SEPM should have a status change notification if a computer is on but has lost its communication to the server
We have several clients that have stopped communication to the server. The Yellow shield on the client machine no longer presents the green dot and the client is no longer being updated. If I look in SEPM the status looks no different then a computer that is turned off. SEPM should be able to tell me when a client is on but has lost communication to the server. I logged this in the forums and several people suggested to verify the status on the client - but with 1000 users having the client being verified is not practical. SEPM should have a seperate status color to indicate the computer is on but is not getting updates. Having it the way it is does not make me feel very secure that my environment is protected.
For reference to my forum post please see
https://www-secure.symantec.com/connect/forums/how-can-i-tell-when-client-has-lost-connection-server
Thank you!
Comments
Client / Server Communication in SEP
Client / Server Communication in SEP is client driven, meaning the client is the one that initiates communication with the server.
If the client is not checking in to the server, how will the server know whether it is on or off?
In other words, if the client could notify the server that it isn't able to communicate, it would be able to communicate.
Seems like it would be pretty
Seems like it would be pretty easy for SEPM to ping a client that hasn't communicated for (say) 5 minutes. If a ping comes back, but the client hasn't checked in, change the green dot overlay to a yellow one. If it stops replying to pings, then remove the dot overlay because it's probably offline.
Only prereq is that the client firewall would have to allow pings, but that's a pretty common thing to allow on internal networks.
But use a yellow dot. Save the red dot overlay for use with detected security problems, when SEPM finally catches up to SSC in that regard. But that's a topic for another Idea...
which is exactly what my
which is exactly what my problem is. Some of our clients lose communication and stop updating. There is no rhyme or reason as to why they stop communicating. If I'm not aware of the fact I have unprotected systems in my environment then what good is having Symantec Manager at all? People on the other post told me there are ways on the client to determine if it is communicating or not correctly. It seems like the server should be intuitive enough to look at these settings to determine a problem rather then making the admin try and weed out problems by going through registry, client logs, or training users to look for the green dot (which we all know they aren't going to do). Why are the clients losing their connection in the first place? I called support and they couldn't even answer that for me....they just called it a 'fluke' and told me to push a new syslink file.....great but how does this help if there is a computer out there for 5 weeks with no protection because no one has reported it. How is this considered enterprise security????? Symantec is a security company....why not make companies feel secure instead of making excuses for why the software just doesn't work that way? Again if I'm missing a setting or something that will help me to weed out these computers I would surely appreciate the help, but i've gone to support, forums, internet search and here and no one seems to want to help. Sorry for the rant but its frustrating to me that a Symantec Employee would tell me 'sorry that's just the way it works' rather than offering ANY type of solution.
Suggestion
Hi ljp,
I think the easiest way to manage this with the current setup is to do the following:
-Open SEPM
-Click Monitors on the left
-Click Logs in the top left
-Choose Computer Status
-Change the timeframe to the last week
-Click View Log
This should show all of your clients, you will see the "Last Check-in" column to see when they last checked in. Anyone who has checked in in the last week will show, you can set the timerange farther back if you want to see that. If you are concerned about the check in thing you can check here periodically to find clients that have not checked in, I'd suggest exporting it to Excel if you have a larger network so you can sort easier.
I realize this isn't the solution you wanted though it could prove helpful.
Remote Product Specialist, Business Critical Services, Symantec
John, Thank you. I really do
John,
Thank you. I really do appreciate any suggestions and this at least gives me something to check :)
Would you like to reply?
Login or Register to post your comment.