Hi

For some reason SEPM has stopped sending email notifications.

The SEP service account is account is not locked out and it is not a relay issue. Can I please get some help on how to troubleshoot this issue.

Thank you

The easiest first step is to ensure nothing has changed to prevent the SEPM from using your configured mail server.

So log into the SEPM Console -> ADMIN -> Servers -> Highlight the SEPM and hit "Edit Server properties" and review the Email Settings.  Using these details, try to telnet from the SEPM to the Mail Server on the identified port and see what happens.  Follow the below article for SMTP test commands:

http://support.microsoft.com/kb/323350

If these work, then I'd suggest looking through the logs, both on the SEPM itself and on your mail server.  The below article says the SEPM itself will report an error if it is an authentication issue:

http://www.symantec.com/docs/TECH93803

Are you getting "Email Sending Failed" entries in the SEPM log?

Hello,

What version of SEPM 12.1 are you running?

As a test would you mind going back into the Mail Server tab in the Server Properties in the SEPM and for the "User Name" entry I want you to put in the email address that the emails are supposed to be sent to. Leave the password field blank.

A quick way to send out a Notification would be to create an notification condition for "Authentication Failure".

1. Change Occurrences to 1

2. Add email address to sent out to

3. Log out then enter incorrect credentials on the SPAM notification will now be generated, check for email sent.

Also, check this Article:

Scheduled emails aren't sent from the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH103713

Email notifications fail to send from the Symantec Endpoint Protection Manager (SEPM) console

http://www.symantec.com/docs/TECH93803

Let me know if that works out.

Hope that helps!

What happens when you send a test email? Does it fail? Error message given?

HI,

How to test the e-mail notification feature in the Symantec Endpoint Protection Manager Console.

Check this thread

https://www-secure.symantec.com/connect/forums/sepm-not-sending-email-notifications

Yes I am getting those error messages on SEPM logs and I have tested SMTP following the commands on the document provided. and the test email went through.

Yes I get an error message

"Failed so send test email. Please check the following"

1.Email server settings

2.System administrator email address(my email address)

I have sent my self(administrator) a test email from the exchange server and it came though to my mailbox.

Thank you

HI,

You have check your ip address add or not in Exchange SMTP application relay.

Also Check SMTP port 80 not be blocked in firewall

Hi

I've done what you have suggested and also created the  "Authentication Failure" alert and it never came through to my mailbox. When I look on the SEP logs I get the Email Failure error message again.

Hi

port 25 is not blocked, but I couldn't telnet to port 80.

Thank you

Hi Asish,

I have followed the instruction provided on that link , and It still fails

Hi Mithun,

it's version 12.1.1101.401

In that case, can you see what the SMTP logs on your mail server report for the SEPM's send attempts?

#EDIT#
It's also worth noting that the steps described in the MS article I linked, do not show you how to authenticate to your mail server.  This means (if these worked) that the SMTP test completed as an anonymous user.  Therefore, have you tried removing any "Mail Server" credentials you have configured in the SEPM's options?

HI,

Do you have check Ip address available in Exchange SMTP application relay ?

Do you have changes services account passwrd ?

as per logs problem are LDAP authentication failed try to use testing purpoe different ID.

Hi,

I tried what you have suggested and removed the Credentials, pushed the Send Test Email button and test email alert  went through.

What does this mean, did SEP use my logon credentials to send that test email as SEP is intergrated with AD, if so how will SEP know which credentials to used if im not logged on the server??

Thank you

Hi Ashish,

I have checked and it is configured for relay.

It could be the password, because when I removed the service account it and the credentials. The test email went through.

Now I need to know which account or how did SEP know which credentials to use for authentication and what will happen when I'm not logged on to the server.

Hi,

You can put for testing purpose you AD account and check it's working or not ?

This means the SEPM sent the email anonymously, without passing the mail server any credentials, the same way you did via the telnet session.

It should just work now that the creds are removed, it is not dependent upon the currently logged in user (these aren't used in a SMTP session).  Create a scheduled report and test it.

Oh, if you could mark any posts you found useful with a "Thumbs Up" or as the Solution it'd be much appreciated 

I just did that and it seems to be working, i'll have to monitor it till tomorrow and see if  i willrecieve the notifications from SEP.