Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP Client Communication - ISA 2004 - RU5

Migration User

Migration UserFeb 12, 2010 08:07 AM

Anyone else have any ideas?
Migration User

Migration UserFeb 22, 2010 07:38 AM

Can you bypass proxy for some clients for testing?

  • 1.  SEP Client Communication - ISA 2004 - RU5

    Posted Feb 11, 2010 02:24 PM
    Hey all,

    I have been working on an ongoing problem here at my site.  We installed SEPM on a server and are running into a few issues.  Below you will see our basic infrastructure layout.

    SEPM RU5
    Server 2003 STD SP2
    Clients run XP, Vista, and Win 7
    ODBC database
    900 nodes
    Client version 11.0.5

    The problem that I am having is simple.  Clients are not reporting the proper status back.  A simple example would be the following.  A client will initially connect to the manager, get updates, and proper policy.  After a few days they stop reporting their last scans, virus defs, etc.  If I remote to the client, locally the definitons are up to date and a green dot does appear.  The definition date is incorrect however on the SEPM.  This then leads to a giant X on the manager's home page.  The clients are scanning and are getting updated but won't report properly.  I've ran a sylink test in a few locations and came back with a 407 error which can be fixed with the following KB.

    http://service1.symantec.com/support/ent-security.nsf/docid/2008051309225748

    After doing the 407 error was gone and all was well.  The clients reported back a SMS status of 200.  Fine.  Things worked great for a few days and then the same issues came back.  We have MS ISA 2004 installed in our environment with a Firewall client rolled out to each computer.  A client's IE settings will be set to find a manual proxy going through port 8080.  I then thought to change the proxy settings on both the local user and system accounts.  This worked fine for a few days and then started having the same issues all over again.  If i run a sylink log on one of these clients that have the latest definitions, the only error that I get back is that EVENT POST FAILED.  Communication with the server is fine apparently.  Is ISA causing a problem here in regards to a certain port, service, etc?  Also, it seems to me that with all my research that the SEP client is requiring anonymous access to ISA which keeps getting blocked for obvious reasons.  I will post a sylink log for everyone shortly. 

    Thanks, 

    madhavassj


  • 2.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 11, 2010 02:30 PM
    02/11 14:26:14 [3308] ~~~Sylink log started. (SEP Product Version in registry: 11.0.5002.333, Sylink File Version: 11.0.5002.301)
    02/11 14:26:14 [3308] Stored HostGUID=A52294860A0102E9017456BCB125F5F0; outlen=16
    02/11 14:26:14 [3308] <RestoreSettings>Stored UserGuid=0; outlen=2
    02/11 14:26:14 [3308] <mfn_DecodeSSN>Sygate-SSN=2231
    02/11 14:26:14 [3308] <mfn_DecodeSSN>Read CSN=2232
    02/11 14:26:14 [3308] <mfn_DecodeSSN>Sygate-SSN=216
    02/11 14:26:14 [3308] <mfn_DecodeSSN>Read CSN=217
    02/11 14:26:14 [3308] Product Type=1,Major Ver=5,Minor Ver=1,Platform ID=2,OSType=17105154
    02/11 14:26:14 [3308] OS=Windows XP Professional ; number=5.1.2600
    02/11 14:26:14 [3308] SyLinkCreateInstance => Instance created: 01BA5738 Registry path: SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK
    02/11 14:26:14 [3308] <GetOnlineNicInfo>:Netport Count=1
    02/11 14:26:14 [3308] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>
    02/11 14:26:14 [3308] SyLinkCreateConfig => Created instance: 01B8A218
    02/11 14:26:14 [3308] UseNewConfig => Created m_hNewConfig: 01B8A218
    02/11 14:26:14 [3308] Importing ConfigObject: 01B87CD8 into: 01B8A218
    02/11 14:26:14 [3308] Importing ConfigObject: 01B87CD8 into: 01B88F78
    02/11 14:26:14 [3308] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    02/11 14:26:14 [3308] SSA packageType is set as 105
    02/11 14:26:14 [3308] SyLinkDeleteConfig => Deleting instance: 01B87CD8
    02/11 14:26:14 [3308] <SetHiStatus>HI status is changed to=3; reason=105; rule=Host Integrity check is disabled.
     Host Integrity policy has been disabled by the administrator.
    02/11 14:26:14 [3308] SyLinkCreateConfig => Created instance: 03898BA8
    02/11 14:26:14 [3308] SetCurLocationName: Name is set to - Default
    02/11 14:26:14 [3308] SetCurLocationID: ID is set to - 52B0FD270A0102E9009FE5C52FBC334D
    02/11 14:26:14 [3308] SyLinkCreateConfig => Created instance: 03981818
    02/11 14:26:14 [3308] Importing ConfigObject: 03981818 into: 01B8A218
    02/11 14:26:14 [3308] Importing ConfigObject: 03981818 into: 01B88F78
    02/11 14:26:14 [3308] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    02/11 14:26:14 [3308] SyLinkDeleteConfig => Deleting instance: 03981818
    02/11 14:26:15 [3308] SyLinkDeleteConfig => Deleting instance: 03898BA8
    02/11 14:26:15 [3308] <CSyLink::Start()>
    02/11 14:26:15 [3308] <EncodeHelper::DecryptUrl>
    02/11 14:26:15 [3308] <CSyLink::Start> The last server used was '10.1.2.233'
    02/11 14:26:15 [3308] <CSyLink::ImportConfigFile()>
    02/11 14:26:15 [3308] CUpdateConfig::Dump
    02/11 14:26:15 [3308] </CSyLink::ImportConfigFile()>
    02/11 14:26:15 [3308] <GetDomainHostName>msz_DomainName is taken from szDomainName
    02/11 14:26:15 [3308] <GetDomainHostName>DomainName (Final)=nhrhs.net
    02/11 14:26:15 [3308] <HWID CSyLink::GetHardwareKey> Get Hardware ID
    02/11 14:26:16 [3308] <HWID CSyLink::GetHardwareKey> Hardware ID assigned: 222F833EFE216658DA61C2A38272067C
    02/11 14:26:16 [3308] <Start>Unable to create Session with 'No Proxies' settings - Error Code: 87
    02/11 14:26:16 [2120] <ScheduleNextUpdate>Manually assigned heartbeat=2659 seconds
    02/11 14:26:16 [3284] <HeartbeatThreadProc:>Thread is about to begin..
    02/11 14:26:16 [2120] Successfully created the heartbeat thread
    02/11 14:26:16 [3308] <Start>Started, contact SMS every 3600 seconds
    02/11 14:26:16 [3308] <PostEvent>going to post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    02/11 14:26:16 [3308] <PostEvent>done post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED, return=0
    02/11 14:26:16 [3308] </CSyLink::Start()>
    02/11 14:26:17 [3308] <SetClientAuth>Received new User/Domain from SMC..  User: madhavassj User Domain: NHRHS
    02/11 14:26:17 [3308] <SetClientAuth>Getting RDNS Domain Name (user domain in AD setup)..
    02/11 14:26:17 [3308] <GetLoginRdnsDomain>DNS domain=NHRHS.NET
    02/11 14:26:17 [3308] <SetClientAuth>Setting the User Domain to RDNS Domain ..
    02/11 14:26:17 [3308] <SetClientAuth>Logged in user info set to: NHRHS.NET/madhavassj
    02/11 14:26:17 [3308] <SetClientAuth>Marking User Change Notify to redo registration..
    02/11 14:26:17 [3284] <CheckHeartbeatTimer>====== Heartbeat loop starts at 14:26:17 ======
    02/11 14:26:17 [3284] <GetOnlineNicInfo>:Netport Count=1
    02/11 14:26:17 [3284] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>
    02/11 14:26:17 [2124] SyLinkCreateConfig => Created instance: 01AE3460
    02/11 14:26:17 [2124] Importing ConfigObject: 01B88F78 into: 01AE3460
    02/11 14:26:17 [2124] SyLinkDeleteConfig => Deleting instance: 01AE3460
    02/11 14:26:18 [3284] <CalcAgentHashKey>:CH=1B40FB3D0A0102E900584E976F7BB19C1nh101pc16nhrhs.net222F833EFE216658DA61C2A38272067C
    02/11 14:26:18 [3284] <CalcAgentHashKey>:CHKey=FBEC6167FDECB4610AA247D13F0998BA
    02/11 14:26:18 [3284] <CalcAgentHashKey>:C=1B40FB3D0A0102E900584E976F7BB19C1nh101pc16nhrhs.net
    02/11 14:26:18 [3284] <CalcAgentHashKey>:CKey=475840472E58228AA1D1DE17905ACA69
    02/11 14:26:18 [3284] <CalcAgentHashKey>:UCH=1B40FB3D0A0102E900584E976F7BB19C0madhavassjNHRHS.NETnh101pc16nhrhs.net222F833EFE216658DA61C2A38272067C
    02/11 14:26:18 [3284] <CalcAgentHashKey>:UCHKey=1FB0E63BF41689B2E6355D0462198D84
    02/11 14:26:18 [3284] <CalcAgentHashKey>:UC=1B40FB3D0A0102E900584E976F7BB19C0madhavassjNHRHS.NETnh101pc16nhrhs.net
    02/11 14:26:18 [3284] <CalcAgentHashKey>:UCKey=C7A0B69CD82B7FFE6F058173858C2CBA
    02/11 14:26:18 [3284] <DoHeartbeat>HardwareID=222F833EFE216658DA61C2A38272067C
    02/11 14:26:18 [3284] <DoHeartbeat>CHKey=FBEC6167FDECB4610AA247D13F0998BA
    02/11 14:26:18 [3284] <DoHeartbeat>CKey=475840472E58228AA1D1DE17905ACA69
    02/11 14:26:18 [3284] <DoHeartbeat>UCHKey=1FB0E63BF41689B2E6355D0462198D84
    02/11 14:26:18 [3284] <DoHeartbeat>UCKey=C7A0B69CD82B7FFE6F058173858C2CBA
    02/11 14:26:18 [3284] <DoHeartbeat> Set heartbeat event
    02/11 14:26:18 [3284] Use new configuration
    02/11 14:26:18 [3284] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 14:26:18 ======
    02/11 14:26:18 [3284] HEARTBEAT: Check Point 1
    02/11 14:26:18 [3284] HEARTBEAT: Check Point 2
    02/11 14:26:18 [3284] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    02/11 14:26:18 [3284] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    02/11 14:26:18 [3284] HEARTBEAT: Check Point 3
    02/11 14:26:18 [3284] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    02/11 14:26:18 [3284] HEARTBEAT: Check Point 4
    02/11 14:26:18 [3284] <RegHeartbeatProc>===Registration STAGE===
    02/11 14:26:18 [3284] <MakeRegisterData:>logon id (domain/user)=NHRHS.NET/madhavassj
    02/11 14:26:18 [3284] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="1B40FB3D0A0102E900584E976F7BB19C" AgentType="105" UserDomain="NHRHS.NET" LoginUser="madhavassj" ComputerDomain="nhrhs.net" ComputerName="nh101pc16" PreferredGroup="My%20Company%5cWorkstations" PreferredMode="1" HardwareKey="222F833EFE216658DA61C2A38272067C" SiteDomainName=""/>

