Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

port 8005

Migration User

Migration UserOct 31, 2012 10:41 AM

Ok. I will try now.

  • 1.  port 8005

    Posted Oct 30, 2012 08:54 AM
      |   view attached

    Please help me, I reinstalled SEPM from ISO DVD but still support tool says port 8005 problem. Clients don't turn into green...

    Attachment(s)

    zip
    SYMANTEC__2012_10_30__10_34_07_Full.zip   4.57 MB 1 version


  • 2.  RE: port 8005

    Posted Oct 30, 2012 09:01 AM

    HI,

    Can you Clear your question ?

    If you want to change Port 8005

    To change the Tomcat port

    1. Click Start > Run.
    2. Type services.msc, and then click OK.
    3. Stop the Symantec Endpoint Protection Manager service.
    4. Go to the following folder:

      C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\

    5. Right-click the file server.xml, and click Edit to modify the file.
    6. Change port="8005" to an open port.
    7. Save the changes to the server.xml file.
    8. Start the Symantec Endpoint Protection Manager service.
    9. Log on to Symantec Endpoint Protection Manager


  • 3.  RE: port 8005

    Posted Oct 30, 2012 09:07 AM

    Clients communicate with the SEPM on port 8014

    Which Communications Ports does Symantec Endpoint Protection use?

    https://www.symantec.com/business/support/index?page=content&id=TECH163787

    Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

    https://www.symantec.com/business/support/index?page=content&id=TECH105894

    Did you turn off Windows firewall?



  • 4.  RE: port 8005

    Posted Oct 30, 2012 09:18 AM

    HI.

    Do you have follow Disaster recovery process ?

    Symantec Endpoint Protection 11.x: Best Practices for Disaster Recovery with the Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=TECH102333&locale=en_US

    Check This artical

    Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

    http://www.symantec.com/business/support/index?page=content&id=TECH160964

    Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

    http://www.symantec.com/business/support/index?page=content&id=TECH105894



  • 5.  RE: port 8005

    Posted Oct 30, 2012 09:38 AM

    If needed I can change the port as you mentioned. I want to communicate clients with sepm. I checked ports and services, they are ok. Now I am running symhelp for Client/Server Connectivity. I will add the results.

    Attachment(s)

    txt
    netstat-anbo.txt   11 KB 1 version
    txt
    Troubleshooting_0.txt   4 KB 1 version


  • 6.  RE: port 8005

    Trusted Advisor
    Posted Oct 30, 2012 10:06 AM

    Hello,

    Since you have reinstalled the SEPM, was the SEPM restore via Disaster Recovery method?

    What changes were performed on the SEPM server?

    Could you upload the sylink.log file from 1 of the client machine which is not communicating with the SEPM?

    http://www.symantec.com/docs/TECH104758

    Hope that helps!!



  • 7.  RE: port 8005

    Posted Oct 30, 2012 10:48 AM

    acil05pc is one of clients. I used symhelp instead of support_tool. Thanks.

    Attachment(s)

    zip
    ACIL05PC__2012_10_30__16_30_54.zip   2.86 MB 1 version
    zip
    acil05pc_logs.zip   36 KB 1 version
    xml
    sylink.xml   2 KB 1 version
    zip
    SYMANTEC_SERVER__2012_10_30__16_20_28.zip   5.94 MB 1 version


  • 8.  RE: port 8005

    Trusted Advisor
    Posted Oct 30, 2012 11:07 AM

     

    Hello,

    I would require just the sylink.log from the client machine.

    Could you upload the sylink.log file from 1 of the client machine which is not communicating with the SEPM?

    Check this Article for the How to steps for Collecting the sylink.log file - 

    http://www.symantec.com/docs/TECH104758

    Hope that helps!!



  • 9.  RE: port 8005

    Posted Oct 31, 2012 08:10 AM
      |   view attached

    Here it is the sylink.log. Will it be continue to live???

    Attachment(s)

    zip
    sylink_1.zip   6 KB 1 version


  • 10.  RE: port 8005

    Posted Oct 31, 2012 08:31 AM

    HI Bucadh,

    Try to export Syslink.xml in sepm server and replace one sep client.

     



  • 11.  RE: port 8005

    Trusted Advisor
    Posted Oct 31, 2012 08:50 AM

    Hello,

    Upon checking th esylink.log, we found - 

    10/31 13:49:32 [3400] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

    .................

