Endpoint Protection

 View Only
Expand all | Collapse all

SEP 12.1 reporting client errors.

Migration User

Migration UserJul 29, 2011 12:03 PM

  • 1.  SEP 12.1 reporting client errors.

    Posted Jul 29, 2011 10:53 AM

    I have installed SEP 12.1 Manager and have been gradually rolling out the clients the past couple weeks. The clients are being upgraded from 11.0.6. I haven't had any issues until lately. Now I am getting reports of client errors and I will have some machines with 36 errors, 16 errors and so on. On several of these machines, I ran the latest Support Tool and the tool did not find any issues with the clients. No errors are being displayed on the actual machine either. 

    I am not sure what to else to do besides try to uninstall and reinstall the clients. But given the amount of clients that have the new version installed, this will take some time and not sure if this will fix the issue.

    The report is the a System Report of Top Clients That Generate Errors.

    Any ideas?



  • 2.  RE: SEP 12.1 reporting client errors.

    Posted Jul 29, 2011 12:03 PM

    What client errors you see??



  • 3.  RE: SEP 12.1 reporting client errors.

    Posted Aug 01, 2011 09:10 AM

    You want to go Monitors >> Logs >> set Log Type to System >> set Log Content to Client Activity

    Click Advanced Settings >> Set Severity to Error and Above

    Click View Log

    Scroll through and you will see the errors. You can tell which ones they are by looking at the Severity column. It will say Error and this is what this report is based off of.



  • 4.  RE: SEP 12.1 reporting client errors.

    Posted Aug 01, 2011 09:54 AM

    Thank you for the information.

    From viewing the logs every single entry is reporting "Downloaded new content update from the management server failed."

    The main status page on my management server is showing all the clients are up-to-date.

    Any ideas on how to fix this issue?



  • 5.  RE: SEP 12.1 reporting client errors.

    Posted Aug 01, 2011 10:35 AM

    clients are configured to use SEPM for updates or use internet?

    do you have replication ? 



  • 6.  RE: SEP 12.1 reporting client errors.

    Posted Aug 01, 2011 10:45 AM

    I have it set to use the SEPM and LiveUpdate. I have no replication.



  • 7.  RE: SEP 12.1 reporting client errors.

    Posted Aug 01, 2011 11:06 AM

    I think clients are not getting updates from SEPM, they are using internet for updates.

    can you uncheck internet and check if those are updating frm SEPM?



  • 8.  RE: SEP 12.1 reporting client errors.

    Posted Aug 01, 2011 12:41 PM

    Ok, I unchecked the option for Internet updating so now it is just using the SEPM. I will give this a run and see if the errors go away. Thanks for the information.



  • 9.  RE: SEP 12.1 reporting client errors.

    Posted Aug 01, 2011 02:59 PM

    Well after several hours my clients are still reporting the same error.



  • 10.  RE: SEP 12.1 reporting client errors.

    Posted Aug 03, 2011 09:04 AM

    I am still receiving the errors with the clients just updating from SEPM. I switched the clients this morning to update from LiveUpdate only and not SEPM. I will let you know if I am still receiving the errors.



  • 11.  RE: SEP 12.1 reporting client errors.

    Posted Aug 05, 2011 08:29 AM

    Well, trying just SEPM didn't work and then trying just LiveUpdate that didn't work either. I don't understand it, since both update sources didn't fix the issue.



  • 12.  RE: SEP 12.1 reporting client errors.

    Posted Aug 10, 2011 01:58 PM

    I created a case for this issue to figure out the problem and if there is a fix for it. 

    Case #: 415-120-366



  • 13.  RE: SEP 12.1 reporting client errors.

    Posted Aug 15, 2011 11:49 AM

    I'm having the exact same issues.  I've only deployed the new client to a couple groups of machines, but 75%+ are having this issue.  Some machines seem to have nothing but failure errors, while a few seem to have intermittent successes.  Running LiveUpdate manually seems to always work.  And it also seems (I'll need to do a few more tests to confirm this) that machines to which I have manually deployed the new client are having no issues.  I'll do a few more manual deployments and report findings here.

     

    E



  • 14.  RE: SEP 12.1 reporting client errors.

    Posted Aug 15, 2011 01:17 PM

    Hi,

    I had the same issue (or at least the same error message). What I saw is that SEPM server has 2 NICs, one in use and the other not configured.

    But windows assings it an IP address, which in fact, does not exists, and doesn't ping. So some clients tried to communicate to such IP and failed.