    <SSAHostInfo><NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc="" />

    <SSAProduct Version="11.0.5002.333" />

    <SSAOS Version="5.1.2600" Desc="Windows%20XP%20Professional%20" Type="17105154" ServicePack="Service%20Pack%203"/>

    <Processor ProcessorType="x86%20Family%206%20Model%2015%20Stepping%2011" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <BIOS Version="DELL%20%20%20-%2015"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01%2f13%2f2010%2014%3a26%3a03%20837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <SSAUTC Bias="300" />

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>

    </SSAHostInfo>

    </SSARegData>
    02/11 14:26:18 [3284] <SyLink>[MakeRegisterData] registration Hardware Key=222F833EFE216658DA61C2A38272067C
    02/11 14:26:18 [3284] ************Reg CSN=218
    02/11 14:26:18 [3284] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1265

    s_session_id: 222F833EFE216658DA61C2A38272067C

    Sygate-SSN: 218

    <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="1B40FB3D0A0102E900584E976F7BB19C" AgentType="105" UserDomain="NHRHS.NET" LoginUser="madhavassj" ComputerDomain="nhrhs.net" ComputerName="nh101pc16" PreferredGroup="My%20Company%5cWorkstations" PreferredMode="1" HardwareKey="222F833EFE216658DA61C2A38272067C" SiteDomainName=""/>

    <SSAHostInfo><NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc="" />

    <SSAProduct Version="11.0.5002.333" />

    <SSAOS Version="5.1.2600" Desc="Windows%20XP%20Professional%20" Type="17105154" ServicePack="Service%20Pack%203"/>

    <Processor ProcessorType="x86%20Family%206%20Model%2015%20Stepping%2011" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <BIOS Version="DELL%20%20%20-%2015"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01%2f13%2f2010%2014%3a26%3a03%20837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <SSAUTC Bias="300" />

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>

    </SSAHostInfo>

    </SSARegData>
    02/11 14:26:18 [3284] <SendRegistrationRequest:>http://10.1.2.233:8014 [encrypted data]
    02/11 14:26:18 [3284] 14:26:18=>Send HTTP REQUEST
    02/11 14:26:19 [3284] 14:26:19=>HTTP REQUEST sent
    02/11 14:26:19 [3284] 14:26:19=>QUERY return code
    02/11 14:26:19 [3284] 14:26:19=>QUERY return code completed
    02/11 14:26:19 [3284] <SendRegistrationRequest:>SMS return=407
    02/11 14:26:19 [3284] <ParseHTTPStatusCode:>407=>Uninterpreted Status
    02/11 14:26:19 [3284] <SendRegistrationRequest:>Content Lenght => 4102
    02/11 14:26:19 [3284] HTTP returns status code=407
    02/11 14:26:19 [3284] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    02/11 14:26:19 [3284] <SendRegistrationRequest:>COMPLETED, returned 5
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 5.1
    02/11 14:26:19 [3284] <GetFirstSEMServer> Selecting a random server
    02/11 14:26:19 [3284] <RegHeartbeatProc>switch to another server
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 9
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 8
    02/11 14:26:19 [3284] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    02/11 14:26:19 [3284] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 1
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 2
    02/11 14:26:19 [3284] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    02/11 14:26:19 [3284] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 3
    02/11 14:26:19 [3284] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 4
    02/11 14:26:19 [3284] <RegHeartbeatProc>===Registration STAGE===
    02/11 14:26:19 [3284] <MakeRegisterData:>logon id (domain/user)=NHRHS.NET/madhavassj
    02/11 14:26:19 [3284] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="1B40FB3D0A0102E900584E976F7BB19C" AgentType="105" UserDomain="NHRHS.NET" LoginUser="madhavassj" ComputerDomain="nhrhs.net" ComputerName="nh101pc16" PreferredGroup="My%20Company%5cWorkstations" PreferredMode="1" HardwareKey="222F833EFE216658DA61C2A38272067C" SiteDomainName=""/>

    <SSAHostInfo><NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc="" />

    <SSAProduct Version="11.0.5002.333" />

    <SSAOS Version="5.1.2600" Desc="Windows%20XP%20Professional%20" Type="17105154" ServicePack="Service%20Pack%203"/>

    <Processor ProcessorType="x86%20Family%206%20Model%2015%20Stepping%2011" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <BIOS Version="DELL%20%20%20-%2015"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01%2f13%2f2010%2014%3a26%3a03%20837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <SSAUTC Bias="300" />

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>

    </SSAHostInfo>

    </SSARegData>
    02/11 14:26:19 [3284] <SyLink>[MakeRegisterData] registration Hardware Key=222F833EFE216658DA61C2A38272067C
    02/11 14:26:19 [3284] ************Reg CSN=219
    02/11 14:26:19 [3284] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1265

    s_session_id: 222F833EFE216658DA61C2A38272067C

    Sygate-SSN: 219

    <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="1B40FB3D0A0102E900584E976F7BB19C" AgentType="105" UserDomain="NHRHS.NET" LoginUser="madhavassj" ComputerDomain="nhrhs.net" ComputerName="nh101pc16" PreferredGroup="My%20Company%5cWorkstations" PreferredMode="1" HardwareKey="222F833EFE216658DA61C2A38272067C" SiteDomainName=""/>

    <SSAHostInfo><NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc="" />

    <SSAProduct Version="11.0.5002.333" />

    <SSAOS Version="5.1.2600" Desc="Windows%20XP%20Professional%20" Type="17105154" ServicePack="Service%20Pack%203"/>

    <Processor ProcessorType="x86%20Family%206%20Model%2015%20Stepping%2011" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <BIOS Version="DELL%20%20%20-%2015"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01%2f13%2f2010%2014%3a26%3a03%20837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <SSAUTC Bias="300" />

