Endpoint Protection

Greetings all,

Strange issue.  I'm am using the trialware edition of SEP 11, server install on a WinServer 2008 x64 Standard is ok.  Clients can get installs, but when they attempt to contact the SEPM server nothing happens.
Here is an excerpt from the sylink debug log:

07/29 18:14:30 [1364] <SendRegistrationRequest:>http://server:8014мmlvç
Ýǧóîƒd9›J_”
T¨š:ž.dà™Ï`FPMÍx»çõßrÆnÞâ]¹6I×-:ib‚VÏj
C¯ ¹’ pgõ6Jò7¼;oVV±Ý„ÃÁRêŠÒˆQ
·³´a{N_(8sª¦òÆß H¶HÑ:¹¦×SÅ´1cþÂrbSÒÖ} ÑãH÷9ÓuŒK0²ešÑQ‚ÕŠ³
07/29 18:14:51 [1364] <ParseErrorCode:>12029=>The attempt to connect to the server failed.

Needless to say the garbage is not right.

Clients are all vista 32 bit, a variety of business and ultimate versions.

Any ideas?

Thanks in advance.

1.Disable the Windows Firewall

2. Replace the sylink

1. Copy of the file Sylink.xml from the server from C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\
2. On the client computer , click Start > Run, type smc -stop, and click OK.
3. Copy the Sylink.xml into the C:\Program Files\Symantec\Symantec Endpoint Protection folder, and replace any existing Sylink.xml file.
4. Click Start > Run, type smc -start, and click OK.

Thanks for the quick reply Prachand.

That file does not exist in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\

Thoughts?
.

Open the numbered folder C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\   and there you will find the sylink .xml

Hi

The Thing that you feel is Garbage is actually the encripted data.
Can you please try this from your client machine open the IE & type in

http://server:8014/secars/secars?hello,secars

Note:- I am assuming "server" as your server name

Prachand,

Thanks for the update, is there a particular one of the content folders (numbered) that I should choose? I'm assuming any is fine. I will check this tomorrow.

Kavin,

Probably so, but looking online, others log files have a standard key (character data) and then a closing xml tag on that line. That seems to point to something really screwy in the comms.

Anyway, I'm pretty sure I tested your link earlier and received a 404 error, but I will confirm tomorrow.

Thanks for your suggestion.

You can choose any folder.

If its giving you 404 then I think a sylink replacement might give you the solution to your problem.

Thanks again gents.  I will let you know manana.

Windows 2008 Servers have Windows firewall turned ON by default unlike Windows 2003 Servers that blocks port 8014 used for client - SEPM communication. So if a managed client install package was deployed to the clients then most probably there should not be an issue with the sylink.xml file.
You may either disable the Windows firewall or create an exception for TCP port 8014.
Then simply right-click on any of the clients yellow shield icon in the tray and click update policy. The client should start communicating with SEPM.
Do let me know this helps.

Thanks to all.

Kavin, between you and Here2Help, the issue was in the firewall.  Here's the and interesting point thought.

On my Server 2008 box, I have the Advanced Firewall enabled.  I had added an exception in the standard Control Panel Windows Firewall for port 8014, however, apparently if the Adv FW is enabled, this is ignored.

As soon as I added the rule to the Adv FW, the secars link was available and after updating the policy on one of the clients, everything came right up.

Again, thank you.