    ............................

    ........................................

    10/31 13:53:02 [2736] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED

    10/31 13:53:02 [2736] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    10/31 13:53:02 [2736] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:53:02 ======
    10/31 13:53:02 [2736] <IndexHeartbeatProc>Set Heartbeat Result= 1
    10/31 13:53:02 [2736] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
    10/31 13:53:02 [2736] <IndexHeartbeatProc>Connection Failed! No. of tries = 3
    10/31 13:53:02 [2736] <SwitchSylinkConfig:> Switching from sylink.xml.. 
    10/31 13:53:02 [2736] <SwitchSylinkConfig:> Failed to switch to use SyLinkEx.bak
    10/31 13:53:02 [2736] <SwitchSylinkConfig:> Switching from SyLinkEx.bak
    .................
    ............................
    ........................................

    10/31 13:57:18 [2736] <mfn_DoGetIndexFile200>Content Lenght => 1368

    10/31 13:57:18 [2736] <mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content.. 
    10/31 13:57:18 [2736] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
    10/31 13:57:18 [2736] <GetIndexFileRequest:>COMPLETED
    .................
    ............................
    ........................................

    10/31 13:57:18 [2736] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED

    10/31 13:57:18 [2736] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    10/31 13:57:18 [2736] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:57:18 ======
    10/31 13:57:18 [2736] <IndexHeartbeatProc>Set Heartbeat Result= 1
    10/31 13:57:18 [2736] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 1, 'Using Location Config' = 0
    10/31 13:57:18 [2736] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
    10/31 13:57:18 [2736] Use new configuration
    10/31 13:57:18 [2736] HEARTBEAT: Check Point Complete
    10/31 13:57:18 [2736] <IndexHeartbeatProc>Done, Heartbeat=512seconds

     

    As per above, It's definitely the certificate issue, restore the certifcate of older time and it should help.

    Check these Articles:

    Signature verification FAILED for Index File Content - Clients are green in the SEPM, but show offline.

    http://www.symantec.com/docs/TECH93740

    Symantec Endpoint Protection Signature verification FAILED for Index File Content

    http://www.symantec.com/docs/TECH102900

    Hope that helps!!



  • 12.  RE: port 8005

    Posted Oct 31, 2012 10:35 AM

    I tried to export and get xml file. After running sylink_drop, client still wants to update with sepm, not with liveupdate.symantec.com. I attached new sylink.xml. Please can you show me where I can change symantec into liveupdate.symantec.com? I cannot update virus definitions yet.

    Attachment(s)

    xml
    My Company_sylink.xml   2 KB 1 version


  • 13.  RE: port 8005

    Posted Oct 31, 2012 10:41 AM

    Ok. I will try now.



  • 14.  RE: port 8005

    Posted Oct 31, 2012 10:44 AM

    HI,

    It's manage SEP client ?

    check the "Use a Liveupdate Server" from the Liveupdate Policy.

    SEPM -> Clients ->Polices ->Live update Policy

    and check this Article:

    Symantec Endpoint Protection Manager 12.1 - LiveUpdate - Policies explained

    http://www.symantec.com/docs/TECH178257



  • 15.  RE: port 8005

    Posted Oct 31, 2012 11:04 AM

    Hi,

    I made that change. But for a week, no client updated itself. Is there any way with regedit, xml file or patch like solution?



  • 16.  RE: port 8005

    Posted Oct 31, 2012 11:05 AM

    In the article, it says old certificate and old password... I cannot return to old password, because I don't know...



  • 17.  RE: port 8005

    Posted Oct 31, 2012 11:32 AM

    HI,

    Check this

    How to configure the managed client group to get updates from Internet only

    http://www.symantec.com/business/support/index?page=content&id=TECH95400&locale=en_US

     

    Or if policy not applied

    Change Registry value

    Regedit
    Hkey_Local_Machine\Software\Symantec\Symantec Endpoint Protection\LiveUpdate\AllowManualLiveUpdate

    Change Registry key Value 0 to 1

     

     

     



  • 18.  RE: port 8005

    Trusted Advisor
    Posted Oct 31, 2012 11:47 AM

    Hello,

    Are you using any proxy?