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>

    </SSAHostInfo>

    </SSARegData>
    02/11 14:26:19 [3284] <SendRegistrationRequest:>http://10.1.2.233:8014 [encrypted data]
    02/11 14:26:19 [3284] 14:26:19=>Send HTTP REQUEST
    02/11 14:26:19 [3284] 14:26:19=>HTTP REQUEST sent
    02/11 14:26:19 [3284] 14:26:19=>QUERY return code
    02/11 14:26:19 [3284] 14:26:19=>QUERY return code completed
    02/11 14:26:19 [3284] <SendRegistrationRequest:>SMS return=407
    02/11 14:26:19 [3284] <ParseHTTPStatusCode:>407=>Uninterpreted Status
    02/11 14:26:19 [3284] <SendRegistrationRequest:>Content Lenght => 4102
    02/11 14:26:19 [3284] HTTP returns status code=407
    02/11 14:26:19 [3284] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    02/11 14:26:19 [3284] <SendRegistrationRequest:>COMPLETED, returned 5
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 5.1
    02/11 14:26:19 [3284] <RegHeartbeatProc>switch to another server
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 9
    02/11 14:26:19 [3284] HEARTBEAT: Check Point 8
    02/11 14:26:19 [3284] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    02/11 14:26:19 [3284] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    02/11 14:26:20 [3284] HEARTBEAT: Check Point 1
    02/11 14:26:20 [3284] HEARTBEAT: Check Point 2
    02/11 14:26:20 [3284] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    02/11 14:26:20 [3284] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    02/11 14:26:20 [3284] HEARTBEAT: Check Point 3
    02/11 14:26:20 [3284] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    02/11 14:26:20 [3284] HEARTBEAT: Check Point 4
    02/11 14:26:20 [3284] <RegHeartbeatProc>===Registration STAGE===
    02/11 14:26:20 [3284] <MakeRegisterData:>logon id (domain/user)=NHRHS.NET/madhavassj
    02/11 14:26:20 [3284] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="1B40FB3D0A0102E900584E976F7BB19C" AgentType="105" UserDomain="NHRHS.NET" LoginUser="madhavassj" ComputerDomain="nhrhs.net" ComputerName="nh101pc16" PreferredGroup="My%20Company%5cWorkstations" PreferredMode="1" HardwareKey="222F833EFE216658DA61C2A38272067C" SiteDomainName=""/>

    <SSAHostInfo><NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc="" />

    <SSAProduct Version="11.0.5002.333" />

    <SSAOS Version="5.1.2600" Desc="Windows%20XP%20Professional%20" Type="17105154" ServicePack="Service%20Pack%203"/>

    <Processor ProcessorType="x86%20Family%206%20Model%2015%20Stepping%2011" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <BIOS Version="DELL%20%20%20-%2015"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01%2f13%2f2010%2014%3a26%3a03%20837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <SSAUTC Bias="300" />

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>

    </SSAHostInfo>

    </SSARegData>
    02/11 14:26:20 [3284] <SyLink>[MakeRegisterData] registration Hardware Key=222F833EFE216658DA61C2A38272067C
    02/11 14:26:20 [3284] ************Reg CSN=220
    02/11 14:26:20 [3284] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1265

    s_session_id: 222F833EFE216658DA61C2A38272067C

    Sygate-SSN: 220

    <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="1B40FB3D0A0102E900584E976F7BB19C" AgentType="105" UserDomain="NHRHS.NET" LoginUser="madhavassj" ComputerDomain="nhrhs.net" ComputerName="nh101pc16" PreferredGroup="My%20Company%5cWorkstations" PreferredMode="1" HardwareKey="222F833EFE216658DA61C2A38272067C" SiteDomainName=""/>

    <SSAHostInfo><NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc="" />

    <SSAProduct Version="11.0.5002.333" />

    <SSAOS Version="5.1.2600" Desc="Windows%20XP%20Professional%20" Type="17105154" ServicePack="Service%20Pack%203"/>

    <Processor ProcessorType="x86%20Family%206%20Model%2015%20Stepping%2011" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <BIOS Version="DELL%20%20%20-%2015"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01%2f13%2f2010%2014%3a26%3a03%20837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <SSAUTC Bias="300" />

