Endpoint Protection

Recently reinstalled SEPM on a server which was not allowing me into SEPM manager. After many issues I can now login to the manager and can see all my policies and groups. Unfortunately I cannot get the clients to communicate with SEPM (no green dots). On the clients themselves if you go to troubleshooting the server says 'Offline'. If you look at the syslink.xml files on the client there is no port listed but if you export comms settings on SEPM the files state HttpPort="8014". As far as I can see this is the only difference between the two files. I ran the support tool on the client (image1) and on the server (server came back with no errors). My IIS install shows a default website on port 80 and Symantec Web Server on 8014. What's the best way to get the clients talking to the SEPM again? I have looked at the syslink replacer util but that looks like you would have to change every client (i have over 200) - is there a server side change I could make? Any help is much appreciated

If you are lucky this might work...

Did you install new SEPM? if yes then there will be different certificate for each sepm..and clients wont communicate.

use the sylink replacer tool and replace the new sylink file

you can download the file from here

https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Hi,

Currenly there no such option on server side to restore communication.

Sylink replacer can be possible solution. It's quite easy to run.  

If you had a medium/high level of IIS skill you could put a redirect in the default website that pointed to the correct Symantec website.

 

After the clients are able to communicate with SEPM once they will get the new Sylink.xml file automatically.

Update the old server certificates. 

 

Locate your keystore file and your server.xml file.
The keystore file name is keystore_<timestamp></timestamp>.jks. The keystore contains the private-public key pair and the self-signed certificate. The server.xml file name is server_<timestamp></timestamp>.xml.

The password is used for both storepass and keypass. Storepass protects the JKS file. Keypass protects the private key. You enter these passwords to restore the certificate.

The password string looks like the below:
keystorePass=WjCUZx7kmX$qA1u1

 

To restore the server certificate

1. Log on to the Console, and then click Admin.
2. In the Admin pane, under Tasks, click Servers.
3. Under View Servers, expand Local Site, and then click the computer name that identifies the local site.
4. Under Tasks, click Manage Server Certificate.
5. In the "Welcome" panel, click Next.
6. In the Manage Server Certificate panel, check Update the Server Certificate and click Next.
7. Under "Select the type of certificate to import", check JKS keystore and click Next.
   Note: If you have implemented one of the other certificate types, select that type.
    
8. In the "JKS Keystore" panel, click Browse, locate and select your backed up as "keystore_<timestamp></timestamp>.jks" keystore file, and then click OK.
9. Open your disaster recovery text file and then select and copy the keystore password.
10. Activate the "JKS Keystore" dialog box and then paste the keystore password into the "Keystore" and "Key" boxes. 
    Note: The only supported paste mechanism is Ctrl + V.
     
11. Click Next.
    Note: If you get an error message that says you have an invalid keystore file, it is likely you entered invalid passwords. Retry the password copy and paste process as described above.
    
     
12. In the "Complete" panel, click Finish.
13. Log off of the Console.
14. Click Start> Settings> Control Panel> Administrative Tools> Services.
15. In the "Services" window, right-click Symantec Endpoint Protection Manager and click Stop.
    Note: Do not close the Services window until you are finished with disaster recovery and establish client communications.
     
16. Right-click Symantec Endpoint Protection Manager and click Start.
    Note: By stopping and starting Symantec Endpoint Protection Manager, you fully restore the certificate.
17.  

Thankyou!!!!! That seems to have done the trick. I'm getting green dots on both server and client. Client is showing proper server in 'troubleshooting' and server is showing proper definitions for this machine. I'm going to try the syslink replacer on the rest now. Thanks again!!

Just a quick update - syslink replacer has finished and all looks fine. Not obvious from the above but the keystore.jks file I used was found in the c:\program files\symantec\symantec endpoint protection manager\server private key backup folder - apparently it makes a new backup every time you instal SEPM. Just incase anyone else has the same issue. Really appreciate the help.

Thanks for the replies - I tried the syslink replacer on one of my machines as a test (windows 7 pro) and did get some result. First of all the tool did not discover the SEP client so I had to run it again and skip this step. The tool finished and for an instant the green dot appeared on the client and then disappeared. Whenever you restart the client the green dot appears then disappears as well. The dot appears solid on SEPM. On the client in troubleshooting the server says 'Offline'. Communication is set to 'Pull' I have clients getting updates via symantec direct and this client shows a recent definitions file but the SEPM is showing that it can see 1 client with a definition file from a month ago. I've attached a SylinkMonitor file from the client. I'd like to get this one working ok before letting the replacer loose on the rest.

Thank you for the Tip Gusto!