Endpoint Protection

 View Only
Expand all | Collapse all

migrated to 12.1 ru2

Migration User

Migration UserNov 21, 2012 12:27 AM

Migration User

Migration UserNov 21, 2012 07:00 AM

Rafeeq

RafeeqNov 21, 2012 09:58 AM

Migration User

Migration UserNov 25, 2012 08:09 PM

  • 1.  migrated to 12.1 ru2

    Posted Nov 20, 2012 08:08 AM

    Hi there,

     

    I just recently migrated to the new version of SEPM 12.1 ru2, migration went fine no problems at all.
    However right now all my clients went offline, first they all were online..

    Anyone has an idea what this could be?

     

    LEVD



  • 2.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 08:31 AM

    Do you see the green dot on the icon? Can you right click the SEP icon in the task tray and "Update Policy"?



  • 3.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 08:44 AM

    i saw a green dot icon :) now all clients are 'offline' according to the manager and all green dots disappeared.

    update policy is not helping on a client.

     

    LEVD



  • 4.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 08:51 AM

    I read about cloning issues however not all my clients are cloned and they are offline also.

    Also im using sid changer in Ghost to change the unique identifier.



  • 5.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 09:34 AM

    any ideas?

    Server can connect to DB
    Client responds ok to hello secars
    Client log show nothing only update policy, and later cant connect to management server



  • 6.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 09:45 AM

    It sounds like they are trying to point to a different server? Did you build a new server?



  • 7.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 09:48 AM

    No, no new server, same servers, migrated to the new version. (failover)



  • 8.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 09:54 AM

    So when you open the client GUI and go to help >> Troubleshooting, what does it show under server? Offline?



  • 9.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 09:58 AM

    yes offline, yesterday i migrated all was ok.



  • 10.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 10:04 AM

    Can you run the SEP Support Tool on one of the affected clients to see what it shows?

    Do you use a proxy in your environment? If so try this:

    Open regedit. Go to:

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    If there's an item called GlobalUserOffline, delete it and do an smc -stop and smc -start from the Run prompt



  • 11.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 10:12 AM

    no i dont use a proxy server.
    There is not GlobalUserOffline entry in there.

     



  • 12.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 10:14 AM

    Did you push a client package from the server to upgrade clients? It wasn't an unmanaged package, correct?

    Run the support tool to see what it shows.



  • 13.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 10:17 AM

    no, i did not updated clients yet, i made a new group to update 2 clients to test, i copied in 2 clients.

    After that i looked liked all went offline..

     

    How to run the support tool?



  • 14.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 10:53 AM

    running the support tool, some errors, one about secars can't communicate to my sepm consoles port 80 http code 503



  • 15.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 11:18 AM

    can you check if there are any ip restrictions in your IIS

    you can log in to sepm?



  • 16.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 11:21 AM

    yes no problem, maybe the migration changed ports clients connect to?



  • 17.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 11:37 AM

    you can check that. on one of the clients, open sylink and check for port number or you can post the sylink.xml file here,

    open the file in wordpad and paste the first half contents.



  • 18.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 11:38 AM

    I think its a problem with my ports.

    IIS is running on port 80, sepm port settings are greyt out at http port 8014 and https 443

    this is part of my server.xml from the tomcat folder:

     

    <Server port="8765" shutdown="13C5A7580A68052600A969E49893FA99">
    - <Service name="SCM">
      <Executor minSpareThreads="5" name="SEPMThreadPool" />
      <Connector acceptCount="100" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false"executor="SEPMThreadPool" maxProcessors="75" minProcessors="5" port="9090" redirectPort="443" useBodyEncodingForURI="true"useURIValidationHack="false" />
      <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" debug="0" disableUploadTimeout="true"enableLookups="false" keystoreFile="C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks"keystorePass="NukOQf3kIVKe3rve" maxProcessors="75" minProcessors="5" port="8443" scheme="https" secure="true" sslProtocol="TLS"useBodyEncodingForURI="true" useURIValidationHack="false" />
    - <Engine defaultHost="localhost" name="Catalina">
    - <Host appBase="webapps" autoDeploy="false" debug="0" liveDeploy="false" name="localhost" unpackWARs="true">
    - <Context crossContext="true" debug="0" docBase="ajaxswing" path="/console" reloadable="false">
      <Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_ajaxswing_log." suffix=".txt" timestamp="true" />
      </Context>
    - <Context crossContext="true" debug="0" docBase="/portal.war" path="/portal" reloadable="false">
      <Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_portal_log." suffix=".txt" timestamp="true" />
      </Context>
      </Host>
      <Realm className="org.apache.catalina.realm.LockOutRealm" />
      </Engine>
      <Connector SSLEnabled="true" acceptCount="100" clientAuth="want" debug="0" disableUploadTimeout="true" enableLookups="false"keystoreFile="C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks"keystorePass="NukOQf3kIVKe3rve" maxProcessors="75" minProcessors="5" port="8444" scheme="https" secure="true"sslImplementationName="com.sygate.scm.pool.customssl.CustomSSLImplementation" sslProtocol="TLS" useBodyEncodingForURI="true"useURIValidationHack="false" />
      </Service>
    - <!--

