Endpoint Protection

 View Only

  • 1.  SEPM 404 Not Found Response

    Posted Dec 13, 2009 03:13 PM
    Ok so here is the story.. I had a perfectly good, working install of SEPM 11.0.5 on a single server.  I wanted to virtualize it  like all of the other servers we have.  I backed up the keystore and server xml files as well as a full backup of the data base.  I moved from Server 2003 with SQL Server 2005 (32bit) to Server 2008 R2 with SQL Server 2008 (64bit).  After a lot of work I finally was able to log in to the Manager console and see all my clients. (When I set up the new server I used all of the same settings as the old server including the IP Address, hostname, etc.)  Now here comes the problem..  None of the clients will update policies and see the new server, I get 404 Not found errors in the SyLinkMonitor log. 

    On all the clients I get a sucessful:

    http://***.***.***.***:8014/secars/secars?Hello,secars

    The IIS7 logs show GET requests with 404 repsonses as well.  Here are both logs:

    <pre>
    </SSARegData>
    12/13 13:59:40 [4628] <SendRegistrationRequest:>http://SERVERIP:80 [encrypted data]
    12/13 13:59:40 [4628] <SendRegistrationRequest:>SMS return=404
    12/13 13:59:40 [4628] <ParseHTTPStatusCode:>404=>404 Not Found
    12/13 13:59:40 [4628] <SendRegistrationRequest:>Content Lenght => 315
    12/13 13:59:40 [4628] HTTP returns status code=404
    12/13 13:59:40 [4628] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    12/13 13:59:40 [4628] <SendRegistrationRequest:>COMPLETED, returned 5
    12/13 13:59:40 [4628] HEARTBEAT: Check Point 5.1
    12/13 13:59:40 [4628] <RegHeartbeatProc>switch to another server
    12/13 13:59:40 [4628] HEARTBEAT: Check Point 9
    12/13 13:59:40 [4628] HEARTBEAT: Check Point 8
    12/13 13:59:40 [4628] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    12/13 13:59:40 [4628] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    12/13 13:59:41 [4628] HEARTBEAT: Check Point 1
    12/13 13:59:41 [4628] HEARTBEAT: Check Point 2
    12/13 13:59:41 [4628] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    12/13 13:59:41 [4628] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    12/13 13:59:41 [4628] HEARTBEAT: Check Point 3
    12/13 13:59:41 [4628] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    12/13 13:59:41 [4628] HEARTBEAT: Check Point 4
    12/13 13:59:41 [4628] <RegHeartbeatProc>===Registration STAGE===
    12/13 13:59:41 [4628] <MakeRegisterData:>logon id (domain/user)=FQDN/MYUSERNAME
    12/13 13:59:41 [4628] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="3A3CF07580AD982401E9247A52CE7903" AgentType="105" UserDomain="FQDN" LoginUser="MYUSERNAME" ComputerDomain="FQDN" ComputerName="UAPSECAA" PreferredGroup="Global    ÏFaculty" PreferredMode="1" HardwareKey="FF7A5186C6F593EDF3CD3D7BDC0929EC" SiteDomainName=""/>
    <SSAHostInfo><NetworkIdentity UserDomain="FQDN" LogonUser="MYUSERNAME" HostDomain="FQDN" HostName="UAPSECAA" HostDesc="" />
    <SSAProduct Version="11.0.5002.333" />
    <SSAOS Version="5.1.2600" Desc="Windows            616A102BPProfessional" Type="17105154" ServicePack="ServicePack"/>
    <Processor ProcessorType="x86     0x1.cbe640p-952mily%20Model%20Stepping" ProcessorClock="3391" ProcessorNum="2"/>
    <Memory Size="2137067520"/>
    <BIOS Version="DELL%20-"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="4B27-12305607065993995750000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000030.0000002009%3a570x1.71b120p-97345"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="300" />
    <DNSs><DNS Address="DNS1"/><DNS Address="DNS2"/></DNSs>
    <WINSs><WINS Address="WINS1"/><WINS Address="WINS2"/></WINSs>
    <SSANICs><SSANIC Ip="MYIP" Mac="MYMAC" Gateway="MYGATEWAY" SubnetMask="255.255.254.0"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    </pre>

    <pre>

    2009-12-12 01:31:23 SERVERIP GET /secars/secars.dll h=7BF9C4A97727C318F322A4E3492F775E8579578BFA3C29EFAD8FB870A559CEBEDA7DFCB52C2457DF7F7D70D1795C245AE0BDED4C2169DE9FEDC327D46622976D6A4CD4A6FC8F5B9D3E0C42D9330629B480770C57F4D892E8CC1A4E34AC8D14EE5709463EAEB77EFF8FD974A632112F39058E2C89DA8093E957F6CACE455A93CF2A40FA0A4233A3EBC69B1C29DECB6A20DAF404BFA714B72A9775A50D8A01093F4C6C3FB695CD28BD4642E47BF9A5F0AA93A8F36A8F2A7A47EF22074797B61F710F270F850EE69D3C623943D99E265F72D844C0D0E29FFF71B13616194756AAEF35C4740A4D946F56965B5CAD3F7B45AF077ACF45BFFB2232296FC14E25AF8088AC7908179331BF4E44615ECF65E3679076BF8E893C7E024179FBA5D08955A13D1222A7C6A0F2EB20CB8EF420B25A50D797E3EDF517C76DC7043A98A1203C982124D361F221AF806FF4D1F609AC3B35470416F96485D706E63F8CD716245C945D932A102FB0DB83D6E5D6D20DC58E1FEC9E7C1849F283C4A9C7CD2E1BC92343CCC04AA5EBE4F6A5D0E402B5C2EE7589D2 80 - MYIP Smc 404 0 64 22

    </pre>

    Any Ideas?  The domain ID is the same on the clients and Server in the Symlink.xml files.


