Endpoint Protection

 View Only

  • 1.  SEP client installed on Multi Homed computer not communicating with SEPM

    Posted Jul 30, 2009 09:15 PM
    A  multi-home computer (with 2 NIC and having an IP for each of them) will show as offline in SEPM console.

    Secars test is OK for the client.

    Copied Sylink file but no green dot and it is still ofline.

    Disabled 1 NIC card and reinstalled client and restarted computer but still issue persists.

    In the Client interface, the information in front of Server and Group is blank. Confirmed that in registry

    PreferredGroup  key is not existing in the folder HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\
    Checked in the sylink.xml of the client, it has all the relevent info and sylink looks to be perfect.

    When replaced a new sylink, its information is not getting processed.

    Any thoughts?

    Cheers,
    Gautam


  • 2.  RE: SEP client installed on Multi Homed computer not communicating with SEPM

    Posted Jul 30, 2009 09:46 PM
    Can add the sylink log to this thread?


  • 3.  RE: SEP client installed on Multi Homed computer not communicating with SEPM

    Posted Jul 30, 2009 09:47 PM
    Grab sylink monitor from the knowledge base, run it and enable logging on the SEP client.

    Export communication settings from the config group you want to join on the server.
    On the SEP client in question run: smc -stop
    Copy the sylink.xml onto the client
    run: smc -start

    What does sylinkmonitor show?
    Open up wireshark and start capturing network traffic.

    cheers

    Z




  • 4.  RE: SEP client installed on Multi Homed computer not communicating with SEPM

    Posted Jul 30, 2009 11:57 PM
    Try disabling NTP and test. Let us know the outcome. BTW, what version of SEP are you running?


  • 5.  RE: SEP client installed on Multi Homed computer not communicating with SEPM

    Posted Jul 31, 2009 04:46 AM
    Who is the vendor for NIC ?

    Also upgrade the drivers for the NIC ( Important)


  • 6.  RE: SEP client installed on Multi Homed computer not communicating with SEPM

    Posted Jul 31, 2009 04:54 AM
    I recently came across this problem.

    The SECARS test worked OK, but the SEP client remained offline.

    In the SyLink log there were lines like this:

    07/30 14:49:18 [4532] <SendRegistrationRequest:>http://10.9.0.71:8014 [encrypted data]
    07/30 14:49:18 [4532] 14:49:18=>Send HTTP REQUEST
    07/30 14:49:48 [4532] AH: (InetWaiting) time out. Timeout period: 30000
    07/30 14:49:48 [4532] Throw Internet Exception, Error Code=4294967287;Internet Session Timeout


    It turned out that some of the network adapters had self-assigned IP addresses (APIPA) because there was no DHCP and the unused NICs were connected to the switch but without fixed IP.

    Check that all IPs in all NICs are correct. If possible, disable all NICs except one and test again. And repeat for all of them.

    The SEP client could be trying to connect to the SEPM via the "wrong" NIC...