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>

    </SSAHostInfo>

    </SSARegData>
    02/11 14:26:20 [3284] <SendRegistrationRequest:>http://ares:8014 [encrypted data]
    02/11 14:26:20 [3284] 14:26:20=>Send HTTP REQUEST
    02/11 14:26:20 [3284] 14:26:20=>HTTP REQUEST sent
    02/11 14:26:20 [3284] 14:26:20=>QUERY return code
    02/11 14:26:20 [3284] 14:26:20=>QUERY return code completed
    02/11 14:26:20 [3284] <SendRegistrationRequest:>SMS return=407
    02/11 14:26:20 [3284] <ParseHTTPStatusCode:>407=>Uninterpreted Status
    02/11 14:26:20 [3284] <SendRegistrationRequest:>Content Lenght => 4102
    02/11 14:26:20 [3284] HTTP returns status code=407
    02/11 14:26:20 [3284] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    02/11 14:26:20 [3284] <SendRegistrationRequest:>COMPLETED, returned 5
    02/11 14:26:20 [3284] HEARTBEAT: Check Point 5.1
    02/11 14:26:20 [3284] <ScheduleNextUpdate>new scheduled heartbeat=32 seconds
    02/11 14:26:20 [3284] HEARTBEAT: Check Point 8
    02/11 14:26:20 [3284] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    02/11 14:26:20 [3284] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    02/11 14:26:20 [3284] <RegHeartbeatProc>====== Registration Procedure stops at 14:26:20 ======
    02/11 14:26:20 [3284] HEARTBEAT: Check Point 10
    02/11 14:26:20 [3284] HEARTBEAT: Check Point Complete
    02/11 14:26:20 [3284] <RegHeartbeatProc>Done, Heartbeat=32seconds
    02/11 14:26:20 [3284] HeartbeatProcFailed to get profile with proxy setting 1
    02/11 14:26:20 [3284] <CheckHeartbeatTimer>====== Heartbeat loop stops at 14:26:20 ======
    02/11 14:26:53 [3284] <CheckHeartbeatTimer>====== Heartbeat loop starts at 14:26:53 ======
    02/11 14:26:54 [3284] <GetOnlineNicInfo>:Netport Count=1
    02/11 14:26:54 [3284] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs>
    02/11 14:26:54 [3284] <CalcAgentHashKey>:CH=1B40FB3D0A0102E900584E976F7BB19C1nh101pc16nhrhs.net222F833EFE216658DA61C2A38272067C
    02/11 14:26:54 [3284] <CalcAgentHashKey>:CHKey=FBEC6167FDECB4610AA247D13F0998BA
    02/11 14:26:54 [3284] <CalcAgentHashKey>:C=1B40FB3D0A0102E900584E976F7BB19C1nh101pc16nhrhs.net
    02/11 14:26:54 [3284] <CalcAgentHashKey>:CKey=475840472E58228AA1D1DE17905ACA69
    02/11 14:26:54 [3284] <CalcAgentHashKey>:UCH=1B40FB3D0A0102E900584E976F7BB19C0madhavassjNHRHS.NETnh101pc16nhrhs.net222F833EFE216658DA61C2A38272067C
    02/11 14:26:54 [3284] <CalcAgentHashKey>:UCHKey=1FB0E63BF41689B2E6355D0462198D84
    02/11 14:26:54 [3284] <CalcAgentHashKey>:UC=1B40FB3D0A0102E900584E976F7BB19C0madhavassjNHRHS.NETnh101pc16nhrhs.net
    02/11 14:26:54 [3284] <CalcAgentHashKey>:UCKey=C7A0B69CD82B7FFE6F058173858C2CBA
    02/11 14:26:54 [3284] <DoHeartbeat>HardwareID=222F833EFE216658DA61C2A38272067C
    02/11 14:26:54 [3284] <DoHeartbeat>CHKey=FBEC6167FDECB4610AA247D13F0998BA
    02/11 14:26:54 [3284] <DoHeartbeat>CKey=475840472E58228AA1D1DE17905ACA69
    02/11 14:26:54 [3284] <DoHeartbeat>UCHKey=1FB0E63BF41689B2E6355D0462198D84
    02/11 14:26:54 [3284] <DoHeartbeat>UCKey=C7A0B69CD82B7FFE6F058173858C2CBA
    02/11 14:26:54 [3284] <DoHeartbeat> Set heartbeat event
    02/11 14:26:54 [3284] Use new configuration
    02/11 14:26:54 [3284] <CSyLink::IndexHeartbeatProc()>
    02/11 14:26:54 [3284] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 01B88F78
    02/11 14:26:54 [3284] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 14:26:54 ======
    02/11 14:26:54 [3284] HEARTBEAT: Check Point 1
    02/11 14:26:54 [3284] Get First Server!
    02/11 14:26:54 [3284] HEARTBEAT: Check Point 2
    02/11 14:26:54 [3284] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    02/11 14:26:54 [3284] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    02/11 14:26:54 [3284] HEARTBEAT: Check Point 3
    02/11 14:26:54 [3284] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
    02/11 14:26:54 [3284] HEARTBEAT: Check Point 4
    02/11 14:26:54 [3284] <IndexHeartbeatProc>===Get Index STAGE===
    02/11 14:26:54 [3284] ************CSN=2233
    02/11 14:26:54 [3284] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=A52294860A0102E9017456BCB125F5F0&chk=FBEC6167FDECB4610AA247D13F0998BA&ck=475840472E58228AA1D1DE17905ACA69&uchk=1FB0E63BF41689B2E6355D0462198D84&uck=C7A0B69CD82B7FFE6F058173858C2CBA&hid=222F833EFE216658DA61C2A38272067C&groupid=1B40FB3D0A0102E900584E976F7BB19C&mode=0&hbt=3600&as=2233&cn=[hex]6E6831303170633136&lun=[hex]6D61646861766173736A&udn=[hex]4E485248532E4E4554
    02/11 14:26:54 [3284] <GetIndexFileRequest:>http://10.1.2.233:8014/secars/secars.dll?h=A5E6CBA048B9E595FBD32E47A9434E3766FE1F1CD9EC615FAC01D3A2B3B7EBCA3DAD097157B930FF48A299DA66E4A50FBD56AFEEA8380D9D92A2D870FCFDE958D1F0FEA40D0D73642373C1A3D747BC7326144AAEC2E20B7D875AF39457A045A27BF67734A683F19875551D9BDE30C3A9DA83E14D56237F6C700209CFC432A6775AAA0F90A43DC432E2B6CB942833E3B1EEA8B24BEEEA976DF4BAF75B8518C727B9EB20E58FDCC56041D98792CA5A105B73B3E8FA20995D10D53AA29FD9857D83592220A41BF5CE177B7B172BCCE8EB69796C8269D59B263214D45C788730D083FD63B28DFC8CA7C539D702E1EA4C348D56C771C2DCE3433CD3C648E51B3F3A1E04B8F2ECA7DF526785B90DE18C96C81C7DC70F79EF3C88898F716FE8BE81CC246AF4A476E0A131E947887DC2A1766DBE27BF7513B203DE8FF0210367911F7412B80F642920003F3A45B786F6AD8AB2A73C7D4BF6A83ABE57FBB5BB184AF3316B88350A00801F4E6191F621821BF41EDD76235B3294D8563105A6A5FBDE29F6C5591754E149215F91160DBAB6CBF2423B
    02/11 14:26:54 [3284] 14:26:54=>Send HTTP REQUEST
    02/11 14:26:54 [3284] 14:26:54=>HTTP REQUEST sent
    02/11 14:26:54 [3284] <GetIndexFileRequest:>SMS return=200
    02/11 14:26:54 [3284] <ParseHTTPStatusCode:>200=>200 OK
    02/11 14:26:54 [3284] <FindHeader>Sem-HashKey:=>FBEC6167FDECB4610AA247D13F0998BA
    02/11 14:26:54 [3284] <FindHeader>Sem-LANSensor:=>0
    02/11 14:26:54 [3284] <FindHeader>Sem-Signatue:=>4FFAF7BE8F31985C98017246DEB3E3758767684814E82F6436BD1ABE5DC151050A8347B0035E8FFC31990FB3CD3E6E47D77384C28148A261E3775927D9DF3C714E9B9F58F70796B051DA736D043F18CDFEEE882CAE6E04A65EFF1F389993BC59122F11DEBA29A535EA34687DB1C903DC3B1F156D5102AC67FDCCB32081FD64E2
    02/11 14:26:54 [3284] <mfn_DoGetIndexFile200>Content Lenght => 1362
    02/11 14:26:54 [3284] SignIf::VerifySignature(data, dataLen, sig, sigLen) => Verification Successful..
    02/11 14:26:54 [3284] <mfn_DoGetIndexFile200>Index File: <?xml version="1.0" encoding="UTF-8" ?><GroupIndex SiteID="91CD39B00A0102E90076800EFAF14975" ServerID="ABB57C9E0A0102E90013D99CF442E3BF" GroupID="774C36980A0102E901E6CECCC0410D9D" GroupCheckSum="842CEA790A323210858413531" LastModifiedTime = "11/02/2010 01:21:01">    <Profile Checksum="8B0D39A3AC62D68AE5659A2A03E24313" SerialNumber="774C-01/13/2010 14:26:03 837" LastModifiedTime="02/02/2010  13:34:05"/>    <ConfigFile Checksum="DD02CFD412910C7CDE82A3FFD457355E" LastModifiedTime="02/02/2010  13:34:05"/>    <IDSFile Checksum="703A0AE1B8EC84B36CDBAECB7E800283" LastModifiedTime="02/02/2010  13:34:05"/>    <SylinkFile Checksum="93D16FC7DCE3CE80BF1C5F0C4E92F24C" LastModifiedTime="02/02/2010  13:34:05"/>    <LSProfile Checksum="55562D8E3A0913FC26A3504020266CB4" SerialNumber ="774C-01/13/2010 14:26:03 837" LastModifiedTime ="02/02/2010  13:34:05"/>
        <LiveUpdate>
            <File Checksum="A1F3C5E52C353FCD525F002D1FFE838F" DeltaFlag="1" FullSize="71906295" LastModifiedTime="1265869187382" Moniker="{C60DC234-65F9-4674-94AE-62158EFCA433}" Seq="100210024"/>
             <File Checksum="D351E14B5EC89AC6128F36742BC3CDB4" DeltaFlag="1" FullSize="72097220" LastModifiedTime="1265869126066" Moniker="{1CD85198-26C6-4bac-8C72-5D34B025DE35}" Seq="100210024"/>
             <File Checksum="909A59F4E944FA844A85ED38CBB77A01" DeltaFlag="1" FullSize="1338005" LastModifiedTime="1265696318339" Moniker="{D3769926-05B7-4ad1-9DCF-23051EEE78E3}" Seq="100205001"/>
             <File Checksum="B5FCC0CF55A0BFC111DE40DB2CB4B36E" DeltaFlag="1" FullSize="1352333" LastModifiedTime="1264841792372" Moniker="{42B17E5E-4E9D-4157-88CB-966FB4985928}" Seq="100129001"/>
             <File Checksum="806E86022A450881A028FD5016AA2C48" DeltaFlag="1" FullSize="669829" LastModifiedTime="1245157203777" Moniker="{C25CEA47-63E5-447b-8D95-C79CAE13FF79}" Seq="80929016"/>
             <File Checksum="254FA35AD9DAA47F59FFB08B683B54EC" DeltaFlag="1" FullSize="650307" LastModifiedTime="1245157208792" Moniker="{ECCC5006-EF61-4c99-829A-417B6C6AD963}" Seq="2008021700"/>
             <File Checksum="BF71C9664CB258290733341FFD264E22" DeltaFlag="1" FullSize="88188" LastModifiedTime="1245157258617" Moniker="{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}" Seq="80820001"/>
             <File Checksum="4B8833F43486DCB65B3FA6FEADEC4DCD" DeltaFlag="1" FullSize="1662247" LastModifiedTime="1245157265195" Moniker="{DB206823-FFD2-440a-9B89-CCFD45F3F1CD}" Seq="80820001"/>
             <File Checksum="BCC814C4421ECF0F6D63E020E1F9F334" DeltaFlag="1" FullSize="1419193" LastModifiedTime="1245157280007" Moniker="{C13726A9-8DF7-4583-9B39-105B7EBD55E2}" Seq="80820001"/>
             <File Checksum="7A3D2D7818C27E3E39BF6ECFAD45521D" DeltaFlag="1" FullSize="6477" LastModifiedTime="1256972362541" Moniker="{4F889C4A-784D-40de-8539-6A29BAA43139}" Seq="91030032"/>
             <File Checksum="C9177F64FB9B37389CC0D31D62711F78" DeltaFlag="1" FullSize="76800" LastModifiedTime="1265869199894" Moniker="{CC40C428-1830-44ef-B8B2-920A0B761793}" Seq="100210020"/>
             <File Checksum="CAC3642CB01AB62E0226156257A0A1EC" DeltaFlag="1" FullSize="860168" LastModifiedTime="1265869202234" Moniker="{812CD25E-1049-4086-9DDD-A4FAE649FBDF}" Seq="100210020"/>
             <File Checksum="9C4BA61289B207324C39706C8D027191" DeltaFlag="1" FullSize="860200" LastModifiedTime="1265869234998" Moniker="{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}" Seq="100210020"/>
             <File Checksum="28ADAB78A74EFF562C7F9964BA47A4BA" DeltaFlag="1" FullSize="76785" LastModifiedTime="1265869237276" Moniker="{E5A3EBEE-D580-421e-86DF-54C0B3739522}" Seq="100210020"/>
        </LiveUpdate>
    </GroupIndex>
    02/11 14:26:54 [3284] <mfn_DoGetIndexFile200>Parser Index File!
    02/11 14:26:54 [3284] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
    02/11 14:26:54 [3284] <GetIndexFileRequest:>COMPLETED
    02/11 14:26:54 [3284] <IndexHeartbeatProc>GetIndexFile handling status: 0
    02/11 14:26:54 [3284] <IndexHeartbeatProc>Switch Server flag=0
    02/11 14:26:54 [3284] HEARTBEAT: Check Point 5.1
    02/11 14:26:54 [3284] <IsInClientIPorOnLink> NextHop is OnLink with 10.1.101.16,return TRUE
    02/11 14:26:54 [3284] <mfn_GetOutIP> Out IP is:10.1.101.16
    02/11 14:26:54 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
    02/11 14:26:55 [3284] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {1CD85198-26C6-4bac-8C72-5D34B025DE35} Seq:100210024
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
    02/11 14:26:55 [3284] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {42B17E5E-4E9D-4157-88CB-966FB4985928} Seq:100129001
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
    02/11 14:26:55 [3284] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {DB206823-FFD2-440a-9B89-CCFD45F3F1CD} Seq:80820001
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
    02/11 14:26:55 [3284] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {CC40C428-1830-44ef-B8B2-920A0B761793} Seq:100210020
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
    02/11 14:26:55 [3284] <mfn_LiveUpdate:> Agent returned closest matching seq: 100205018
    02/11 14:26:55 [3284] <Add2LUFileList:>Adding LU Info to LU Download File List: {812CD25E-1049-4086-9DDD-A4FAE649FBDF}100210020
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
    02/11 14:26:55 [3284] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {E1A6B4FF-6873-4200-B6F6-04C13BF38CF3} Seq:100210020
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
    02/11 14:26:55 [3284] <mfn_LiveUpdate:> Agent returned closest matching seq: 100205018
    02/11 14:26:55 [3284] <Add2LUFileList:>Adding LU Info to LU Download File List: {E5A3EBEE-D580-421e-86DF-54C0B3739522}100210020
    02/11 14:26:55 [3284] <mfn_PrepareLUContent:>Requesting LU Info for :  Moniker: {812CD25E-1049-4086-9DDD-A4FAE649FBDF} Target Seq:100210020
    02/11 14:26:55 [3284] ************CSN=2234
    02/11 14:26:55 [3284] <GetContentFileInfoUrl:> Request is: action=52&hostid=A52294860A0102E9017456BCB125F5F0&groupid=1B40FB3D0A0102E900584E976F7BB19C&fn=[hex]7B38313243443235452D313034392D343038362D394444442D4134464145363439464244467D&cdn=[hex]6E6831303170633136&lun=[hex]6D61646861766173736A&udn=[hex]4E485248532E4E4554&lu=6&luseq=100205018,100203016,100202020,&lulasttriedseq=&lutargetseq=100210020&lucontentstate=0
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>URL: /secars/secars.dll?h=CB87DD4CFA5252F1E1FBAAB6D1E1221B66FE1F1CD9EC615FAC01D3A2B3B7EBCA3DAD097157B930FF48A299DA66E4A50FF1FA9F765E0FDE8364811190E9DB0F18D6A468BC4C8BB8859B0988E49BF1DFA91375E95F89D64967BC4A0DF42673E71F2F4C52FEB53BA453C55016B80D8E38589D8A8B7E4D56EB526C05C71B9FE88617A1005123191331DE29C07B18B161A0C891B1E80B8C436D9F3C08FE6E8F2BD3558A086301DAFD84885F21D919A300D134A6DE10E7C8514319BAAD3694E9BA9A3CEFB25696C76835F67C62F97E799FC91877576C38B25CBA7CEE223F00A30CBAE423C022122C6F04E17542F7C826F73DD908FD41D1E852CA842CECFF7FD41C41D68DB435625367BEDB3C09C4797F62FA95DF157F65F834838CA0FF1E8D67310580F35A27348ED7E27C7DCBE0B7732706A2E22B2B9853CAF7E76125B7ABB65A93B9AA88F93B1E04E553A2993A7C21C580B826A652A45F52168CF06602AA4754DA7EA4663460C331E15D2E36B31A51E12EE4
    02/11 14:26:55 [3284] <SendUrlAndReceiveResponse:>http://10.1.2.233:8014/secars/secars.dll?h=CB87DD4CFA5252F1E1FBAAB6D1E1221B66FE1F1CD9EC615FAC01D3A2B3B7EBCA3DAD097157B930FF48A299DA66E4A50FF1FA9F765E0FDE8364811190E9DB0F18D6A468BC4C8BB8859B0988E49BF1DFA91375E95F89D64967BC4A0DF42673E71F2F4C52FEB53BA453C55016B80D8E38589D8A8B7E4D56EB526C05C71B9FE88617A1005123191331DE29C07B18B161A0C891B1E80B8C436D9F3C08FE6E8F2BD3558A086301DAFD84885F21D919A300D134A6DE10E7C8514319BAAD3694E9BA9A3CEFB25696C76835F67C62F97E799FC91877576C38B25CBA7CEE223F00A30CBAE423C022122C6F04E17542F7C826F73DD908FD41D1E852CA842CECFF7FD41C41D68DB435625367BEDB3C09C4797F62FA95DF157F65F834838CA0FF1E8D67310580F35A27348ED7E27C7DCBE0B7732706A2E22B2B9853CAF7E76125B7ABB65A93B9AA88F93B1E04E553A2993A7C21C580B826A652A45F52168CF06602AA4754DA7EA4663460C331E15D2E36B31A51E12EE4
    02/11 14:26:55 [3284] 14:26:55=>Send HTTP REQUEST
    02/11 14:26:55 [3284] 14:26:55=>HTTP REQUEST sent
    02/11 14:26:55 [3284] <SendUrlAndReceiveResponse:>SMS return=200
    02/11 14:26:55 [3284] <ParseHTTPStatusCode:>200=>200 OK
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>Received LU Info :  Moniker: {812CD25E-1049-4086-9DDD-A4FAE649FBDF} Target Seq:100210020 Response header: HTTP/1.1 200 OK

