Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Error in heartbeat response(4)

  • 1.  Error in heartbeat response(4)

    Posted Apr 21, 2017 12:02 AM

    Hello!

    I reinstall SEP clients 12.1.7004.6500   and the client stopped connecting to the server. 

    Status:not connected

    error: erro in heartbeat response(4).

    secar test:OK

    I delete client from SEPM console, replace sylink(using SylinkDrop.exe), delete the following keys:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections 

    I Uninstalled  client cleanwipe utility  and install again. no RESULT.

    The client only once successfully connected to the server after reinstallation

    clien server log 

    The client computer has been added to the group  BBB  SSS  V-SEP  s44000  user    
     Client has registered  BBB  Sberbank  V-SEP  s44000  user 

    sylink.log

    04/20 18:23:26.271 [2136] ************CSN=537831
    04/20 18:23:26.272 [2136] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=90ABA3560A77F42D006C5F1DF30A5F9B&chk=5B27CD95B9A4D4F3601DA37A6D2FFDDC&ck=94123D797FD1E70BF45919FFE8F6F765&uchk=F8E339C49DF689DBC378405F41F1B7C8&uck=A7AF0B210859F7B9510EB178A0DE63CF&hid=24C9AFC2992CB85FB9F324478B9D0ADF&groupid=A3A092470A77F42C01489BBC05D70B28&ClientProductVersion=12.1.7004.6500&mode=0&hbt=1800&as=537831&cn=[hex]73343430303075626F6666313730&lun=[hex]30312D6B6F726E65796368756B2D616D&udn=[hex]54455242414E4B2E5349422E534252462E5255
    04/20 18:23:26.274 [2136] <GetIndexFileRequest:>http://11.12.33.44:8014/secars/secars.dll?h=2BF682D1C0388E3E377C4C6C90E781938C527B5B13C0AF4588BDEECE6F3D876736148C8568638EB8B9EE1F8F6CDE377F7FD81F9183BD6000FD97CA7B1A0C460D45D95E718B8ED5CDEF9E1E313594511ACD54754C6FBC8DCD0F6C08C41B980C41949995B290BB618873ECF841AF165C7C50A03A16961BB3BEE3A1A03BB92AB71681611587283B86C0BC40014B852983D0FBDFEA89208854D233769BBD54F764B6E3E4D373CBE73D5177C86D60B2209B90C77508D80134C61CC6B7CD0C4E18CBF301D28840A4CB67926211A79D81C5A9F93C9632D8879343423DDB24DDE445A9FCA902653AA5D73BAF3ED43D83C85C8F937CEF9939268DA47781CA8B2DCD9BF9B14A79073DECB6EE8D8F4D30238E593B125C604CAFFD781A9FFAD067727FE82BB563D7AB23BBC723D386DCCB781482866DF202C3CF664126AB70EFF5AC02C5AF77FD009C3B28C67BF3F7D46CC10526181141BAD51BD5366C79180FD783535436EFFF6F8DB0D1F813F57485A64FF706CBBADED08A165712F4F8BB7721B73CDA1773816EFFF9A75ECF494224D8E9D10F25A2A0C201C79104370CF3F63C6D8A257E4F9D56E9350BAFB072B420E29EDB2170069AA689C9CB38EDF1076BED8122EAA39D68FB09069DCFFA30DF031BA50E7D2137C2CD81ECE3F762A103D38275C6A8F392
    04/20 18:23:26.278 [2136] <InternetCallback> HttpOpenRequest; Internet status: 60; CtrlBlk: 03438B00
    04/20 18:23:26.405 [3784] <InternetCallback> HttpSendRequest; Internet status: 100; CtrlBlk: 03438B00
    04/20 18:23:26.419 [2136] AH: (InetWaiting) bFinished is TRUE on CtrlBlk: 03438B00
    04/20 18:23:26.419 [2136] <GetIndexFileRequest:>SMS return=200
    04/20 18:23:26.419 [2136] <ParseHTTPStatusCode:>200=>200 OK
    04/20 18:23:26.420 [2136] <FindHeader>Sem-HashKey:=>5B27CD95B9A4D4F3601DA37A6D2FFDDC
    04/20 18:23:26.422 [2136] <GetIndexFileRequest:>Loading the current mode:1
    04/20 18:23:26.424 [2136] <FindHeader>Sem-LANSensor:=>0