    So, I disabled the unused NIC, and that was it. 



  • 15.  RE: SEP 12.1 reporting client errors.

    Posted Aug 15, 2011 02:09 PM

    My SEPM is on a VM, so I don't have any unused NIC's, but I briefly had added a second NIC and put it in my DMZ to troublshoot another application running on the server.  Most addresses in the DMZ (including the one I had on the SEPM server) are not routeable by most devices on the regular network.  I have since removed the secondary NIC.  It's possible that the machines that are having errors had the DMZ address in their list of addresses that they can use to contact the SEPM.  I'll check the Sylink.xml file and see if it lists the DMZ address, and remove it if it does.



  • 16.  RE: SEP 12.1 reporting client errors.

    Posted Aug 22, 2011 09:51 AM

    The Symantec Tech and I are still working on this issue and there is nothing new to report about that.

    About your NIC solution, well sad to say it did not help my issue. I do have 2 NICs and I only use the one. So I disabled the unused NIC and nothing changed.



  • 17.  RE: SEP 12.1 reporting client errors.

    Posted Aug 22, 2011 11:44 AM

    Thanks for the update.  My situation hasn't changed much.  It seems that I'm getting fewer failure log entries, but they're still happening on most machines.  However, I found that the machines that I have manually pushed the new client to are not having the issue.  Unfortunately simply re-deploying the 12.1 client over an existing 12.1 install hasn't worked reliably.  I have had to uninstall the client and then manually re-deploy it to get it to work correctly on about half of the machines that I've updated (which is only a handful so far).  It's not an elegant solution, but it is working.  Fortunately I had only auto-updated about a dozen machines.  Beyond that I've beem manually updating everything else...slowly.  Thankfully I only have about 65 total machines to update.

    Best of luck.  I hope this info helps.

     

    E



  • 18.  RE: SEP 12.1 reporting client errors.

    Posted Aug 22, 2011 11:52 AM

    I've realized of that, because my "solution" worked fine for 2 days, but after then, again I have some machines that don't update. 

    And that's a huge problem for a product, that its security relays on updating. 

    I hope support finds the solution quickly, and if so, please, let us know what's the workaround. 

     

    regards



  • 19.  RE: SEP 12.1 reporting client errors.

    Posted Aug 22, 2011 12:01 PM

    I am attaching the report I receive that is showing the client errors. Specifically, I am not sure what the errors are. The report does not give any details.

    Also the communication setting is Push Mode from the management server.



  • 20.  RE: SEP 12.1 reporting client errors.

    Posted Aug 22, 2011 12:08 PM

    I just have a few clients showing up in the error listing and they have fewer errors than before. 

    One thing I did change in the Communication setting; originally set to Push Mode, but I changed it to Pull mode and set the interval to 15 minutes. This seems to help reduce the amount of errors but it doesn't fix the problem.

    I just can't believe we are the only ones with this issue. Hopefully it is fixed soon.



  • 21.  RE: SEP 12.1 reporting client errors.

    Posted Aug 23, 2011 10:22 AM

    We are experiencing the same issue. We would be very aggrevated if required to uninstall the client from each machine and push manually.



  • 22.  RE: SEP 12.1 reporting client errors.

    Posted Aug 23, 2011 11:47 AM

    On one hand, is good to know that it's not a unique problem, but on the other, I don't understand how such big product can be delivered with this huge problem. Moreover, there's no official response. 



  • 23.  RE: SEP 12.1 reporting client errors.

    Posted Aug 26, 2011 09:13 AM

    Well it has been over a week now and I have not heard back from my Support Tech. I have sent 2 emails asking what to do next. This service is very disappointing for something we are paying for and it puts my company in a bind with these errors and no response on how to fix it.



  • 24.  RE: SEP 12.1 reporting client errors.

    Posted Aug 26, 2011 12:13 PM

    Besides the support problem, what had worked for me was changing communication settings from push to pull mode. After that,

    all machines updates correctly everyday.



  • 25.  RE: SEP 12.1 reporting client errors.

    Posted Aug 26, 2011 12:38 PM

    A week back or so, I did change the communication setting from Push to Pull mode. From doing this, the client machines went from reporting 30 errors to 5 errors. So the amount of errors have reduced but it did not correct the problem as you were able to do.



  • 26.  RE: SEP 12.1 reporting client errors.

    Posted Aug 29, 2011 09:16 AM

    Over the weekend, I got a response back from my Support Tech. He suggested to run the repair (from the Control Panel > Add/Remove Programs interface) on the SEPM. He found errors where the SEPM was unable to communicate with a few group folders. 