    Via: 1.1 CERBERUS

    Connection: close

    Proxy-Connection: close

    Content-Length:860168

    Date: Thu, 11 Feb 2010 19:26:48 GMT

    Content-Type: text/html

    Server: Microsoft-IIS/6.0

    Sem-LUPath: /content/{812CD25E-1049-4086-9DDD-A4FAE649FBDF}/100210020/Full.zip

    Sem-LUFull: 1

    Sem-LUDeltaBaseSeqName:

    Sem-PackageType: 1

    Sem-DeltaMethod: 1




    02/11 14:26:55 [3284] <FindHeader>Sem-LUFull:=>1
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>Sem-LUFull:1
    02/11 14:26:55 [3284] <FindHeader>Sem-PackageType:=>1
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>Sem-PackageType:1
    02/11 14:26:55 [3284] <FindHeader>Sem-DeltaMethod:=>1
    02/11 14:26:55 [3284] <FindHeader>Sem-LUPath:=>/content/{812CD25E-1049-4086-9DDD-A4FAE649FBDF}/100210020/Full.zip
    02/11 14:26:55 [3284] <FindHeader>Content-Length:=>860168
    02/11 14:26:55 [3284] <UpdateLUFileList:>Updating existing Download File List with : {812CD25E-1049-4086-9DDD-A4FAE649FBDF}100210020
    02/11 14:26:55 [3284] <mfn_PrepareLUContent:>Requesting LU Info for :  Moniker: {E5A3EBEE-D580-421e-86DF-54C0B3739522} Target Seq:100210020
    02/11 14:26:55 [3284] ************CSN=2235
    02/11 14:26:55 [3284] <GetContentFileInfoUrl:> Request is: action=52&hostid=A52294860A0102E9017456BCB125F5F0&groupid=1B40FB3D0A0102E900584E976F7BB19C&fn=[hex]7B45354133454245452D443538302D343231652D383644462D3534433042333733393532327D&cdn=[hex]6E6831303170633136&lun=[hex]6D61646861766173736A&udn=[hex]4E485248532E4E4554&lu=6&luseq=100205018,100203016,100202020,&lulasttriedseq=&lutargetseq=100210020&lucontentstate=0
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>URL: /secars/secars.dll?h=CB87DD4CFA5252F1E1FBAAB6D1E1221B66FE1F1CD9EC615FAC01D3A2B3B7EBCA3DAD097157B930FF48A299DA66E4A50FF1FA9F765E0FDE8364811190E9DB0F18D6A468BC4C8BB8859B0988E49BF1DFA91375E95F89D64967BC4A0DF42673E71F11277B0F2E0447A5B7CD2C0AB8E3D580B708F1FD6416358F6E68826EF20B6037D12B2427062FAEAB98FB4D9D5CA823DC2764F9797855897EE780961A155B5CE54B5F3C176EAC3DAAFF1D72A98A72CFE44E728F0349CEBC8FE6EF40B7FBA5AAD4EFB25696C76835F67C62F97E799FC91877576C38B25CBA7CEE223F00A30CBAE423C022122C6F04E17542F7C826F73DD908FD41D1E852CA842CECFF7FD41C41D68DB435625367BEDB3C09C4797F62FA95DF157F65F834838CA0FF1E8D67310580F35A27348ED7E27C7DCBE0B7732706A2E22B2B9853CAF7E76125B7ABB65A93B9AA88F93B1E04E553A2993A7C21C580B826A652A45F52168CF06602AA4754DA7EA4663460C331E15D2E36B31A51E12EE4
    02/11 14:26:55 [3284] <SendUrlAndReceiveResponse:>http://10.1.2.233:8014/secars/secars.dll?h=CB87DD4CFA5252F1E1FBAAB6D1E1221B66FE1F1CD9EC615FAC01D3A2B3B7EBCA3DAD097157B930FF48A299DA66E4A50FF1FA9F765E0FDE8364811190E9DB0F18D6A468BC4C8BB8859B0988E49BF1DFA91375E95F89D64967BC4A0DF42673E71F11277B0F2E0447A5B7CD2C0AB8E3D580B708F1FD6416358F6E68826EF20B6037D12B2427062FAEAB98FB4D9D5CA823DC2764F9797855897EE780961A155B5CE54B5F3C176EAC3DAAFF1D72A98A72CFE44E728F0349CEBC8FE6EF40B7FBA5AAD4EFB25696C76835F67C62F97E799FC91877576C38B25CBA7CEE223F00A30CBAE423C022122C6F04E17542F7C826F73DD908FD41D1E852CA842CECFF7FD41C41D68DB435625367BEDB3C09C4797F62FA95DF157F65F834838CA0FF1E8D67310580F35A27348ED7E27C7DCBE0B7732706A2E22B2B9853CAF7E76125B7ABB65A93B9AA88F93B1E04E553A2993A7C21C580B826A652A45F52168CF06602AA4754DA7EA4663460C331E15D2E36B31A51E12EE4
    02/11 14:26:55 [3284] 14:26:55=>Send HTTP REQUEST
    02/11 14:26:55 [3284] 14:26:55=>HTTP REQUEST sent
    02/11 14:26:55 [3284] <SendUrlAndReceiveResponse:>SMS return=200
    02/11 14:26:55 [3284] <ParseHTTPStatusCode:>200=>200 OK
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>Received LU Info :  Moniker: {E5A3EBEE-D580-421e-86DF-54C0B3739522} Target Seq:100210020 Response header: HTTP/1.1 200 OK