    04/20 18:23:26.425 [2136] <FindHeader>Sem-Signatue:=>13F018188262818B94677EFBE45E309F80894490C3991159106607E4FD0C870597B1A58A6B56B7759AABC7CF5BD633C1FEF806435DA6EC98DD78AB33BE079F428FF9FB653B2E9306C0D485057134B0244F03CB425179FF6E312C64EAF06619EA8D60FF3B896886FC86FBE60094B64DDC213DEFAA3B31AD134F2E5AB30F932CBE
    04/20 18:23:26.427 [2136] <FindHeader>Sem-CommandGUID:=>E8FF02040AAEC70600867BA9E095C543
    04/20 18:23:26.428 [2136] [Command] New command(s) arrived from SEPM: E8FF02040AAEC70600867BA9E095C543
    04/20 18:23:26.466 [3784] <InternetCallback> InternetReadFileEx; Internet status: 100; CtrlBlk: 03438B00
    04/20 18:23:26.470 [2136] AH: (InetWaiting) bFinished is TRUE on CtrlBlk: 03438B00
    04/20 18:23:26.470 [2136] <mfn_DoGetIndexFile200>Content Length => 2502
    04/20 18:23:26.472 [2136] <mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content..
    04/20 18:23:26.472 [2136] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
    04/20 18:23:26.475 [2136] <GetIndexFileRequest:>COMPLETED
    04/20 18:23:26.476 [2136] <IndexHeartbeatProc>GetIndexFile handling status: 101
    04/20 18:23:26.478 [2136] <IndexHeartbeatProc>Switch Server flag=0
    04/20 18:23:26.481 [2136] HEARTBEAT: Check Point 5.1
    04/20 18:23:26.481 [2136] <ScheduleNextUpdate>new scheduled heartbeat=128 seconds
    04/20 18:23:26.483 [2136] HEARTBEAT: Check Point 8
    04/20 18:23:26.485 [2136] NextProxySetting: Cycled through all proxy settings.
    04/20 18:23:26.486 [2136] Get Next Server!
    04/20 18:23:26.488 [2136] <IndexHeartbeatProc>switch to another server
    04/20 18:23:26.490 [2136] <DecrementScheduleTime:>New scheduled heartbeat=64 seconds
    04/20 18:23:26.491 [2136] ResetProxySetting: Will now use proxy setting 1
    04/20 18:23:26.994 [2136] HEARTBEAT: Check Point 1
    04/20 18:23:26.994 [2136] HEARTBEAT: Check Point 2
    04/20 18:23:26.994 [2136] <PostEvent> going to post event=EVENT_SERVER_CONNECTING
    04/20 18:23:26.996 [2136] <PostEvent> done post event=EVENT_SERVER_CONNECTING, return=0
    04/20 18:23:26.998 [2136] HEARTBEAT: Check Point 3
    04/20 18:23:26.999 [2136] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
    04/20 18:23:27.001 [2136] HEARTBEAT: Check Point 4
    04/20 18:23:27.003 [2136] <InternetCallback> InternetConnect; Internet status: 60; CtrlBlk: 03438B00
    04/20 18:23:27.005 [2136] <IndexHeartbeatProc>===Get Index STAGE===



  • 2.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 12:25 AM
    Hi, Run the sym diagnostic tool and see what it shows https://support.symantec.com/en_US/article.TECH105414.html Also check below article - https://support.symantec.com/en_US/article.TECH105894.html


  • 3.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 12:47 AM

    Cloned ?

    check the hardware ID

    Duplicate Hardware IDs result in only one client showing up in the Symantec Endpoint Protection Manager for multiple systems

    https://support.symantec.com/en_US/article.TECH97626.html



  • 4.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 02:01 AM

    Symdiag  error "corrupt definitions" , usage.dat file  .

    i delete client with cleanwipe and reinstall . no effects . install intellegent update package. nothing.

