Endpoint Protection

I have lately installed a new SEPM on my workstation. At the beginning the installation looks ok, but something does not work as normal. I followed the description (Solution 3).

Install new SEPM .Use one of the following method to connect the selected clients to connect new SEPM How to point Symantec Endpoint Protection(SEP) clients to a new Symantec Endpoint Protection Manager after you have either uninstalled, are going to decommission or replace the Existing Primary Symantec Endpoint Protection Manager (SEPM)

If I move a new jdb file to the incomming directory, the updates are downloaded to the client, but according to the SEPM console window the updates are not propogated to the client. The icon is a blue workstation (without a green icon).

Hope someone can give me some hints

Rgds
Geir

Do this test first .Is it ok
Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager
Also can you tell us why you reinstalled old SEPM?

If the Icon is Blue that means clients are not communicating with the SEPM Console. Do you see Green dot on the Workstation Symantec Shield?

You can refer to the following article to troubleshoot

Title: 'Troubleshooting Client Communication with SEPM'
Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009082701244448?Open&seg=ent

but, according to SEPM console windows - the updates are not propogated to the client. If I logg into the client, the definitions is updated.

I have not reinstalled old SEPM

If it is passing above test do as follows
In the console, click Clients.

Under View Clients, select the group in which you want the client to appear.

Right-click the group, and then click Export Communication Settings.

In the Export Communication Settings for group name dialog box, click Browse.

In the Select Export File dialog box, locate the folder to where you want to export the .xml file, and then click OK.

In the Export Communication Settings for group name dialog box, select one of the following options:

To apply the policies from the group from which the computer is a member, click Computer Mode.

To apply the policies from the group from which the user is a member, click User Mode.

Click Export.

If the file name already exists, click OK to overwrite it or Cancel to save the file with a new file name.
Rename this file to sylink.xml (You have to specially take care about extensions many will not take care the show/hide extension option in the folder option and as a result file name will be sylink.xml.xml :))

In th client PC
1. Click Start
2. Click Run
3. Type: smc -stop ( this will stop the Symantec Management Client service)
4. Navigate to: C:\Program Files\Symantec\Symantec Endpoint Protection on the SEP client
5. Replace the new Sylink.xml with the original one in the C:\Program Files\Symantec\Symantec Endpoint Protection folder.Also remove the old sylink file backups
6. Click Start
7. Click Run
8. Type: smc -start to start the service

Are you getting green dot on the clients?

According to the test, the communication is OK, but the icon is blue, without a green dot.

Restart the client computer once and try..

At some proposal mentioned above I did following:

Right-click the group, and then click Export Communication Settings.
Comments: the Export Communication Settings is missing.

More comments:
At the beginning/after a reboot the icon is blue with a green dot inside. But after a while the icon is blue.
The client + SEPM console is identical/same computer. The plan is of course to implement more clients in future.  

Try solution 1 in any one pc and see the result..

05:48:45 127.0.0.1 - - 500
05:48:45 127.0.0.1 - - 500

Disable firewall in both client and in server and try..Do you tried solution 1?

Looks like a bug. Everyting seems to work except updates in SEPM console window. I can remember it was a simular problem in January. I installed  a hotfix on the server, and the problem  disappeared. I cannot find the hotfix. Hope someone can send it to me

Create package from new server.extract it ,take the sylink.xml and serdef.dat from it replace in the client.(Before doing this remove old files along with it's backup files.)

Not sure howto create a package from a new server. Myabe it's more easy to install the hotfix, which was released in January?
Rgds
Geir

What was the problem you faced at that time?

For creating installation package
Open Symantec Endpoint Protection Manager console
Click the Admin Tab on the left
Under "Client Install Package" right click the package of your choice
Click Export
Click Browse and choose the folder where the EXE file should be placed
Uncheck create single exe
Click OK
Note: You can leave all other items as the default or choose the options you would like.
Click OK

SEPM console windows does not update the client definitions file. The date was unchanged, only revision number changed, but I cannot remeber the staus on the client (blue or green icon)

Now your actual problem is no green dot means client and server not communicating.That is why it is not able to receive the updates.Can you try by replacing those two filed in the client(In C:\Program Files\Symantec\Symantec Endpoint Protection folder)

Did you tried replacing the sylink file on any one of the Workstation?

Below is another link for troubleshooting Content Delivery

Title: 'Troubleshooting Content Delivery to the Symantec Endpoint Protection client'
Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008092511045348?Open&seg=ent

the sylink file is not replaced even after you placed the new package
secars test will be always OK because its just to check IE is able to communicate with the Secars virutal directory of IIS of your SEPM
manually replace a sylink file and check for green dot. u should get it.
use this tool to replace on all the clients if it works on one client.
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/52d862c54842f5b68825733d005ce48e?OpenDocument



https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Why did you install MANAGER to a workstation and not a server? SEPMANAGER takes a lot of horsepower and memory, and needs multiple connections to it. It runs IIS - a web server.

I can see running the CONSOLE from a workstation, that's what I do. I don't usually run the console from a server as we try to avoid running applications from servers, but theSEPM is the endpoint MANAGER, and is a server piece, and as such, should be installed on a server and not a workstation OS.
Not sure the workstation will allow enough connections, or have enough power under stress.

I'd like to make sure we're clear on definitions and terms:
SEPM - is theendpoint MANAGER, it's a server application. It runs as a service on the server and does the real work.
CONSOLE is the web-based, or JAVA-based application that interfaces with the manager server.
CONSOLE is your window into the server, into the manager. IT's a human interface and allows you to change settings, control things. The computers communicate with the SEPM - the service and not the console. The console communicates with the server service, SEMSVC, running on the server.
The clients communicate with the service - IIS is the backbone or heart of this.

In any case, check to be sure that the WINDOWS FIREWALL isn't running. I had a case yesterday where a server restart caused the Windows firewall to re-enable itself, and all of a sudden, you couldn't communicate with the server - clients all moved to the other server.

I want to test/verify  new updates before distributing the  updates to all servers/and workstations.  This is a solution that work, and it's running locally on my workstation .