    If yes, after performing the changes to the Liveupdate policy highlighted above, make these necessary changes provided in the Article below:

    https://www-secure.symantec.com/connect/articles/how-configure-proxy-settings-symantec-endpoint-protection-manager-sepm-121

    Hope that helps!!



  • 19.  RE: port 8005

    Posted Nov 01, 2012 03:40 AM

    Hi,

    I checked registry values is 1. I configured the server as in the article. Still updates are tried to retrieve from "symantec"(internal management server)... How much time does it take to apply new policy for liveupdate? Will clients turn into green?

    Thanks



  • 20.  RE: port 8005

    Posted Nov 01, 2012 03:46 AM

    Hi,

    No proxy we are using.

    I think the problem is liveupdate settings. But first clients aren't green, anymore they are all yellow. Then the clients don't know liveupdate.symantec.com as the update server.



  • 21.  RE: port 8005

    Posted Nov 01, 2012 03:50 AM

    HI,

    Uncheck "Use the default Management Server "

     SEPM -> Clients ->Polices ->Live update Policy

    Check SEP client policy no and sepm group policy no.

     

    Note : If you don't received solution,Please raised support ticket for symantec support.



  • 22.  RE: port 8005

    Posted Nov 01, 2012 04:51 AM

    I am sorry, I found these at acil05pc, why these screenshots are different? At admin and domainuser, symantec says different.

    I added screenshots and support tool report. Then I don't disturb you anymore. I will try call center.

    Attachment(s)

    zip
    ACIL05PC__2012_11_01__10_25_49_LP_Full.zip   2.19 MB 1 version


  • 23.  RE: port 8005

    Posted Nov 01, 2012 05:01 AM

    HI,

    As per screen shot your sep client are offline .

    Restoring communication to clients with a new Sylink.xml file

    http://www.symantec.com/business/support/index?page=content&id=TECH106288

    also check communication

    http://www.symantec.com/docs/TECH95789

    If your all sep client are offline You can use Sylinkreplacer tool for connecting SEP clients to a SEPM

    The Sylinkreplacer tool for connecting SEP clients to a SEPM

    https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

    Download Syslink Replacer sep 11

    https://www-secure.symantec.com/connect/downloads/sylink-replacer

    Check this thread

    http://www.symantec.com/connect/forums/symantec-endpoint-protection-manager-11-0

     

     



  • 24.  RE: port 8005
    Best Answer

    Trusted Advisor
    Posted Nov 01, 2012 07:30 AM

    Hello,

    As per the Screenshot 1.jpg, it pertains to Reputation Database. I would suggest you to perform these steps - 

    1. The following message appears: "Your computer was unable to access the Symantec Reputation Database. Before further analysis can be performed, all unsigned files must be verified using the Symantec Reputation Database. Save this report and open it with the Support Tool from another computer that is connected to the internet."
    2. Click Save the Load Point Report.
    3. In the Save Report dialog, enter a name for the file.
      The name of the file will end with LP.sdbz.
    4. Copy the file to removable media, and take it to a computer with internet access.
    5. Download the Support Tool on the second computer, and run it.
    6. Accept the End User License Agreement, and then click Open a Report.
    7. Open the .sdbz file that you saved previously.
      The Reputation Database check completes automatically.

    Reference: http://www.symantec.com/docs/TECH96291

    Secondly, Your client is not reporting to the SEPM server machine. To get all your clients start reporting / communicating to the Latest Symantec Endpoint Protection Manager, you would require SylinkReplacer version_12.1.

     

    To get that SylinkReplacer version_12.1 tool you will have to call symantec or log a web case.

    How to create a new case in MySupport

    http://www.symantec.com/business/support/index?page=content&id=TECH58873

    OR

    Regional Support Telephone Numbers:

    • United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    • United Kingdom: +44 (0) 870 606 6000

    Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

    Hope that helps!!



  • 25.  RE: port 8005

    Posted Nov 02, 2012 02:00 AM

     

    Phone numbers to contact Tech Support:-

     

    Regional Support Telephone Numbers:
    United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    United Kingdom: +44 (0) 870 606 6000

    India: Toll-Free 000 800 4401 456 directly

    IDD call: +61 2 8220 7111

     

    Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

     

    Customer Care Contact Numbers for Licensing Issues:-

    http://www.symantec.com/support/assistance_care.jsp

     

     

    How to create a new case in MySupport

    http://www.symantec.com/business/support/index?page=content&id=TECH58873