    SEP client is not receiving definition updates.

    SEP client is not receiving policy updates.

     

    Secar test, ok

    SEP client is SHOWING a green dot in the Symantec Endpoint Protection Manager console.  (restart reqiuered:YES)

    Status:not connected

    error: erro in heartbeat response(4).

    clien server log 

    The client computer has been added to the group  BBB  SSS  V-SEP  s44000  user    
     Client has registered  BBB  Sberbank  V-SEP  s44000  user 

     



  • 5.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 02:10 AM
    Repair the corrupt definitions if there a fix now button available on sym diagnostic tool Also, move that client to a test grp and manually replace the sylink file from program data folder by disabling the tamper protection on sep


  • 6.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 03:49 AM

    Change ID -no result

    Repair the corrupt definitions - i delete client whith cleanwipe, sym diagnostic tool - fix now button -cannot get new def(no inet connection)

     

    =======EXCEPTION: SndException ====
    Reason Code: 0, Reason:fail to import from profile because it's not a good profile   ????



  • 7.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 04:03 AM

    Time of  Last Succcesful connection   update after restart PC.

    but

    Status:not connected

    error: erro in heartbeat response(4).

    2017/04/21 14:54:31.428 [1828:1648] Update ProfileNow Request has been sent
    2017/04/21 14:54:32.271 [1828:2420] CWscFwHandler: update status time out-2147483638
    2017/04/21 14:54:32.864 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:33.020 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:33.067 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 032BF9B0 time: 0
    2017/04/21 14:54:33.286 [1828:2420] CWscFwHandler: update status time out-2147483638
    2017/04/21 14:54:33.582 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:33.738 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:33.817 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 032BF9B0 time: 0
    2017/04/21 14:54:34.300 [1828:2420] CWscFwHandler: update status time out-2147483638
    2017/04/21 14:54:34.332 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:34.488 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:34.566 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 05194218 time: 0
    2017/04/21 14:54:35.081 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:35.237 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:35.315 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 033DC338 time: 0
    2017/04/21 14:54:35.315 [1828:2420] CWscFwHandler: update status time out-2147483638
    2017/04/21 14:54:35.830 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:35.986 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:36.064 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 033DC738 time: 0
    2017/04/21 14:54:36.580 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:36.736 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:36.814 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 033DC738 time: 0
    2017/04/21 14:54:37.329 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:37.485 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:37.532 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 051C7910 time: 0
    2017/04/21 14:54:38.047 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:38.203 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:38.281 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 05194218 time: 0
    2017/04/21 14:54:38.796 [1828:2700] AH: Setting the Browser Session end option & Resetting the URL session ..
    2017/04/21 14:54:38.952 [1828:2700] <ParseHTTPStatusCode:>200=>200 OK
    2017/04/21 14:54:39.030 [1828:2700] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 05194218 time: 0
    2017/04/21 14:54:39.030 [1828:2700] ###### Set ACSConnec offline
    2017/04/21 14:54:39.030 [1828:2700] CProfileMgrManPlugin::ReceiveMessage: enter
    2017/04/21 14:54:39.030 [1828:2700] ProfileMgrMan: ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] CProfileMgrManPlugin::ReceiveMessage: exit
    2017/04/21 14:54:39.030 [1828:2700] AVMan: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] AVMan: Leaving ReceiveMessage
    2017/04/21 14:54:39.030 [1828:2700] LUMan: Entering ReceiveMessage with id 0x40002
    2017/04/21 14:54:39.030 [1828:2700] AtpiMan: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] AtpiMan: Leaving ReceiveMessage
    2017/04/21 14:54:39.030 [1828:2700] BashMan: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] BashMan: Leaving ReceiveMessage
    2017/04/21 14:54:39.030 [1828:2700] CidsMan: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] CidsMan: Leaving ReceiveMessage
    2017/04/21 14:54:39.030 [1828:2700] NETSECMAN: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] NETSECMAN: Leaving ReceiveMessage
    2017/04/21 14:54:39.030 [1828:2700] RebootMgrMan: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] RebootMgrMan: Leaving ReceiveMessage
    2017/04/21 14:54:39.030 [1828:2700] RepMgtMan: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] RepMgtMan: Leaving ReceiveMessage
    2017/04/21 14:54:39.030 [1828:2700] SubmissionsMan: Entering ReceiveMessage with msg id 262146
    2017/04/21 14:54:39.030 [1828:2700] SubmissionsMan: Leaving ReceiveMessage