    Via: 1.1 CERBERUS

    Connection: close

    Proxy-Connection: close

    Content-Length:76785

    Date: Thu, 11 Feb 2010 19:26:49 GMT

    Content-Type: text/html

    Server: Microsoft-IIS/6.0

    Sem-LUPath: /content/{E5A3EBEE-D580-421e-86DF-54C0B3739522}/100210020/Full.zip

    Sem-LUFull: 1

    Sem-LUDeltaBaseSeqName:

    Sem-PackageType: 1

    Sem-DeltaMethod: 1




    02/11 14:26:55 [3284] <FindHeader>Sem-LUFull:=>1
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>Sem-LUFull:1
    02/11 14:26:55 [3284] <FindHeader>Sem-PackageType:=>1
    02/11 14:26:55 [3284] <mfn_RequestLUContentInfo:>Sem-PackageType:1
    02/11 14:26:55 [3284] <FindHeader>Sem-DeltaMethod:=>1
    02/11 14:26:55 [3284] <FindHeader>Sem-LUPath:=>/content/{E5A3EBEE-D580-421e-86DF-54C0B3739522}/100210020/Full.zip
    02/11 14:26:55 [3284] <FindHeader>Content-Length:=>76785
    02/11 14:26:55 [3284] <UpdateLUFileList:>Updating existing Download File List with : {E5A3EBEE-D580-421e-86DF-54C0B3739522}100210020
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_SERVER_ONLINE
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
    02/11 14:26:55 [3284] <ScheduleNextUpdate>Reset Heartbeat factor index, hearbeat=3600 seconds
    02/11 14:26:55 [3284] HEARTBEAT: Check Point 6
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>===REQUESTING PLUG-IN OP-STATE: AVMan
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>===REQUESTING PLUG-IN OP-STATE: GUP
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>===REQUESTING PLUG-IN OP-STATE: LUMan
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>===REQUESTING CMC OP-STATE ===
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_SERVER_REQUIRES_CLIENT_SESTATE
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_SERVER_REQUIRES_CLIENT_SESTATE, return=0
    02/11 14:26:55 [3284] ReasonDescForFailure*** = Host Integrity check is disabled.
    02/11 14:26:55 [3284] ReasonDescForFailure*** = Host Integrity check is disabled.
    02/11 14:26:55 [3284] *** = <SSAInfo NameSpace="rpc" AgentID="A52294860A0102E9017456BCB125F5F0" ComputerID="BD5EDDAD0A0102E9017456BC1C831547" HardwareKey="222F833EFE216658DA61C2A38272067C" GroupID="774C36980A0102E901E6CECCC0410D9D">

    <AgentHIInfo Status="3" ReasonCode="105" ReasonDescForFailure="Host Integrity check is disabled."/>

    <SSAHostInfo>

    <NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc=""/>

    <SSAProduct Version="11.0.5002.333"/>

    <SSAOS Version="5.1.2600" Desc="Windows XP Professional " Type="17105154" ServicePack="Service Pack 3" Language="9"/>

    <Processor ProcessorType="x86 Family 6 Model 15 Stepping 11" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <Disk Letter="C:\" Size="79867465728"/>

    <BIOS Version="DELL   - 15"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01/13/2010 14:26:03 837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <Deuce Signature="100205001"/>

    <SSAUTC Bias="300"/>

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs><Firewall OnOff="1" Installed="1"/>

    </SSAHostInfo>

    <RebootRequired Status="0"></RebootRequired>

    <InstalledFeatures><Feature Id ="256"/></InstalledFeatures>

    </SSAInfo>


    02/11 14:26:55 [3284] <mfn_PostAgentInfo>Volatile op-state damper: 0, Interval passed: 1265916415
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>Free memory difference: 2675019776, Threshold: 0
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>Free disk space difference: 55446335488, Threshold: 0
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_SYLINK_QUERY_COMMANDSTATUS
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_SYLINK_QUERY_COMMANDSTATUS, return=0
    02/11 14:26:55 [3284] <mfn_PostAgentInfo><?xml version='1.0' encoding='UTF-8' ?>

    <SESAgentOpState AgentID="A52294860A0102E9017456BCB125F5F0" Timestamp="1265916415637"><TechID Name="AVMan"><Data><![CDATA[<avstate version="1.0"><RTVScanRunning>1</RTVScanRunning><PatternFileRevision>24</PatternFileRevision><UsingPattern>3183640</UsingPattern><PatternFileSequence>107056</PatternFileSequence><PatternFileDate>28010A000000</PatternFileDate><TimeOfLastVirus>000000000000</TimeOfLastVirus><TimeOfLastScan>28010B0A0002</TimeOfLastScan><WorstInfectionType>9999</WorstInfectionType><OnOff>1</OnOff><SymProtectOnOff>1</SymProtectOnOff><SymSentryInstalled>0</SymSentryInstalled><SavProductVersion>19011542</SavProductVersion><Licensed>0</Licensed><LicenseStatus>0</LicenseStatus><LicenseExpirationTime>000000000000</LicenseExpirationTime><DecAbiVer>1.2.5</DecAbiVer><EraserEngineVer>7143426:196620</EraserEngineVer><Moniker Id="{C25CEA47-63E5-447b-8D95-C79CAE13FF79}" Version="1.5.0" Seq="80929017" Owner="SyKnAppS"  /><Moniker Id="{E5A3EBEE-D580-421e-86DF-54C0B3739522}" Version="MicroDefsB.CurDefs" Seq="100205018" Owner="SyKnAppS"  /><Moniker Id="{812CD25E-1049-4086-9DDD-A4FAE649FBDF}" Version="MicroDefsB.CurDefs" Seq="100205018" Owner="SyKnAppS"  /><Moniker Id="{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}" Version="6.1.0" Seq="80820001" Owner="COH"  /><Moniker Id="{C13726A9-8DF7-4583-9B39-105B7EBD55E2}" Version="6.1.0" Seq="80820001" Owner="COH"  /></avstate>]]></Data></TechID><TechID Name="GUP"><Data><![CDATA[<?xml version='1.0' encoding='UTF-8' ?>
    <GupStatus IsGup="0" NameSpace="rpc" ComputerID="BD5EDDAD0A0102E9017456BC1C831547"/>]]></Data></TechID><TechID Name="SEP"><Data><![CDATA[<SSAInfo NameSpace="rpc" AgentID="A52294860A0102E9017456BCB125F5F0" ComputerID="BD5EDDAD0A0102E9017456BC1C831547" HardwareKey="222F833EFE216658DA61C2A38272067C" GroupID="774C36980A0102E901E6CECCC0410D9D">

    <AgentHIInfo Status="3" ReasonCode="105" ReasonDescForFailure="Host Integrity check is disabled."/>

