Endpoint Protection

Recently had a need to create a Windows 2012 R2 VM and proceeded to install the SEP client (12.1 RU6 MP6) as I normally would using a package I previously created and have successfully used in the past.  However, it failed to connect to my SEPM server with an "HTTP error 407" under the client's Connection Status.  The Last Attempted Connection shows my SEPM server name/IP along with 80 for the port number.  Last Successful Connection says "Never".

Looked at another existing W2012 R2 server with 12.1 RU6 MP6 which is connecting just fine using port 8014.  Thinking that perhaps our 2012R2 VM template might've become corrupted, I created another VM and installed the OS from scratch but the SEP client behaves the same way and fails to connect.  I even moved the VM to a different ESX host thinking that maybe something's goofy with the networking to the host but got the same result.

SymDiag reports the following error which I don't see on the known working SEP client I mentioned, above.  Again, I've used this same SEP client package to install on other servers before so don't understand why it's not working now.  Thanks in advance!

Can you enable sylink logging to see the attempted communication to the SEPM to see if it throws up a more detailed log message?

I see the following repeating in debug.log...

2017/04/06 11:23:46.148 [1876:2768] Update ProfileNow Request has been sent
2017/04/06 11:23:47.555 [1876:1672] <SyLink>[MakeRegisterData] registration Hardware Key=FBAD3E1739AE90F1C5E3DEFB5112CD14
2017/04/06 11:23:47.555 [1876:1672] AH: Setting the Browser Session end option & Resetting the URL session ..
2017/04/06 11:23:47.617 [1876:1672] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
2017/04/06 11:23:47.617 [1876:1672] <SyLink>[SendRegsitrationRequest] Request Result= 5
2017/04/06 11:23:47.633 [1876:1672] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 04AA2CF8 time: 0
2017/04/06 11:23:47.633 [1876:1672] ###### Set ACSConnec offline
2017/04/06 11:23:47.633 [1876:1672] CProfileMgrManPlugin::ReceiveMessage: enter
2017/04/06 11:23:47.633 [1876:1672] ProfileMgrMan: ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] CProfileMgrManPlugin::ReceiveMessage: exit
2017/04/06 11:23:47.633 [1876:1672] AVMan: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] AVMan: Leaving ReceiveMessage
2017/04/06 11:23:47.633 [1876:1672] LUMan: Entering ReceiveMessage with id 0x40002
2017/04/06 11:23:47.633 [1876:1672] AtpiMan: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] AtpiMan: Leaving ReceiveMessage
2017/04/06 11:23:47.633 [1876:1672] BashMan: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] BashMan: Leaving ReceiveMessage
2017/04/06 11:23:47.633 [1876:1672] NETSECMAN: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] NETSECMAN: Leaving ReceiveMessage
2017/04/06 11:23:47.633 [1876:1672] RebootMgrMan: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] RebootMgrMan: Leaving ReceiveMessage
2017/04/06 11:23:47.633 [1876:1672] RepMgtMan: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] RepMgtMan: Leaving ReceiveMessage
2017/04/06 11:23:47.633 [1876:1672] SubmissionsMan: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] SubmissionsMan: Leaving ReceiveMessage
2017/04/06 11:23:47.633 [1876:1672] ElamManPlugin: Entering ReceiveMessage with msg id 262146
2017/04/06 11:23:47.633 [1876:1672] ElamManPlugin: Leaving ReceiveMessage

Out of curiosity, see if this is the cause:

http://www.symantec.com/docs/TECH208894

I had already come across this article where all of my checkboxes are clear.  Nice try.  ;-)

There are plenty of articles related to  proxy mostly -

try each if that solves your issue -

https://support.symantec.com/en_US/article.TECH190598.html

 

https://support.symantec.com/en_US/article.HOWTO6763.html

 

https://support.symantec.com/en_US/article.TECH104926.html

 

and if that helped you let us know which one

Wanted to thank everyone for chiming in!  However, ended up opening a case with Symantec since I was experiencing multiple issues in my environment where SEP was concerned.  Turns out my SEPM somehow got corrupted which required them to run a repair and a whole laundry list of other tasks, below.  This refresh also forced me to recreate all of my SEP client install packages since using the existing ones were failing to connect to my SEPM server.  Man...what a nightmare!  Thanks goodness it's FRIDAY!!!

TROUBLESHOOTING STEPS:
Customer called in saying he was having multiple issues with his SEPM.
Found that almost all clients were showing as out of date.
Checked SEPM was up to date and also the polices were configured as to get defs from SEPM alone.
Checked client communication and it was fine.
On the client, last virus defs was of 4th April 2017.
Moved 2 clients to a test group and applied an LU p[policy saying that it has to take defs from both SEPM and internet.
Client stopped communicating with SEPM after changing groups.
Moved the clients back to original group and changed the LU policy again.
Applied the policy, still no change.
Ran MSI repair of SEPM.
SEPM webserver service stopped running and event ID 3299 was logged in Event viewer.
Followed TECH187592.
No change.
Ran upgrade.bat.
Issue got fixed.
Case under observation for 2 hours.
Replaced the sylink file from a working client to the client that is not connecting.
Client was not connecting with SEPM.
Ran MSCW on SEPM.
Pushed communication from SEPM.
Client started communicating with SEPM.
Customer had a few other questions about creating packages.
Answered them.
Issue resolved.
Customer agreed to close the case.