     



  • 19.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 12:22 PM

    this should be using port 80

    check if port 80 is used by any other  application, check windows firewall.

    click on start

    run

    smc -stop

    smc -start ( when you start , do u find dot just for few mins and then disappear). This might happen if client has different cert.

    whats the outupt of this cmd?

    http://www.symantec.com/business/support/index?page=content&id=TECH102682

     



  • 20.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 12:23 PM

    Guess i fixed it, i think i forgot to edit the default communication port during migration, standard is 8014. My iis Symantec Webserver is configured on port 80, during migration the altered settings in the past are not changed but left on port 80.
    I changed the communication port in SEPM to 80, clients tryed to communicate on port 80, SEPM was 8014 default.

    Clients seem to be slowly coming back to my console.

    I think is what happened.

    Thanks all.

    LEVD

    PS: i cant find any port settings in sylink.xml or is this me?



  • 21.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 12:30 PM

    Rafeeq can you read my solution and let me know if this could be the problem. Clients are communicating again,.



  • 22.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 12:32 PM

    Yes, will communicate on 8014 unless otherwise changed. Sounds like once you set back to port you were using its now working



  • 23.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 12:37 PM

    if no port is listed in sylink that means its using port 80

    when you upgrade it asks you do u want to use default or custom

    if your 1st install is on port 8014 and during upgrade if you select default. It will change the port to 80. I think thats what went wrong.



  • 24.  RE: migrated to 12.1 ru2

    Posted Nov 20, 2012 02:32 PM

    Well guys thanks all for your help.

     

    LEVD



  • 25.  RE: migrated to 12.1 ru2

    Posted Nov 21, 2012 12:27 AM

    Which one is the solution ?



  • 26.  RE: migrated to 12.1 ru2

    Posted Nov 21, 2012 04:46 AM

    the one i marked as a solution, i figured it out.

     

    LEVD



  • 27.  RE: migrated to 12.1 ru2

    Posted Nov 21, 2012 07:00 AM

    ah I thought so.. :-)



  • 28.  RE: migrated to 12.1 ru2

    Posted Nov 21, 2012 07:37 AM

    Brian,

    It seems like my issues are not all gone yet.
    Just working in the console now, and all my clients went offline again.. very strange.

    If i run support tools on a client it states error unable to connect to the remote server 80, im betting in a bit the clients will communicate again, but this behaviour is not normal is it.

     

    LEVD



  • 29.  RE: migrated to 12.1 ru2

    Posted Nov 21, 2012 08:59 AM

    It looks like i have SEPM isapi proxy errors in my server logs during failure of client connections.



  • 30.  RE: migrated to 12.1 ru2
    Best Answer

    Posted Nov 21, 2012 09:20 AM

    It seems i fixed it "again"..? maybe it was a different issue then yesterday i dont know about that.

    I followed this document: http://www.symantec.com/business/support/index?page=content&id=TECH161964 
    How to bypass the IIS Proxy to apache webserver, it seems like this was giving me issueswith disconnecting clients.

    Can someone shine a light on this ?



  • 31.  RE: migrated to 12.1 ru2

    Posted Nov 21, 2012 09:58 AM

    Exactly this could be the issue.



  • 32.  RE: migrated to 12.1 ru2

    Posted Nov 21, 2012 11:11 AM

    Also maybe noteworthy.

    I migrated my old SEPM 11.0.7 with the following configuration:
    1 site, in this site 2 SEPM servers configured as fail-over.
    I noticed on my main SEPM server the iis bypass to apache, this i changed like described in the document: http://www.symantec.com/business/support/index?page=content&id=TECH161964

    I noticed on my fail-over SEPM server the migration just deleted my IIS symantec webserver, only running on apache i guess.

    Well i hope the changes in the SEPM communication ports and the changes in IIS bypass to apache solved my issue and keeps it solved :)

    LEVD



  • 33.  RE: migrated to 12.1 ru2

    Posted Nov 25, 2012 08:09 PM

    thanks fpr sharing the solution here !