    After running the repair and restarting the server, I have only 2 PC's that are reporting errors and the error count is below 5. Which was a huge improvement from 15+ machines reporting 20+ errors.

    My next step suggested is to run the SEP Support tool on those individual machines. Which I will do this week.

    It will be interesting to see over this next week if any of those other machines show back up in the error list. If they don't then I would consider that being my solution. I will keep everyone updated.

    Good luck to the others, I hope this helps.



  • 27.  RE: SEP 12.1 reporting client errors.

    Posted Aug 30, 2011 09:03 AM

    So just after 2 days with 2 PC's reporting a low number of errors as reported earlier, I received my client error listing this morning and I am back in the same boat. I have 10+ clients reporting 20+ errors. 

    It seemed "the fix" helped for a couple of days but then it went back to the same problem. 

    Hopefully, it works for others. I am back at square 1.



  • 28.  RE: SEP 12.1 reporting client errors.

    Posted Oct 06, 2011 11:54 AM

    For the past month, my support tech has been working with senior level technicians on this issue. As of right now there is no word on what is causing the problem.

    When I find anything out, I will post an update.



  • 29.  RE: SEP 12.1 reporting client errors.

    Posted Oct 10, 2011 11:57 AM

    thanks for continuing to keep this thread updated. We seem to be experiencing something similar. Some machines work okay, some aren't getting updates at all (with the same gramatically mangled error) but seem to update if we do something manual to kick it into gear. I'll be watching to see if you find a fix.



  • 30.  RE: SEP 12.1 reporting client errors.

    Posted Oct 20, 2011 03:37 PM

    This information was helpful for me, and I will be interested to see what they say the issue is (eventually). I am also experiencing this problem, I have SEP 12.1 (Both SBS and just Endpoint) deployed to probably 10 or 12 different customers, and every single one of them has issues with clients updating. No matter how many times I try to push out the content, certain clients will not update. And the same goes for if I get on the client machine and try to request an update from the management server. The only way I can get the defintions to update on the clients with these issues is to manually run liveupdate. And that is a pain when you are trying to manage many customers. Perhaps they will have another release or update for this soon.



  • 31.  RE: SEP 12.1 reporting client errors.

    Posted Oct 24, 2011 04:27 PM

    One thing my support tech had me try last week that helped reduce the amount of client errors was by changing this setting:

    "Please verify that the communication settings for each of the groups is set to Pull mode and to 30 minutes between heartbeats. If you are still seeing the log entries, increase the heartbeat interval to 45 minutes."

    Also another thing the support tech suggested; if I was receiving this error "Httpd.exe process utilizes 100% CPU", was to try this: http://www.symantec.com/docs/TECH166347

    I hope this helps.



  • 32.  RE: SEP 12.1 reporting client errors.

    Posted Oct 24, 2011 04:46 PM

    Thanks for the confirmation. I'd opened a ticket with tech support last week, and the same thing seemed to work for us, too: switching from Push to Pull mode.

    Tech support emphasized that Pull is the "recommended best practice" and also a much lesser network hit, but glossed over why things start out with Push for some reason.



  • 33.  RE: SEP 12.1 reporting client errors.

    Posted Jan 11, 2012 04:48 PM

    Hi,

    I know this is months later, but this is the most informative thread I've found on this subject. We recently updated from 12.0 to 12.1 and we are having the exact issues that have been listed here.

    Was the true resolution ever found? Also, I'm not sure if Small Business Edition is different, but where the heck are the push/pull settings?

    Any information would be appreciated. This is a real pain.

     

    Thanks,

    Tg



  • 34.  RE: SEP 12.1 reporting client errors.

    Posted Jan 11, 2012 05:01 PM

    I can only speak for the enterprise SEP, but I go to the clients tab on the left, then I have to pick the right folder in the next column, and then hit the Policies tab in the right section. There's a block of settings on the right, with a Communications Settings item. Click that, and in the pop-up window there's radio buttons for the Download options for Push and Pull.

    Note that if you've got an organization big enough to have multiple different policies, you may have to adjust each one individually.

    This did solve the problem for us.



  • 35.  RE: SEP 12.1 reporting client errors.

    Posted Jan 11, 2012 05:10 PM

    Unfortunately, in Small Business edition there is no Communications Settings listed there. Also, FWIW in SBE, the Clients tab is called Computers. I hate when companies do things like this. bleh. If I export the settings to xml, it definitely lists PUSH, so I'm thinking I'm in your boat, maybe without a paddle...

