I know this may sound like an obvious question but I'm noticing that when I make a change to one of my SEP policies the serial number doesn't change. Am I misunderstanding what triggers a change?

The client's policy serial number won't change until it heartbeats in and gets the new policy from the SEPM. Or did you mean something else?

sandra

The policy number of your client will change on the next heartbeat interval.  Means once when the client communicate with the symantec endpoint protection manager.  The default heartbeat interval is 300 seconds ie., 5 minutes.

Don't forget to mark your thread as 'solved' with the answer that best helped you!
 

The policy serial will change if you made any change in that particular policy. Make sure you are looking at the correct group in your SEPM as it seems each group gets its own unique serial number depending on the policy applied.

As mentioned above, the policy serial number change is triggerd by the heartbeat interval (i.e. once in 300 secs). If you want to make sure if the number is Policy serial number is changed, try these,

Go to the client computer and right click on the sep shield on the right hand bottom corner and click update policy.

Or

Wait for 2 - 5 mins and check the policy serial number

Or

Restart the client computer.

Hello Jimmie Jines,

I may be misunderstanding you, but do you mean to say that the policy serial number is not updating in the Symantec Endpoint Protection Manager or is it not updating on the SEP client? Please clarify.

I understood you to mean the former.

The policy serial number in the SEPM should update within a minute or two of you making any policy change in the SEPM. (Note: The serial number will only update for groups in which a policy change took place. Editing a policy shared between multiple groups will result in multiple groups updating their serial numbers.)

If the policy serial numbers in the SEPM are not updating, then please reply back and attach the following two log files for review:

• C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\scm-server-0.log
• C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\catalina.out

Regards,

James

When I make changes to the policies in the SEPM console I'm not seeing the policy number that is displayed in the upper right hand corner of the console change. I've attached the logs as requested.

Attachment(s)

catalina_3.txt   4 KB 1 version

scm-server-0_30.txt   11 KB 1 version

try this 

Troubleshooting Policy Changes

http://www.symantec.com/business/support/index?page=content&id=TECH105907

Hello Jimmie Jines,

I reviewed the logs you provided, but unfortunately did not find what I was looking for. I need you to enable some finer level debug logging for the SEPM, reproduce the issue, and collect logs again.

Please enable finest debug logging, per the instructions in the following document. NOTE: You do NOT need to enable the IIS logging mentioned in step 3.

• How to create a debug log for debugging the Symantec Endpoint Protection Manager (SEPM) using the = Finest switch. Step by step instructions
• http://www.symantec.com/docs/TECH97983

Once this logging is enabled, please make a policy change in the SEPM. After this, wait five minutes and then run the collectLog.cmd utility located in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools  This utility will create a ZIP file called SEPM_Logs.zip. Please upload this to the thread so I can review the logs.

Regards,

James

Be sure to assign the edited policy to client groups again after you edit it.

Thanks

The link you have takes me to the home of the Support site. I searched using "How to create a debug log for debugging the Symantec Endpoint Protection Manager (SEPM) using the = Finest switch" and was presented with version 11.x docs. The directories it mentions don't exist on my server. Do you have a revised link?

Try the link again. (I just confirmed that it worked.)

I've noticed we seem to have some weird bug where the first time you try a link to a particular article in our knowledgebase, you are taken to the Symantec Support Site. Clicking the link a second time fixes the issue in most cases I've seen.

James

Jimmie Jines,

Also, the document I linked to (above) is for the SEP 11.x version. However, it also works for the SEP 12.1 version of the SEPM.

Regards,

Here are the logs.

Hello Jimmie Jines,

Looks like I found your problem.

 2011-09-13 09:13:35.119 THREAD 25 SEVERE: Unexpected server error. in: com.sygate.scm.server.task.PackageTask

com.sygate.scm.server.metadata.MetadataException: I/O Error: There is not enough space on the disk