Endpoint Protection

Hi,

Have SEPM 11.0.7101.1056

We have a problem with computers not showing the green "dot". We have several hundred that does not show this, and several hundred that do show this. Today I added a client, and i pushed it out sucessfully, and it had a green "dot", but suddenly after a couple of minutes, the green "dot" was gone.

When I logg into the client and try the url http://(servername or IP)/secars?hello,secars I sometimes get OK, and if i refresh i suddenly get Service Unavailable... wait some minutes, and then it show OK again.

I cant find a solution to this problem, and upgrade is not an option at this point.

This problems results in many computers that doesnt get updates...

Thanks for reply

/Regards

James

hi,

SEP Client is manage or unmanaged ?

SEP Unmanaged Client update

An unmanged client daily takes update at 8:00 PM from the Symantec site, If you want you can change it.

In the client UI-->Click Change settings--->Client managemnt--> Configure settings --> Live update

SEP Managed Client update Directly for SEPM Console.

Hi,

Its configured as Managed. But sometimes when i check on the client  (Help and support-> Troubleshooting) under Server it say offline, and then I may wait a while and it will show the IP or FQDN. Seems that it disconnect sometimes...

/R

James

Are you able to telnet port no 8014,80 ?

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/business/support/index?page=content&id=TECH105894

Yes i have checked that documentation.

no firewall

ping ok, telnet both ports ok.

Browsing the web pages works ok, but I do sometimes get Service unavaliable both inside management under home, monitors and reports... but this comes and goes.

/R

James

One more think check Clinet Policy no ?

Check this fourms.

http://www.symantec.com/connect/forums/sep-clients-saying-server-offline

http://www.symantec.com/connect/forums/sep-client-showing-serveroffline

Check this setting on client.

If you are using proxy on your SEPM, you can delete the proxy entry to the registry of the client that shows offline. HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections and restart the machine.

Navigate this reg key:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Check for a key called GlobalUserOffline and set it to 0

Than restart smc

Open run, type smc -stop

wait 10-15 seconds

type smc -start

See if that worked.

http://www.symantec.com/business/support/index?page=content&id=TECH91093&locale=en_US

Brian81: dont have that key in the registry.

ManishS: we do not use proxy.

But i did create a new group and policy, just to have the IP address of the server, exported the sylink and imported it on the server. What I see on the client, in the troubleshooting gui, is that it got connected to the management server, and then its green dot. But after a couple of seconds it say Offline, and the dot is no longer there.

I read something about a certificate, and I see in the sylink file that there are ServerCertList information. Dont know if this is related, but when i try to connect to the SEPM i get the standard message "There is a problem with this website security certificate" and i click next to continue, but this is just becasue its not added to trusted sites i guess ?

 /R

James

Hi,

Kindly verify SEM5.db size ?

How to shrink the embedded database using the Dbunload tool

http://service1.symantec.com/SUPPORT/ent-security.nsf/815a8fe58decda8488257363002b62ab/64ab2040ab6d71a7882573fc0000f8a2?OpenDocument

Hi,

See attached file for size, cant say that its so big that we need to do a shrink, dont think that has anything to do with the problem.

/R

James

Attachment(s)

sem5 base.zip   30 KB 1 version

hi,

Thanks for update

Please rasie ticket on symantec support. don't be delay because many still not update virus definations.

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

India: Toll-Free 000 800 4401 456 directly

IDD call: +61 2 8220 7111

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Customer Care Contact Numbers for Licensing Issues:-

http://www.symantec.com/support/assistance_care.jsp

The problem has been solved.

We have some issues with DNS, so when we configured the clients to use IP instead, all servers seems to be ok :)

Just one more questions, we have these computers as managed now, but could we configure them the following way.

If the clients dont get answer from the management server, they will connect to symantec servers to get update directly ? Is this something we can configure in the sylink.xml file ?

/R

James

yes you can use syslink.xml file for unmanaged client convert to managed client.

You can check my download (Script Convert unmanaged to managed)

https://www-secure.symantec.com/connect/downloads/script-convert-unmanaged-system-managed-system

How to convert Symantec Endpoint Protection (SEP) clients from managed to unmanaged without uninstalling and reinstalling

http://www.symantec.com/business/support/index?page=content&id=TECH104010

Hi,

We have just copied the sylink.xml fil from a server that is managed over to another server that is not managed. (smc -stop and start) and then the server is managed without a reboot. We also dont do anything about the other file in your script sephwid.xml, or registry....

Is it ok that way we do it, or will we get issues with this ? We dont want to restart the servers...

/R
James

hi,

you can use syslink tool for convert unmanaged to manage.

Yes you are folow this process .

you can stop the smc and then copy syslink file.

one more think you can also delete hardware id and restart system not sepm server

Check another download it be all process.

https://www-secure.symantec.com/connect/downloads/image-installation-system-problem

but can this utility be used when we have over 200-300 computers that need to be changed... we are looking at just using sccm to push out the file and replace it.

/R

James

No, Don't be use SCCM you can't be stop SMC service .

Use the Sylink Replacer tool to reconnect your SEP clients.

https://www-secure.symantec.com/connect/downloads/

Do I need to delete hardwareid and restart system?

What happens if i dont do that ?

/R

James

This is not required but when you will use system install by image you need to remove hardware ID.

Thanks for information, but will the clients reboot ? these are production servers 24/7 so we cant have any problems with reboot unexp...

/R

James