    <SSAHostInfo>

    <NetworkIdentity UserDomain="NHRHS.NET" LogonUser="madhavassj" HostDomain="nhrhs.net" HostName="nh101pc16" HostDesc=""/>

    <SSAProduct Version="11.0.5002.333"/>

    <SSAOS Version="5.1.2600" Desc="Windows XP Professional " Type="17105154" ServicePack="Service Pack 3" Language="9"/>

    <Processor ProcessorType="x86 Family 6 Model 15 Stepping 11" ProcessorClock="2327" ProcessorNum="2"/>

    <Memory Size="3477643264"/>

    <Disk Letter="C:\" Size="79867465728"/>

    <BIOS Version="DELL   - 15"/>

    <TpmDevice Id="0"/>

    <SSAProfile Version="5.0.0" SerialNumber="774C-01/13/2010 14:26:03 837"/>

    <SSAIDS Version="" SerialNumber=""/>

    <Deuce Signature="100205001"/>

    <SSAUTC Bias="300"/>

    <DNSs><DNS Address="10.1.2.14"/><DNS Address="10.1.2.8"/></DNSs>

    <WINSs><WINS Address="10.1.2.14"/></WINSs>

    <SSANICs><SSANIC Ip="10.1.101.16" Mac="00-21-9b-7c-3a-b9" Gateway="10.1.2.1" SubnetMask="255.255.0.0"/></SSANICs><Firewall OnOff="1" Installed="1"/>

    </SSAHostInfo>

    <RebootRequired Status="0"></RebootRequired>

    <InstalledFeatures><Feature Id ="256"/></InstalledFeatures>

    </SSAInfo>

    ]]></Data></TechID><TechID Name="SEP"><Data><![CDATA[<SSAInfo NameSpace="rpc" AgentID="A52294860A0102E9017456BCB125F5F0" ComputerID="BD5EDDAD0A0102E9017456BC1C831547" HardwareKey="222F833EFE216658DA61C2A38272067C" GroupID="774C36980A0102E901E6CECCC0410D9D">

    <SSAHostInfo>

    <Memory Free="2675019776"/>

    <Disk Letter="C:\" Free="55446335488"/>

    </SSAHostInfo>

    </SSAInfo>

    ]]></Data></TechID></SESAgentOpState>
    02/11 14:26:55 [3284] ************CSN=2236
    02/11 14:26:55 [3284] <mfn_MakePostUrl:>Request is: action=192&hostid=A52294860A0102E9017456BCB125F5F0&chk=FBEC6167FDECB4610AA247D13F0998BA&ck=475840472E58228AA1D1DE17905ACA69&uchk=1FB0E63BF41689B2E6355D0462198D84&uck=C7A0B69CD82B7FFE6F058173858C2CBA&as=2236&cn=[hex]6E6831303170633136&lun=[hex]6D61646861766173736A&udn=[hex]4E485248532E4E4554
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>http://10.1.2.233:8014/secars/secars.dll?h=9D39FF3E90646B35CD611916041CF6439BA9DD5092C13AE2CE6ABABC832CB87F7F4D3612D3DAE178525DBE4BE3F401690A6E6E2F8F4A0E4871373B52B89CD80A58A824A358EE888CD248B83CF4FF549C851A65D5CF603B55057B6B5067E78E8D8C51447D1E24DD1468E4196C09E97FCD61174CFC10DA7D0328A0D3B40435E6618D754DBA9A77BD783A3C8E9F261C1969F6855E730D9D2D9763520083CB573ED6972368AB90F9734612DE110EC48B1EE5042D5DA0FD89CB74F2B457713D56C7A91AEBC70EA943F3C170560B5FD0386FE29E7E120E55BD863A512C8A1D7FC75D0D778BEE771C958ED261D796B41E924749AD6D7C30A978869920AA96AEF049B441446033EA61E78AD659EC73D5F09CACA250AF8C5C42F3DA1C4EA63258D1F063EA1F092E7815B2869BF3AE3A7EB58B0CDF
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>POST the total size=1492
    02/11 14:26:55 [3284] <mfn_PostAgentInfo>Done with return code = 407
    02/11 14:26:55 [3284] <IndexHeartbeatProc>===UPLOAD STAGE===
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG, return=0
    02/11 14:26:55 [3284] <IndexHeartbeatProc>===PREPARE EVENT LOG STAGE===
    02/11 14:26:55 [3284] <PrepareEventLog>initialized technology extension processing ok
    02/11 14:26:55 [3284] <CalcEventLogIndex>Need to send Event Log Type(0) from id 50 to 59
    02/11 14:26:55 [3284] <PrepareEventLog>Allow total logs to send=10
    02/11 14:26:55 [3284] <PrepareEventLog>nSecurityRecordsTotal=0
    02/11 14:26:55 [3284] <PrepareEventLog>nSecurityRecordsToSend=0
    02/11 14:26:55 [3284] <PrepareEventLog>nSystemRecordsTotal=10
    02/11 14:26:55 [3284] <PrepareEventLog>nSystemRecordsToSend=100
    02/11 14:26:55 [3284] <PrepareEventLog>nTrafficRecordsTotal=0
    02/11 14:26:55 [3284] <PrepareEventLog>nTrafficRecordsToSend=0
    02/11 14:26:55 [3284] <PrepareEventLog>nRawRecordsTotal=0
    02/11 14:26:55 [3284] <PrepareEventLog>nRawRecordsToSend=0
    02/11 14:26:55 [3284] <PrepareEventLog>nProcessRecordsTotal=0
    02/11 14:26:55 [3284] <PrepareEventLog>nProcessRecordsToSend=0
    02/11 14:26:55 [3284] <PrepareEventLog>nLANSensorRecordsTotal=0
    02/11 14:26:55 [3284] <PrepareEventLog>nLANSensorRecordsToSend=0
    02/11 14:26:55 [3284] <PrepareEventLog>nTechExtensionRecordsTotal=0
    02/11 14:26:55 [3284] <PrepareEventLog>nTechExtensionRecordsToSend=0
    02/11 14:26:55 [3284] <MakeSystemLog>The size of SYSTEM event logs is 4143.
    02/11 14:26:55 [3284] <SyLink>The size of SYSTEM event logs is 4143.
    02/11 14:26:55 [3284] <MakeSecurityLog>Attached total 0 bytes SECURITY event logs.
    02/11 14:26:55 [3284] <MakeTrafficLog>Attached total 0 bytes TRAFFIC event logs.
    02/11 14:26:55 [3284] <MakeRawTrafficLog>Attached total 0 bytes RAW TRAFFIC event logs.
    02/11 14:26:55 [3284] <MakeProcessLog>Attached total 0 bytes process event logs.
    02/11 14:26:55 [3284] <IndexHeartbeatProc>===COMPRESS EVENT LOG STAGE===
    02/11 14:26:55 [3284] <IndexHeartbeatProc>===SEND EVENT LOG STAGE===
    02/11 14:26:55 [3284] ************CSN=2237
    02/11 14:26:55 [3284] <mfn_MakePostUrl:>Request is: action=195&hostid=A52294860A0102E9017456BCB125F5F0&chk=FBEC6167FDECB4610AA247D13F0998BA&ck=475840472E58228AA1D1DE17905ACA69&uchk=1FB0E63BF41689B2E6355D0462198D84&uck=C7A0B69CD82B7FFE6F058173858C2CBA&groupid=1B40FB3D0A0102E900584E976F7BB19C&as=2237&cn=[hex]6E6831303170633136&lun=[hex]6D61646861766173736A&udn=[hex]4E485248532E4E4554
    02/11 14:26:55 [3284] <SendEventLogToServer>http://10.1.2.233:8014/secars/secars.dll?h=A99226AAD0751B5B574C4AF161565AFD9BA9DD5092C13AE2CE6ABABC832CB87F7F4D3612D3DAE178525DBE4BE3F401690A6E6E2F8F4A0E4871373B52B89CD80A58A824A358EE888CD248B83CF4FF549C851A65D5CF603B55057B6B5067E78E8D8C51447D1E24DD1468E4196C09E97FCD61174CFC10DA7D0328A0D3B40435E6618D754DBA9A77BD783A3C8E9F261C1969F6855E730D9D2D9763520083CB573ED6972368AB90F9734612DE110EC48B1EE5042D5DA0FD89CB74F2B457713D56C7A99E837728852481AECDAB4DB0571C6101ECA34E3872C172E5DE450FAAF468F69E399FA8207CFB5EA6D0858A77ABE7827F595AC0A5C777F20F95D1A1331C781D24EBF4B281272B444BAE18528D85C242A669BB2BF9E984476F7B3E79B10455CE7EC167E55B46B41590F1A5FB60EBB8541F9B12B4C97E295E7E7492424731A1466971B066FCDE03C538594D120170698EBB036EBAC323ECAF759391D7993CDD7F52
    02/11 14:26:55 [3284] <SendEventLogToServer>eventlog-->SMS, size=918
    02/11 14:26:55 [3284] <SendEventLogToServer>No EndQuest result
    02/11 14:26:55 [3284] <IndexHeartbeatProc>===SEND EVENT LOG FAILED!!===
    02/11 14:26:55 [3284] <IndexHeartbeatProc>Communication Mode=1(Pull mode)
    02/11 14:26:55 [3284] HEARTBEAT: Check Point 8
    02/11 14:26:55 [3284] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    02/11 14:26:55 [3284] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    02/11 14:26:55 [3284] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 14:26:55 ======
    02/11 14:26:55 [3284] <IndexHeartbeatProc>Set Heartbeat Result= 2
    02/11 14:26:55 [3284] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 0, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
    02/11 14:26:55 [3284] Use new configuration
    02/11 14:26:55 [3284] HEARTBEAT: Check Point Complete
    02/11 14:26:55 [3284] <IndexHeartbeatProc>Done, Heartbeat=3600seconds
    02/11 14:26:55 [3284] </CSyLink::IndexHeartbeatProc()>
    02/11 14:26:55 [3284] <CheckHeartbeatTimer>====== Heartbeat loop stops at 14:26:55 ======
    02/11 14:27:16 [3656] <CExpBackoff::CExpBackoff()>
    02/11 14:27:16 [3656] </CExpBackoff::CExpBackoff()>
    02/11 14:27:16 [3656] SyLinkCreateConfig => Created instance: 01AE3460
    02/11 14:27:16 [3656] Importing ConfigObject: 01B88F78 into: 01AE3460
    02/11 14:27:16 [3656] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 01AE3460
    02/11 14:27:16 [3656] <CRandomDelay::CRandomDelay()>
    02/11 14:27:16 [3656] Random delay window: 0hour 5min 0sec
    02/11 14:27:16 [3656] Computed random delay:0hour 2min 49sec 0millisec
    02/11 14:27:16 [3656] </CRandomDelay::CRandomDelay()>
    02/11 14:27:16 [3656] <LUThreadProc>Waiting for: 169000 milliseconds to start downloading LU contents
    02/11 14:27:16 [2120] <CSyLink::mfn_DownloadNow()>
    02/11 14:27:16 [2120] </CSyLink::mfn_DownloadNow()>



