Endpoint Protection

Hi,

I have MS Windows Server 2003 with MS Exchange 2003 on a clustered environment. Previous installations prevents the failover to proceed.
We're trying to install with the package I just made: The only diffence I made was using Silent and Default for the settings. (I made 2 packages)
Not seen on the picture is that I selected a group specifically for that server.


The client server got this:



What's wrong with this picture?

Something to do with dependencies?

Same problem that these guys have, also unresolved:
https://www-secure.symantec.com/connect/forums/endpoint-protection-client-error-10021
https://www-secure.symantec.com/connect/forums/savcprod-error-sep-v110-mr4

what is the SEP version you are using?

@Ajju: We're using SEP version 11.0.4014.26.

We've just done a cleanwipe on the server and installing again. Antivirus and Antispyware only.

Contrary to what the readme.txt says:
"It is recommended that you click Yes in response to all prompts."
Don't answer YES to the drivers!

 Since it is a Exchange server I would reccomend not to use Cleanwipe on it..As i have seen Cleanwipe doing disasters on servers.
I would suggest you the safest but a bit boring way..
Manual removal SEP..follow the doc TOP to bottom this issue should be resolved.

How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007073018014248

Please don't use cleanswipe, and any other Symantec Products installed on this server?

I suggest you create a separate install package and feature set.

Yes, I learned that the hard way. :(
The admin I was talking to doesn't WANT to do the manual removal I sent before that. So here we are.

I'd recommend that in a clustered env. you install the SEP as an unmanaged client on all the shared arrays.

So it'd be one client on each node. Thats the best way I've found it to work, and in the process I've also had to turn off the Tamper Protection to prevent any untoward issues like I'd faced for a POC while I was working in Symantec.

Thanks for the fresh insight. It reminded me of the problem I had with SAV not updating unless set to unmanaged.

Here are some of the alerts from the logs:

That's the SMS logs mon, How about the logs of the Cluster Service? Btw, for the other nodes, what AV is currently installed? Is it SAV? is it unmanaged? What was the previous setup?

Hi Paul,

We're currently migrating from SAV 10 to SEP 11. The other node is still in SAV.
The one with SAV can still be managed by the SAV server.

The server admin says that it is currently working. But during observation in the past tests, the passive cluster works for about 2 days then fails.
Symantec support says that there is nothing SEP related on the error logs and that this could be a MS OS problem and that we contact MS.

That server was working fine in SAV until it was migrated to SEP. It also works fine without an AV.

I know this setup would not be recommended but can you try to test it without AV software for 2 days? So that we can isolate if it is an OS or AV problem.

Kindly check this KB of Symantec Regarding Cluster

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/69b83eb1f766a58780257512004948ce?OpenDocument

No. I wouldn't suggest to have a production exchange server to run without an AV just to test it. Not even for half a day. They don't have a similar setup for testing, so we're stuck with what we have.

If I know it is safe to run that, knowing that all shares are disabled and only the exchange is running on that server. Someone, please reassure me that no network threats will come to this server.

I already sent the instructions to create a package with only antivirus and antispyware enabled and there is no default group assigned. I'm going with the inmanaged/stand-alone solution. I'll post any updates here.

"If one SEP client in the cluster is temporarily down, virus definitions on that node will not be updated until the SEP client succcessfully starts and updates itself from the designated management server."

as stated on the KB, I think they are no issues with SEP even on managed.

Thanks.

Apparently, setting the SEP to unmanaged did the trick. Although I'm taking this as a workaround and not a solution. I've also discussed this with my other colleagues and they also said that the passive node should be unmanaged.