Endpoint Protection

 View Only
Back to Library

Usage of Proxy Settings in SEP 11.x Client Communication 

Mar 06, 2011 11:24 PM

 

Overview

When SEP first starts, it attempts to connect to SEPM without using a proxy. Regardless of the proxy setting the client always attempt to connect without a proxy first. If the client is unable to connect to any servers in its management server list, it will rotate its proxy settings at the end of the heartbeat. The next heartbeat will be attempted with proxy settings (if available). Once SEP is able to connect, it will not change its proxy settings until it is restarted. You could say it ‘locks’ the setting once it connects. This means that if the client connects without proxy, it will never connect via the proxy until it is restarted. If the client connects though the proxy, it will never connect directly to SEPM until it is restarted. Whichever one works first, that is the one the client will always use.

The Three Proxy Settings

Sylink has 3 proxy settings. They are settings 1, 2 and 3.

  1. Proxy setting 1 mean no proxy. This is the first setting that is tried.
  2. Proxy settings 2 and 3 both use the proxy. There is a difference in the way the proxy settings are called, but functionally it is very much the same. When the client first starts, it will try to use each proxy setting in turn, starting with setting one, down to setting 3. After that it starts again from setting 1 again.

Sylink Logs

Log entries are created in the Sylink Log when the client sets the proxy settings. Here are some example of the Sylink Log entries.

There logs appear when the client first starts, before the first heartbeat.

06/02 10:51:34 [4260] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

06/02 10:51:34 [4260] <Start>Unable to create Session with 'No Proxies' settings - Error Code: 87

 

In the above log example, no proxy was set, so no proxy settings were detected at startup.

 

This next sample is taken from a system that does have a proxy set. This is a sample from the end of a failed heartbeat. Here you can see that 'proxy setting 1' failed to connect, so the client is going to try 'proxy setting 2' on the next heartbeat.

 

06/28 11:47:30 [1292] <RegHeartbeatProc>Done, Heartbeat=32seconds

06/28 11:47:30 [1292] HeartbeatProcFailed to get profile with proxy setting 1

06/28 11:47:30 [1292] HeartbeatProcWill now use proxy setting 2

06/28 11:47:30 [1292] <CheckHeartbeatTimer>====== Heartbeat loop stops at 11:47:30 ======

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Mar 30, 2011 05:32 AM

@_Swami_ :: SEP uses the SYSTEM account's proxy settings (HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings not HKLM)... I would have preferred it to use the winhttp local machine Proxy settings

The SYSTEM account is an "user account" and should not be preferred over HKLM.*

All our other systems are using WinHTTP local machine Proxy settings are not giving us problems

Also see https://www-secure.symantec.com/connect/ideas/sepm-policy-configure-client-proxy-details

"... as this does not allow for firewall/proxy exceptions ..."

*My opinion

Migration User
Mar 21, 2011 04:52 PM

Another question I have is how this is affected by or affects the SYSTEM account proxy settings?

See http://www.symantec.com/docs/TECH104926 for an example of my problem. With my user credentials I could connect to the GUP & download the deltas. The SYSTEM account that runs everything couldn't.

I guess I'll have to go review my 33MB Sylink log file for these proxy entries.

Migration User
Mar 20, 2011 05:00 PM

Thanks for sharing, but i was reasding some where that  Proxy Server: Error Code: 87 means a proxy in the system account. Can you pl help me to understand this.

Related Entries and Links

No Related Resource entered.