fixes the issue in most cases I've seen.

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

James-x's picture

Jimmie Jines,

Also, the document I linked to (above) is for the SEP 11.x version. However, it also works for the SEP 12.1 version of the SEPM.

Regards,

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

John Cooperfield's picture

Be sure to assign the edited policy to client groups again after you edit it.

Thanks

James-x's picture

Hello Jimmie Jines,

Looks like I found your problem.

 2011-09-13 09:13:35.119 THREAD 25 SEVERE: Unexpected server error. in: com.sygate.scm.server.task.PackageTask

com.sygate.scm.server.metadata.MetadataException: I/O Error: There is not enough space on the disk 
Check the free space on the drive you've installed the SEPM on. You're out.
 
James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!