    Thanks for the help. If anybody catches this post and knows of a workaround way to adjust communication settings in SBE, please post.

    Thanks,

    Tg



  • 36.  RE: SEP 12.1 reporting client errors.

    Posted Jan 12, 2012 09:02 AM

    I know it has been a long time since I posted an update but in short, I am still having client errors.

    I am still working with the senior level engineers and a month ago they had me run App-Critical, software that analyzes the SEP connection to the SEPM. Basically checking for errors on the network connection. This report shown that there were connection issues from a mixed duplex connection. Some clients at half-duplex and others on full-duplex, either 10 or 100. We thought this was the issue and would fix my problem. Well after checking further with our network setup, 5% of the clients are on half-duplex, while the remaining 95% are on full-duplex which is where our SEPM is located. The clients that are seeing the issues are the same duplex as the Manager, so the duplex issue is not the problem. 

    Our network hasn't changed from when we upgraded our SEPM from 11.0.6 to 12.1. After the upgrade we started getting reports of these client errors. We checked the logs of our networking equipment and it is not reporting any issues on the network and we don't have any issues connecting to our other servers. What I don't understand is that SEPM is reporting these errors with our clients but our clients are up to date. 

    I will try to keep posting information as we find it.



  • 37.  RE: SEP 12.1 reporting client errors.

    Posted Jan 25, 2012 01:02 PM

    Any update on this?  I'm having the same issue.  In the logs on the client it says downloading the new content update from the management server failed and gives the path.  It doesn't say why...  When I got the path manually, I can get there and download the zip file, no problem.

    I can see the communication settings, but what do I change them too?  Shouldn't the push work?



  • 38.  RE: SEP 12.1 reporting client errors.

    Posted Jan 25, 2012 01:14 PM

    Early in this case, it was suggested by a Symantec tech to switch from Push mode to Pull mode. Also set your interval settings to either 30 or 45 minutes. This may help you.



  • 39.  RE: SEP 12.1 reporting client errors.

    Posted Jan 25, 2012 02:57 PM

    Check the Tamper Protection logs on the client. We had a similar problem and found out that an application called Trusteer Rapport was attempting to shutdown SEP whenever IE was started. IE crashed as a result, which was what our customer reported.

    But our SEP client was experiencing the same problems - not being able to update definitions. Probably because Rapport was crashing the update.



  • 40.  RE: SEP 12.1 reporting client errors.

    Posted Jan 25, 2012 03:09 PM

    One my clients required to have that Trusteer Rapport program installed. Just as you said, IE keep crashing. The only fix I found was to install SEP with Virus and Spyware Protection only. This was seperate from my client error issue.

    I am going to look into my other clients with the tamper protection logs and see if there is something causing an issue. Thanks for the information.



  • 41.  RE: SEP 12.1 reporting client errors.

    Posted Jan 25, 2012 03:11 PM

    I went ahead and switch from push to pull and set it at 30 minutes.  I do not see anything the Tamper logs...  

    On one of the clients that is having the issue, I just restarted it and it downloaded the new defs no problem and installed them.

    Hopefully all my clients will update now...  Will report back in a few...



  • 42.  RE: SEP 12.1 reporting client errors.

    Posted Feb 14, 2012 12:08 PM

    Did you have any luck? I am still waiting for my lastest network analysis. 



  • 43.  RE: SEP 12.1 reporting client errors.

    Posted Apr 03, 2012 03:12 PM

    My Symantec Tech just got in touch with me and said they are still working on this issue. I have since upgraded to 12.1 RU1 and still have the issues, so this is getting pushed to the development team.

    Other things I have tried:

    - With the clients receiving the errors, I have updated the network card drivers and also manually set the duplex setting to match the connection of the SEPM.

    - Moved clients (with the errors) to a new distribution group.

    - Uninstalled with CleanWipe and reinstalled from DVD and then manually added the communication setting.

    - Uninstalled with CleanWipe and pushed installation from SEPM.

    One thing that is interesting to me is that I still have some clients (mainly servers) on version 11.0.6300.803, which I haven't had one problem with. All the clients I have errors with are version 12.1



  • 44.  RE: SEP 12.1 reporting client errors.

    Posted Apr 23, 2012 04:34 PM

    One thing I am trying to see if I can find a solution to this issue; I created a new installer without SONAR. I have it installed on the one machine that errored the most daily. Total of 3 machines has this custom install. So far, four days into my test, I have not had one issue.