Endpoint Protection

Hi,

At SEPM

1. Under policies tab > Managment server list we have defined servers (say server1, server2 etc).

2. Under clients tab > Policies > Communication settings we have set priorities. i.e Under

           priority 1 : Clients/GUPs should take update from server1

           priority 2 : In case server1 goes down, clients/GUPs should automatically take update from server2

 

Now, suppose while taking update from server1 if network link is flapping (i.e. network going ON/OFF) then whether clients/GUP to server1 & server2 download data will happen "together" till desired content gets build up at GUP/clients end?

Need clarification from technical & network poin of view.

Issue has come up as it is observed that GUP is downloading data both from server1 & server2 together for a time span of say 1hr.

I need to understand whether it is due to network issue or due to any application anomaly. We are running 12.1.5 versions.

 

 

Together as in at the same time or if server 1 goes down it starts with server 2 then goes back to server 1 when it is available again?

Together means I'm analyzing report for last 1hr timespan from network analyzer tool whereby it is found that in last say 1hr download traffic has happened both from server1 & server2 to GUPs.

If server 1 goes offline, it will pull from 2. Once server 1 comes back, then everything back to 1. Not sure how it can download from srever1 if it is offline.

Hi,

I think there is some misunderstanding, Under clients tab > Policies > Communication settings there isn't any option to set priorities, only you can assign management server list.

About failover, there isn't any option to configure time out settings & I believe it works using IP topology, In general connection will fail when 5 pings are lost.

I think this could be GUP related issue, In the SEP 12.1 RU6 there is one fix related to GUP.

GUP fails to retrieve content from SEPM with error: “GUProxy - not enough memory”

Fix ID: 3652490

Symptom: The Symantec Endpoint Protection client cannot download the full definition contents (full.zip) when multiple concurrent full.zip downloads are in progress from the Group Update Provider.

Solution: Added support for multiple concurrent full.zip content downloads from the Group Update Provider.

If issue has with only GUP machines, I would recommend to upgrade 1-2 machines to the latest SEP 12.1 RU6 MP1a version.

Thanks Chetan for you reply.

I got your point "About failover, there isn't any option to configure time out settings & I believe it works using IP topology, In general connection will fail when 5 pings are lost." That's the internal working principle which I'm looking for that governs switching principle from priority1 to priority2.

 

It there any prober/tool that can be installed in GUP which can tell me when this switch over has happened from priority1 to priority2 (i.e from SEPM1 server to SEMP2 server). This will help me do RCA in case the issue reoccurs in future. 

 

Pl. note : This issue of taking update from both SEPM1&2 server is not happening on regular basis. It has happened for one day. I'll also upgrade the GUPs to RU6 version.

The SEP Content Distribution Monitor helps monitor GUP health and status as well as general content deployment.

Check this one: Endpoint Protection Content Distribution Monitor tool for Group Update Providers

http://www.symantec.com/docs/TECH156558

OR

Need to enable Sylink debug on GUP machines to capture logs.

http://www.symantec.com/docs/TECH104758