Symantec Management Platform (Notification Server)

Hi,

I'm currently testing Patch Manangment utilizing CEM to see if it meets our requirements as an MSP.

I have the Notification server on our Corp Network and this talks to the Internet Gateway with no issues. Both these are workgroup servers with host files for name resolution.

I have a test server on a client's network and this will not connect to the NS.

It seems to connect with no issues to the IG and gets the Temp certificate

It seems to fail talking to the N/S. My understanding was that CEM clients doesn't need to be able to talk directly to the NS.

<event date='08/16/2016 09:47:08.2510000 +01:00' severity='1' hostName='symitms-cem-01' source='NetworkOperation' module='AeXNetComms.dll' process='AeXNSAgent.exe' pid='2444' thread='1944' tickCount='2133904187' >
  <![CDATA[Operation 'CEM: Connect' failed. 
Protocol: HTTPS 
Original Host: <NS-hostname>:443
Real Host: IG-IP:4726
Path: / 
Id: 4453.2444 
Error type: Connection error 
Error code: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond (10060) 
Error note: SocketIOStrategySyncSelect::Connect error]]>

Any help is much appreciated.

Thanks

Mark

Hello Mark,

This s hard to troubleshoot this issue with the amout information provided.

Did you set up CEM environment correctly? Check those things first:

1) CEM site was created on NS, certificates valid etc...

2) CEM policy is enabled, populated with correct information and applied to clients

3) On Internet gateway NS and Site Server is set into "allowed list"

4) Associated TCP ports are accessible by parties involved

Regards,

Denis

Hi MarkBoothman!

I don't have a direct answer to your question.

However, I could recommend you to try to search for an answer on Symantec's support site too:

https://support.symantec.com

After entering the error message from your post, I got a huge amount of articles. You can filter those by the product and product version.

Maybe it helps at least a little:

Hi I will give that a try many thanks for the suggestions so far.

Do the client agent need to be able to resolve the NS server or just the IG?

The reason I ask is my client is in a seperate domain.

Thanks

Mark

Hello Mark,

Gateway and NS should resolve each other, SMA might not resolve NS FQDN as long as it communicates in CEM mode.

Thanks for the update.

I will continue my investigations as the NS and IG can communicate fine. They are both workgroups servers but they can communicate with no issues