Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Load balancing issue and SEPM connection issue

  • 1.  Load balancing issue and SEPM connection issue

    Posted Aug 14, 2009 02:42 PM

    I have one site, an SQL database with two SEPM servers.  In the management server list, i have one priority for the two servers (so, load balancing).
    All of the clients connect to the first server SEPM installed. None of them can connect to the second.

    So, when i stop the service of SEPM on the first server, none of the client can do load balancing. In the troubleshooting window, it says Offline.

    I noticed that in the sylink.xml file, i have two certificates with the name (the first server SEPM).

    When i did the tests in my lab environment, the load balancing was working fine, with the same configurations.

    In my lab environment, the sylink.xml file had two different certificates with the name of the two servers SEPM.

    May be there a problem with the certificate or communication with the second SEPM.

    I uninstalled the second SEPM server, rebooted, reinstalled, but nothing changed...

    Do you have an idea?



  • 2.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 14, 2009 03:13 PM
    How many clients you have?
    In the test enviournment was it load balancing or failover?


  • 3.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 14, 2009 03:15 PM
    for test purpose you can create a MSL with only one IP address & put in the IP address of your New SEPM & use that sylink file on one of the client & see if that client actually connects to the new SEPM.

    Let me know the output then we will go to the next Plan.


  • 4.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 14, 2009 03:21 PM
    Do they (all SEM servers) show up in the site properteries in the console - Admin tab on the lower left, then servers from the lower left menu.....  ??


  • 5.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 14, 2009 03:37 PM

    When there is 2 ip address on the same Priority the client that comes onto the network selects the server to connect  on a random basis.  So it means that it slects the server randomly,

    What you need to do is Create 2 priority for both the server
    ex
    Priority 1 . 10.x.x.x:8014
    Prority 2: 10.y.y.y:8014


  • 6.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 14, 2009 03:54 PM
    Hi Prachand,

    Creating two Priority will not give the load balancing. Hence I have asked him for number of clients. so that we can know if there is a need for load balancing.:)


  • 7.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 14, 2009 06:01 PM
    We might want to try the following:
    1. Export a Sylink from the second SEP Manager 
    2. Replace the same on one of the clients as a Test...
    This should let us know if the second SEP Manager is setup fine and if it is able to communicate after a maual sylink replace is performed.

    Thanks :-)


  • 8.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 21, 2009 10:21 AM

    Thank you all for your answers.

    My problem was with the certificates.

    In the sylink file, i noticed that I had two certificates identical (with the name of the first SEPM).

    So, Symantec gave me a restore procedure.

    So i exported the key of the the first SEPM and made an update of the server certificate of the second SEPM (importing the key).

    all the clients received a new sylink file with two certificates...

     

    i stopped the service of the second SEPM and all my clients moved to the other SEPM.

    thank you

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948

    Best Practices for Disaster Recovery with Symantec Endpoint Protection

     



  • 9.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 21, 2009 04:56 PM
    If the issue is resolved then please mark a solution to this thread.:)


  • 10.  RE: Load balancing issue and SEPM connection issue

    Posted Aug 22, 2009 12:30 PM
    I think you set a different port, you should set the same post as you set the pre configureation of load balancing


  • 11.  RE: Load balancing issue and SEPM connection issue

    Posted Mar 12, 2010 08:23 PM
    Manicou97,

    Looks like I have the same problem with the new server we just set up.  The Sylink.xml has two certs but they are for the original server and they are identical.   The clients aren't talking to the new server and if I stop the original one clients don't start talking with the new server.  That is the green dot on the client shield goes away and doesn't come back until I enable the original server.

    I wasn't clear on your process for dealing with the two certs.  I'd like some additional details on the process you went through.  I have a ticket with support and even pointed them to this thread, but I get the feeling that I am talking to a brick wall.

    Thanks


  • 12.  RE: Load balancing issue and SEPM connection issue

    Posted Mar 17, 2010 01:36 PM
    After some further investigation I see what Manicou97 did.   I suspect that exporting the second server's cert and running the cert update and re-importing the second servers cert might have kicked the system to add it to the sylink.  Doing it his way I did get two servers and their certs however the certs are the same because of updating the first server's cert to the second server.

    The whole issue is that the clients only had one cert for the first server and therefore couldn't establish a valid connection to the second server.