Endpoint Protection

 View Only
  • 1.  Server showing offline to client

    Posted Mar 05, 2009 12:32 PM

    long story short, the SEPM server needed replaced and now that i'm trying to replace the Sylink to get the clients reporting in SylinkMonitor shows the following:

     

    Signature verification FAILED for Index File Content

     

    the Google shows a symantec article saying to delete the entry and let it add itself back on the heartbeat, this works. However, it is a one time sync, after that the above message returns.  I just generated a fresh Sylink from the server, copied it to my workstation and replaced it and still getting the same error.

     

    Any ideas?



  • 2.  RE: Server showing offline to client

    Posted Mar 05, 2009 01:48 PM

    Bslayer,

    If I understand correctly, you basically rebuilt a new server.

    If this is the case, what you need to do is simple and complicated at the same time.  Your clients have a Sylink.xml file on them, that indicates the server signature and encryoted key for communications.

    If you have generated a new Sylnk.xml file from the server, compare the new one to a client that is having difficulties.  Open up both XML files and look at "ServerCertList" and "Certificate Name" for the client and the new Sylink.xml generated.

    There will most likely be a difference.  To correct this, on a small network:

    - Use the SylinkDrop tool provided on CD3 (I know they say CD2, but from the E-download, its 3) and use the tool to replace the Sylink file on the clients.

    If you have a large network, where doing the above is not feasible, your best bet would be to redeploy on top of your existing deployment.  Equally a pain, but it will update all your clients should return to communicating with the server in an efficient manner.

    *Since Admins are reviewing posts for points, where is the "I want e-mail notification from replies option?? & how do I make this line my official signature now, so that it will be in all my posts until it is returned?*



  • 3.  RE: Server showing offline to client

    Posted Mar 05, 2009 01:56 PM

    You are correct, the server was rebuilt due to problems, but as mentioned originally  I just generated a fresh Sylink from the server, copied it to my workstation and replaced it and still getting the same error.  I have compared the files and they are identical.

     

    replacement was completely first by using Sylinkdrop then alternatively by using the smc -stop, copy file, smc -start option.

     

    the server was rebuilt last week and I thought I had it working, i'm not 50% through replacing with the new Sylink files (Sylink files used Monday and Tues are identical to the freshly generated one this morning) but they will only report in once, after that they report offline and offer no updated information to the management server (Definitions, free space etc).



  • 4.  RE: Server showing offline to client

    Posted Mar 05, 2009 02:01 PM

    Interesting.  Is it plausible or posssible to remove the client from a machine and redeploy the package directly from the server?

    Also, is there a mismatch in the versions?  I.E.  You reinstalled SEPM 11SP2 and the clients are on SP3?  Or something along those lines, where clients are on newer version of SEP than server...?



  • 5.  RE: Server showing offline to client

    Posted Mar 05, 2009 03:01 PM

    I had this after a rebuild.  I didn't follow the disaster recovery steps fully and had missed a vital part.

    I hadn't imported the server certificate and found that as soon as I had imported the server certificate from the back up, the clients all came online within minutes.



  • 6.  RE: Server showing offline to client

    Posted Mar 05, 2009 03:13 PM

    @Jason - I was in the process of upgrading all of the clients to MR4 at the time the server (then MR2) died, when i realized I couldn't restore the old certificate because i missed where they passphrase was stored I rebuilt using MR4 MP1

    our environment is about 400 computers and its a mix and match of MR2 through Mr4MP1, i'm at the 50% mark on replacing the Sylink from the new server and thought that was fixing it, but it wasnt.   I'll try uninstalling the agent completely, rebooting, and pushing from the server... but the installation package I tried for some other clients was a self-contained EXE generated by the server to include our policies etc.

     

    @JLP Tonight after hours I may be trying to replace the certificate with my backup from the original now that I found the passcode was in the server.xml and not something i had set...

     

    I'll update once I'm done with either.  The bizarre thing is that I have 1 client that DOES report in... the other 199 dont... the process is the same for all of them and her client is MR3...  I swear she finds brilliant ways of breaking things!



  • 7.  RE: Server showing offline to client

    Posted Mar 05, 2009 05:10 PM

    Well, installed direct from the server and its working, looking at the Sylink it is nearly identical except for the Certificate section... the strings are very very similar but not identical, so thats apparently where the problem is.

     

    so Why would a sylink generated by 'export communication settings' be different than the one used in the 'Find Unmanaged Computers' ??

    also, any suggestions on if there is an easy way to change the certificate from the server side to propogate out to the clients?  I'm betting its a no, but it would be nice to be able to have 2 certificates on the server for transitions