Endpoint Protection

 View Only
  • 1.  Server

    Posted Dec 20, 2009 07:18 PM
    Hi all,

    I am running a small scale pilot at the moment with SEP 11 RU5.    I have 2 x SEPM on virtual 2003sp2 64bit servers connecting to an external SQL database.  I have one GUP configured in the test group.

    So far I have been experiencing issues with slow updates on clients.  Updates seem to arrive eventually but they can take days instead of minutes.   Heartbeat is at 10 minutes for testing purposes.  Client - Server communication seems to be fine. 

    I saw the health status:poor notification this morning for the first time.  I suspect that the failed uploads are the cause for the slow client updates I have been seeing.

    Please help me troubleshoot this server overload / upload failed issue, I am not even sure where to start. 

    Server resources should be OK.  Xeon 1.86Ghz, 4Gb RAM. 

    I have just noticed on one of the SEPM servers there is only 650Mb space left on the system drive (c:\)  Could this be related?  This space has been taken up by backup files which I am now moving to another partition.  I have had the clients being slow to update issue since I started, and the drive filled up yesterday, so I think maybe not.

    Let me know if there is any more info that I can provide

    Cheers



  • 2.  RE: Server

    Posted Dec 20, 2009 09:47 PM
    Hi,

    I think the disk space could be the reason behind the symptoms you have mentioned. In addition to that, you can check if the agentinfo [ C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo ] folder contains a lot of .dat files.  If it does, then delete all those files.

    Free 1 gb more, and give it at least an hour or so.

    Let us know if that helps.


    Aniket


  • 3.  RE: Server

    Posted Dec 20, 2009 10:29 PM
    I moved the data folder and now there is about 10gig free.

    I have also followed the instructions in this knowledge base article just in case I had an issue with one of my updates. 

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6bb634da2a1d717b8025742c004ee9d2?OpenDocument

    Since performing the steps described in that article my liveupdate from the SEPM seems to be failing also.  I have rebooted both SEPM servers after following those steps.

    I see errors saying <date and time> The file is not found [Site: <sitename>] [Server: <servername>] in the console log window.  I seem to be getting one of errors exactly once per minute.

    No change in the behaviour of the clients.  I can confirm they do get policy updates, but their definition files still update sporadically.  Some updated today, some yesterday, some not for three days. 

    When receiving a new policy clients do not get the new definitions. 


  • 4.  RE: Server

    Posted Dec 20, 2009 10:34 PM
    Hi,

    Were you able to locate which sub-folder under data was taking most of the disk space

    Aniket


  • 5.  RE: Server

    Posted Dec 20, 2009 11:48 PM
    Lots in the content and backup folders.

    I have just finished reinstalling the SEPM on a different partition as I need to keep a lot of content revisions and the normal application installation partition doesn't have the required space.

    I will let you know if I find out anything else relevant to this issue, although I fear I won't ever find the answer now that Symantec tech support has had me delete the database and start from scratch.



  • 6.  RE: Server

    Posted Dec 21, 2009 05:59 AM
    Did you deleted all the registry entires and the folders?
    Anything you left out?(Unable to find a folder or registry which is mentioned in that link.)