  • 8.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 04:54 AM

    Can you verify the proxy settings? from the log it says  will use proxy setting 1

     

    try this

     

    heck in the registry (HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings) those keys
    "ProxyEnable"=dword:00000001
    "ProxyServer"="test:80"

    2. Change ProxyEnable to 0
    3. Delete ProxyServer key

    These settings are also cached in Hex format in the following location: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    -DefaultConnectionSettings
    -SavedLegacySettings

    If DefaultConnectionSettings and SavedLegacySettings are present, they will re-populate the proxy settings. If they are NOT present, they will be generated with the current proxy settings. This can cause issues if the customer tries to alter just "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable" without also purging DefaultConnectionSettings/SavedLegacySettings before a reboot.



  • 9.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 06:54 AM

    "ProxyEnable"=dword:00000000 and no key "ProxyServer"

    Time   of Last Succcesful connection   update after restart PC

     

    00000071    01d2ba6f1a98afca    12070202    00000000    00000000    00000000    Symantec Management Client has been started.    Smc    
00000093    01d2ba6f1c0203ca    12070301    00000000    00000000    00000000    Connected to Symantec Endpoint Protection Manager (V-SEP)    Smc    
00000098    01d2ba6f22405f7a    12070304    00000000    00000000    00000000    Disconnected from Symantec Endpoint Protection Manager (V-SEP)    Smc    
000000ab    01d2ba6f410320fa    12070800    00000002    00000002    00000000    LiveUpdate encountered an error: Failed to resolve LiveUpdate server name (0xA100000D).    LiveUpdate Manager    
0000006a    01d2ba6fb480f6aa    12070305    00000000    00000000    00000000    New Options setting has been applied.    Smc    
000000bc    01d2ba6fcea5fc2d    12070207    00000000    00000002    00000000    =======EXCEPTION: SndException ====
Reason Code: 0, Reason:fail to import from profile because it's not a good profile    Smc    
00000061    01d2ba6fcea5fc2d    12070207    00000000    00000000    00000000    Failed to import new policy.    Smc    
00000083    01d2ba704b07652c    1207021a    00000000    00000000    00000000    User is attempting to terminate Symantec Management Client....    Smc    
0000006b    01d2ba704b639148    12070204    00000000    00000000    00000000    Symantec Management Client is stopped.    Smc    
00000075    01d2ba706d2dbc2a    12070219    00000000    00000000    00000000    Network Threat Protection's firewall is disabled    Smc    
00000167    01d2ba706dac15c3    12070201    00000000    00000000    00000000    Symantec Endpoint Protection -- Engine version: 12.1.7004


  • 10.  RE: Error in heartbeat response(4)

    Posted Apr 21, 2017 09:24 AM

    Hi,

     

    I would suggest to export a new package from SEPM and install it after cleanwipe bcz it looks like the package itself is currupted.



  • 11.  RE: Error in heartbeat response(4)

    Posted Apr 24, 2017 08:09 AM

    Thanks to All

    A new package I think this might help, apparently something is broken on the SEPM server