Endpoint Protection

Dear All

   I have a 500 of computer working with SEP but there is a problem.

Yesterday, SEPM Server had harddisk corrupt so I do rebuite new machine to run SEPM and restore database(older than 6 months ago) on that Server.

When SEPM and Database has on production, Client has connect to Server.--> endpoint client on console show green dot but on physical client has show status offline and no green dot.

I've try to run SylinkDrop on physical client but problem can't fixed.

Who have any idea to fix this problem please guide me.

Attachment(s)

sylinklog.zip   8 KB 1 version

Hi,

I hope you would have followed best practice guide for disaster recovery.

After restoring database have you restored keystore.jks file ?

http://www.symantec.com/business/support/index?page=content&id=TECH102333&locale=en_US

When you restored SEPM on new server, is that server having same hostname or IP ?

Check this -

https://www-secure.symantec.com/connect/forums/symantec-end-point-protection-manager#comment-5237011

Check the following document link.

http://www.symantec.com/business/support/index?page=content&id=TECH93740

If you neglected to restore the JKS certificate file and the keystore pass, that is why clients are not communicating correctly after restore of the database.

If this was the original server you had the SEPM installed to, or you still have access to the original SEPM install server, there may be a copy of the previous certificate and keystore pass that you can retrieve.

There may be multiple .jks files and server***.xml files located in the following directory:

Program Files\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup.

You would also need to recover the DomainID. This would be located within a sylink.xml from a client that was connecting to the previous SEPM install correctly.

Thanks you "Chetan Savade" and "Kurt G."

SEPM on new server is having same hostname and IP, unfortunately I didn't have keystore.jks and the original server can't recovery data.

Do you have any idea for fix this issue, please help.

Hi,

Sylink replacer is one of the available option.Export new Sylink.xml file from new SEPM.

https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

As you said earlier you tried Sylink drop but it didn't work. Is firewall turnoff on server ? If it's turn on then you will have to create port exception for 8014.

Suppose even after replacing sylink.xml file if client are not communicating then we will have to collect sylink log to check root cause of issue.

The log attached above is log after try sylink drop and firewall on Server is turn off.

Hi,

As per the logs "Signature verification FAILED for Index File Content "

Check this two articles

http://www.symantec.com/business/support/index?page=content&id=TECH102900&locale=en_US

http://www.symantec.com/business/support/index?page=content&id=TECH93740

What I would like to suggest you don't have .jks file so anyway you will have to run Sylink replacer.

You are using 6 month old database, if possible do it from scratch.

Reinstall SEPM with new database & run sylink replacer. 

If you have applied specific policies then take a backup of same.

SEPM should have right certificates to have communication with the clients.

 click on group

click on policies on the right hand side

then at the bottom select export communication settings; use this sylink on clients; should communicate

Thank you all of you, I'll try to get action by your suggestion.

I found the 1 solution.

I've wonder about the solution which post later --> use sylink drop to self-manage and then click "Help and support" & "Troubleshooting..." & click "Import..." under "Communication Settings" --> choose sylink.xml(local) --> that sulotion make endpoint connect to Server success(with green dot)

any one explain, why i use sylink drop --> green dot not show ; but when I click import by manual --> show green dot.

Due I've 500 client, Please help me find the solution that easy than manual click one by one client.

thank you

use the script to copy the file on the targetted systems.

May be the other sylink remote did not RUN.

You wont get option to import sylink if the client is Managed the option will be grayed out.

Only SELF managed clients will have that option enabled.

If Sylink remote was run properly, it would have connected.

Just compare the sylink files; may be it did not replace coz it never RAN :)

Thanks for your explanation, I've a few question, what the difference things between I click "Import" and "Sylink drop"???

I just use the same sylink.xml on "sylink drop" and "Import" :)

I just try script to copy the file on the targetted systems but Green dot still disappear.

but when I click "Import" by manual it can work properly(Green dot has shown)

when u run sylink; it checks the account permission?

did you get any such messages saying u r not member of domain admins , etc, etc

its does few things

stop service

replace sylink

restart service.

;either its not stoping the service , password protected? did u check that?

start run

type smc-stop ( does it ask for password)?

I run Sylink by account domain admin.

Service stop start in properly when ask for password I have enter the correct password.