  • 2.  RE: SEPM 404 Not Found Response

    Posted Dec 13, 2009 03:58 PM
    Try making a new sylink.xml file in the SEPM and putting that one on a client. Here is the guide to make a new sylink.xml and import it to a client http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101707165348. If that works we can talk about how to do this for all your clients.

    Cheers
    Grant


  • 3.  RE: SEPM 404 Not Found Response

    Posted Dec 13, 2009 06:11 PM
    Grant,

    That worked.  I took a look at the differences in the files.  The one exported from the server had a port specified while the client copy did not. 

    Why by migrating to a new server these files change?

    Am I going to have to deploy this tool via group policy to get all my clients back?

    Thanks


  • 4.  RE: SEPM 404 Not Found Response
    Best Answer

    Posted Dec 13, 2009 08:41 PM
    SEP MR3 and below used port 80 by default.
    MR4 and MR5 use port 8014 by default.

    If you upgrade an MR3 or older SEPM to a newer version it will keep the old port 80 setting.

    You simply need to deploy the new sylink.xml to all clients.
    Or if you really want to you could reconfigure your MR5 SEPM to use port 80 instead of 8014.
    Its really your call as to which is most convenient although I would probably update the clients to ensure future compatability etc.

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/3b6ea354c7908a7b882574f9005dd7fc?OpenDocument

    To change the SEPM communications port in IIS 6 (Windows Server 2003):
    1. Stop IIS Admin service
    2. Open the Internet Information Services Manager
    3. Right-click on the web site (either the Default Web Site, the Symantec Web Server or another custom Web Site) corresponding to the Symantec Endpoint Protection Manager and choose Properties.
    4. Under the Web Site tab in the section Web Site Identification enter the desired port in the "TCP port:" box.
    5. Do not restart the IIS Admin service yet - please go on to the next section.

    To change the SEPM communications port in IIS 7 (Windows Server 2008):
    1. Open the Server Manager, open Roles --> Web Server (IIS) --> Internet Information Services.
    2. Click on the web site (either the Default Web Site, the Symantec Web Server or another custom Web Site) corresponding to the Symantec Endpoint Protection Manager..
    3. On the right side, under Manage Web Site, click Stop
    4. Under Edit Site, click Bindings.
    5. In the Site Binding window, click the entry for http and choose Edit on the right.
    6. In the "Port:" box, enter the desired new port. Click OK to save the change.
    7. Do not restart the Web Site yet - please go on to the next section.

    To change the port that Tomcat uses to communicate with IIS:
    1. Close and Exit the Symantec Endpoint Protection Manager
    2. Stop the Symantec Endpoint Protection Manager service
    3. Navigate to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc
    4. Open the file conf.properties file.
    5. Look for the line: scm.iis.http.port=
    6. Edit the value in the line: scm.iis.http.port= so that it is equal to the value set in IIS.

    Start the Services
    1. Start the IIS Admin service
    2. Start the Symantec Endpoint Protection Manager service.

    SEPM will now be communicating on the new port configured. The clients will start checking in on their check in cycle.


  • 5.  RE: SEPM 404 Not Found Response

    Posted Dec 13, 2009 10:05 PM

    You can use the Sylink replacer utility and get the desired result.

    Using the "SylinkReplacer" Utility

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008062412271448


  • 6.  RE: SEPM 404 Not Found Response

    Posted Dec 14, 2009 01:13 AM
    Thank you all very much.. I went ahead and changed everything to port 80 and then after all clients check in I will change the port back to 8014.  Of course making sure the clients get the policy first and they all go offline.


  • 7.  RE: SEPM 404 Not Found Response

    Posted Dec 14, 2009 07:07 AM
    Go to the first server and find out in which port it was installed
    This you can find out in the IIS Manager (In the properties of the SEPM site you can find out this.
    Go to the new server
    Put the same port no. for the SEPM site.
    Below doc will give more information about this
    How to Change the Communications Management Port for SEPM and SEP Clients
    If you found both are different put the old server port no in new server and reconfigure it.
    Note:The sylink file which is present in the clients contains the information about the server ip address,port etc.
    The client will always try to connect the server with these informations. If anything of these changed it will not be able to communicating with server.


  • 8.  RE: SEPM 404 Not Found Response

    Posted Dec 16, 2009 08:42 PM
    If everything worked out please mark a solution so other people searching the forums can find it.

    cheers

    Z