Endpoint Protection

 View Only

  • 1.  Windows 7 SEP clients is not showing in SEPM after image distribution

    Posted Jan 12, 2010 09:35 AM

    We have a SEPM version 11.0.5 (upgraded today from 11.0.2) to manage all installations of SEP version 11.0.5. We are using Windows Deployment Service (WDS) to install the computer labs with operating system and software. The procedure is;

    1. Install the operating system.
    2. Install software, including SEP. The SEP installation packets is created from the SEPM. The package is created from the earlier version of the SEPM.
    3. Sysprep the computer.
    4. Capture the image with the WDS.
    5. Distribute the image from the WDS.

    Until this Christmas we have only used the Windows XP as the operating system, and everything has been working great. Now we have started using Windows 7. The problem is that the Windows 7 clients is not showing in the SEPM. We can only see one of the Windows 7 computer and its name is changing in the SEPM. The name it is shows is from the computer labs. If I check the Windows 7 computers, they all report that they have access to the SEPM.

    The computers are connected to an Active Directory (AD) domain, and that is no problem to login to them or manage them from the AD.



  • 2.  RE: Windows 7 SEP clients is not showing in SEPM after image distribution

    Posted Jan 12, 2010 09:38 AM
    Check this document

    Configuring Symantec Endpoint Protection client for deployment as part of a drive image

    http://74.125.153.132/search?q=cache:YHBGIGM3rtkJ:service1.symantec.com/support/ent-security.nsf/docid/2007110510364248%3FOpen%26seg%3Dent+diploy+client+using+image+symantec+ednoint&cd=2&hl=en&ct=clnk&gl=in 

    Configuring Symantec Endpoint Protection client for deployment as part of a drive image

    Question/Issue:
    You need to create a drive image with Symantec Endpoint Protection Client already installed.


    Solution:
    Releases prior to MR3 required that the HardwareID be deleted by following the instructions below,

    (NOTE: Not following these directions may have adverse effects on client communication and registration.)

    You will need to ensure that the Symantec Endpoint Protection (SEP) client does not communicate with the Symantec Endpoint Protection Manager (SEPM) prior to and while creating the image.

    If the SEP client has checked in and registered with the SEPM, you will need to delete the following registry value prior to creating the image:

    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID.

    NOTE: The registry key HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\SySoftk may also need to be deleted if present.

    Once the image is applied to a new system, the client will generate a unique id value, check in with its SEPM and register. During the registration process the SEPM will register all necessary client information into the database.

    This value will regenerate the next time the client loads.


    MR3 to MR4MP2 will dynamically generate a new HardwareID value based on the MAC address of the new machine to which the image is deployed.


    RU5 has a new design.

    With this new design, the Hardware Key is now stored in %programfiles%\Common Files\Symantec Shared\HWID\sephwid.xml. This allows for easier remediation in the following situations:

    1) A client is generating new Hardware Keys on startup which could potentially conflict with another SEP client or for preparing a machine
    a. Move, rename, or remove the Hardware Key config XML file found in the Symantec common area.
    b. Remove the “HardwareID” registry value located in HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylink\
    c. Restart the client.. New Hardware Key information will be generated in this case.


    2) Every time I install the client on a clean VM or Ghost image using the same hardware, the Hardware Key is different.
    a. Since the new algorithm generates random IDs, any install on a clean machine will result in a new ID being generated. However, if the client is uninstalled and reinstalled, the ID should not change, since it is persisted in an XML file located in the Symantec Common area. i.e %programfiles%\Common Files\Symantec Shared.


            In order to maintain the same ID when an image is restored, the customer should install SEP first before taking the image. Alternatively, the customer may also drop a saved sephwid.xml file and force that Hardware Key to be used by setting HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylink\ForceHardwareKey in the registry to 1 (true).



  • 3.  RE: Windows 7 SEP clients is not showing in SEPM after image distribution

    Posted Jan 12, 2010 09:43 AM
     Is the Windows firewall turned off on the client ?


  • 4.  RE: Windows 7 SEP clients is not showing in SEPM after image distribution

    Posted Jan 13, 2010 08:00 AM
    The windows FW is not running. We have tried both the register/file fix above and to uninstall SEP, reboot the computer, install SEP (a packet created from the SEPM v11.0.2) and then reboot the computer again. In SEPM, I still find that I have only one client, and its name is changing to the last started computer...


  • 5.  RE: Windows 7 SEP clients is not showing in SEPM after image distribution
    Best Answer

    Posted Jan 13, 2010 08:33 AM
    I found this document, service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d84071c5137d6d318825738a00663b8d and following the last steps, How to fix RU5 clients that have been misconfigured and already rolled out to production (For each client:) solved the problem. The steps are:
    1. Delete %programfiles%\Common Files\Symantec Shared\HWID\sephwid.xml
    2. Open the registry and navigate to HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylnk
    3. Edit the "HardwareID" value data to be blank
    4. Restart the Symantec Management Client (SMC) service in the services snap-in.