Endpoint Protection

Hi guys,

I have a brand new machine with Win2008 server SP2 64 bit edition.

I installed the fresh RU6 MP1 package on the same.But it is not taking latest updates.

I tried uninstall and reinstall,no change.

All the communication (PING,TELNET)is happening between server and client.

And i tried deleting the old definition , but still its not getting.

kindly help me out , as i want to put the server on live.

Thanksssssss

First try by replacing sylink file in one client and see.For this
export the communications settings from the server

In the console, click Clients.

Under View Clients, select the group in which you want the client to appear.

Right-click the group, and then click Export Communication Settings.

In the Export Communication Settings for group name dialog box, click Browse.

In the Select Export File dialog box, locate the folder to where you want to export the .xml file, and then click OK.

In the Export Communication Settings for group name dialog box, select one of the following options:

To apply the policies from the group from which the computer is a member, click Computer Mode.

To apply the policies from the group from which the user is a member, click User Mode.

Click Export.

If the file name already exists, click OK to overwrite it or Cancel to save the file with a new file name.

To finish the conversion, you or a user must import the communications setting on the client computer.

For this
Copy the SylinkDrop.exe file to the desktop of the client you want to be managed.
This tool can be found on CD 2 of the Symantec Endpoint Protection 11 installation files, in the folder "\TOOLS\NOSUPPORT\SYLINKDROP". It can also be obtained from Symantec Technical Support.
Double-click SylinkDrop.exe.
 When prompted to select a Sylink.xml file, select the Sylink.xml you created in previous steps.
Click on update sylink.
After replacing it will give a message as sylink has been replaced successfully. 

Or 

You can use this method also for changing the sylink file

On the client computer , click Start > Run, type smc -stop, and click OK.
 Copy the Sylink.xml into the C:\Program Files\Symantec\Symantec Endpoint Protection folder, and replace any existing Sylink.xml file.(This name is important)
Click Start > Run, type smc -start, and click OK.

check the communication between server and client

http://www.symantec.com/business/support/index?page=content&id=TECH105894&locale=en_US 

if enabling the liveupdate, does the client get the updates?

By the I forget to ask one think.Your SEPM having 64 bits updates,right?You can confirm it in Admin--->local site--->show liveupdate downloads.....

guys,

i have tried with sylink replace and dsabled the firewall.Now also its not getting updates.

And in eventviewer i am getting error that changed value'HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Symprotect\RealTimeScan\ProtectionProcess' from 2 to 1

and

......\PrtectionProcess from'1 to 2

yes aravind , i have the latest updates for 64bit machines.

post the sylink logs.

Here is the file

Attachment(s)

sylink_11.txt   124 KB 1 version

GetIndexFileRequest:>Send Request failed.. Error Code = 12007
12/07 13:26:19 [1192] <ParseErrorCode:>12007=>The Server name could not be resolved.
12/07 13:26:19 [1192] <GetIndexFileRequest:>Send Request failed.. Error Code = 12007
12/07 13:26:19 [1192] <ParseErrorCode:>12007=>The Server name could not be resolved.

Can you check for any DNS related issue?

no aravind in the same priority i have given the name as well as ip address of the server. u can see after

<GetIndexFileRequest:>SMS return=200
12/07 13:26:35 [1192] <ParseHTTPStatusCode:>200=>200 OK
12/07 13:26:35 [1192] <FindHeader>Sem-HashKey:=>AA1B360843384DAB8F353713268F617B
12/07 13:26:35 [1192] <GetIndexFileRequest:>Loading the current mode:0
12/07 13:26:35 [1192] <SyLink>Current Mode changes to: 1
12/07 13:26:35 [1192] <FindHeader>Sem-LANSensor:=>0

Also try by bypassing proxy in IE ......

Check this possibility also

One Symantec Endpoint Protection (SEP) client cannot get updates from the Symantec Endpoint Protection Manager (SEPM)

Hi sReejesh,

In the log we can see that the server name cannot be resolved - although it is not a root issue (by IP it works fine) - you may want to check it.

Please go to the console - Admin - Installation packages. Go to installation settings and create a new set leaving all options as they are BUT changing the last one to REPLACE communication settings.

Export new package using the set of installation setting just created. Install this package on your server machine. See if it updates. If not, please attach a new sylink log.

Thanks.

hi pawel,

Done that ,but no change.

i did see these entries in the log, which is not right.. looks the definition of the client is corrupted. See if this URL helps you to fix the corrupt definition

http://www.symantec.com/business/support/index?page=content&id=TECH103176

Agent returned closest matching seq: <None>

12/07 13:27:04 [1192] <Add2LUFileList:>Adding LU Info to LU Download File List: {1CD85198-26C6-4bac-8C72-5D34B025DE35}101206002
12/07 13:27:04 [1192] <Add2LUFileList:>File Info already exists, hence updating: {1CD85198-26C6-4bac-8C72-5D34B025DE35}101206002

Pete,

this entry is correct.

Agent returned closest matching seq: <None>     <--- client reports existing defs

12/07 13:27:04 [1192] <Add2LUFileList:>Adding LU Info to LU Download File List: {1CD85198-26C6-4bac-8C72-5D34B025DE35}101206002     <------- client adds file to have it downloaded later

12/07 13:27:04 [1192] <Add2LUFileList:>File Info already exists, hence updating: {1CD85198-26C6-4bac-8C72-5D34B025DE35}101206002     <---------the information already exists so it will be updated (the same as before so no real update)

should it not be mentioning the sequence number, instead of none??

Agent returned closest matching seq: <None>  

Hey Reejesh,

please try adding a host entry in your Win64 client server.

To edit the host file,

Click Start – search for “Notepad“, right-click and select “Run as Administrator“. This should launch notepad with elevated privileges. Now, open the host file from the File menu, add the below entry after the localhost entry and save.

ip-address NRIDCCSEP1

Hope this should resolve your issue. :-)

Note: The hosts file will be located in C:\windows\system32\drivers\etc\

Because it has no definitions I suppose...

Actually it will be in %systemroot% \SysWOW64\drivers\etc

is it not; client will have definition as soon package is installed, though old. could be corrupt definition!