  • 3.  RE: SEP Client Communication - ISA 2004 - RU5



  • 4.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 11, 2010 03:15 PM
    vikram,

    Thanks for your reply.  We are running ISA Firewall Client on each PC.  The firewall client should pull authentication from the users login.  This is how they get on the net, use e-mail, etc.  The second link you posted is the same one I posted in my initial post.  Clients update properly and report status after that registry edit.  The only problem is that it doesn't stick.  They continue to receive virus defs, but do not report scan or def date back to the SEPM.

    - madhavassj


  • 5.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 11, 2010 03:33 PM
     When your clients go out to the internet do they have to supply any credentials ?


  • 6.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 11, 2010 03:58 PM
    When users login with their domain accounts, they don't have to supply credentials.  IE settings on all machines are set to manual proxy. Since they are logged in as a domain user, it should auto pull from that login.  If I set IE to auto detect, and then choose a specific server setting in the F\W client, the client then pulls authentication from the login.



  • 7.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 12, 2010 08:07 AM
    Anyone else have any ideas?


  • 8.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 22, 2010 07:31 AM
    Still sitting at the same status after another week.  Can anyone offer other suggestions?


  • 9.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 22, 2010 07:38 AM
    Can you bypass proxy for some clients for testing?
     


  • 10.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 22, 2010 07:45 AM
    As far as I'm being told, the proxy has to tell the machine to go direct.  There isn't a policy setting that can set this on the client.  :(


  • 11.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 22, 2010 08:44 AM
    Things to check:

    Do you have "Web Proxy Auto Discovery" enabled in your network? (tip, trying "ping wpad" from a command prompt - if you get a response, the answer is "yes")

    If so, your easiest option is probably simply adding the SEP managers to the configured exclusions in wpad.dat

    See http://technet.microsoft.com/en-us/library/cc713344.aspx for further details (or google "Web Proxy Auto Discovery")

    Note, by default the "Automatically detect settings" option is ticked in internet options, this means it applies to anything running under the local system account as well (which applies to smc.exe, responsible for client-SEPM communications.)

    Hope this helps.


  • 12.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 22, 2010 08:51 AM
    I can bypass the proxy yes.  This has worked in the past but what happens is that it will revert back to using that manual proxy setting. 

    Gammhunn - I think this is where you are right.  WPAD does seem like the correct answer.  I'll look into this and let you know what I find out.



  • 13.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 22, 2010 10:02 AM
    No dice on WPAD.  Nothing is returned when I go to ping it.  Any other ideas?


  • 14.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 22, 2010 12:58 PM
    In addition to all that is happening, a good deal of machines are now receiving a crypt32 error.  It's practically flooding the Event Log. 

    Could this be the SYSTEM account not recieving proxy information or using the incorrect proxy information?


  • 15.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 01:12 AM
    If it is working with out ant problem while by passing the proxy and with proxy if it is giving problem ,the problem may be with your proxy.Sometimes proxy will corrupt the virus defs. 


  • 16.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 06:11 AM
    That would be correct (and expected)

    What you need to do is allow unauthenticated access to the windows update servers through your proxy/firewall (I beleive there might already be a ruleset for this) See support.microsoft.com/kb/885819 for details.




  • 17.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 07:52 AM
    I will work on the crypt32 changes on our ISA 2004 server.  My only worry is that this workaround will only fix the issue regarding crypt32, but not my client communication problem.  I can bypass the proxy on the current user's account but it will revert back to a manual proxy due to the system account.  How can I globally change those settings so they stick on every machine?


  • 18.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 08:18 AM
    what is the value set here?

    http://support.microsoft.com/kb/195730

     


  • 19.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 10:13 AM
    This is the proxy setting for the SYSTEM account which SMC uses.  I changed this to a value of 0 about a week ago.  It reverted back to a 1.

    system_internet.jpg


  • 20.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 10:16 AM
    This could be the issue. Try this

    Client is not appearing in Symantec Endpoint Protection Manager (SEPM), error: HTTP returns status code=407

    http://service1.symantec.com/support/ent-security.nsf/docid/2008051309225748 


  • 21.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 10:26 AM
    Rafeeq,

    Thanks for the info man, but I have already tried that.  I posted that link in my initial post.  I'm so lost now, I don't know where to go. :\  It's just so bizarre.


  • 22.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 10:28 AM
    yes i know, earlier you mentioned that the value was 0, why 1 now?
    its because this proxy setting its not able to communicate.
    do you use a pac file? clear out all the internet settings and try again. 


  • 23.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 01:59 PM
    I do not believe we use a pac file.  We do however have an auto config for ISA 2004 firewall client which we do not use.  Below are a few typical setups we can use.

    Default proxy setup of our network:

    proxy1.JPG

    Auto Detect settings so everything passes through the Firewall Client:

    proxy2.JPG


  • 24.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 02:14 PM
    if you bypass things are fine , right?
    now we need to check what your system account uses to communicate, can you open a cmd prompt , with system account and open internet explorer with that, check the settings after that, use this link

    http://blogs.msdn.com/adioltean/articles/271063.aspx 


  • 25.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 02:23 PM
    OK - let's see if I can explain this in another way.

    smc.exe (and all the other Symantec Services for that matter) runs with the "SYSTEM" account by default. The screenshots above show user settings.

    Here's what happens:

    smc.exe requires http access, but it relies on the OS to provided that. Since smc.exe runs with "SYSTEM" credentials, the settings that are applied to the system account is what will be used to get that http connection (either to the manager)

    since you have web proxy autodiscovery configured in your environment, this effectively means the client will download http://wpad/wpad.dat (most likely) and apply these settings as it's proxy settings. This is why you see the entries return in the registry, and it will keep on doing this because it's what it is configured to do.

    The wpad.dat is a simple text file that can be examined in a text editor of your choice.

    A very simple, but effective way of testing this is the following (on a test system of course).

    From a command prompt enter the following: at 19:30 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe"

    This will create a scheduled task to launch internet explorer using the system account. You can launch it by going into control panel - scheduled task, right click it and select run. You can check that it's working by looking at the task manager, iexplore.exe should be running with "SYSTEM" as it's user name, as opposed to your logon name when launched "normally"

    Using this instance of internet explorer, go into Internet options and untick the "automatically detect settings" option, then reboot the machine. At this point, anything using the system account that needs http access will not try and "auto configure" itself , so it should resolve the client-SEPM communication.

    Hope this helps - Sorry for the lack of screenshots etc, but I am in a hurry :D




  • 26.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 03:22 PM
    To read up more on Web Proxy Autodiscovery, have a look at the following:

    Web Proxy Autodiscovery Protocol (From Wikipedia)
    http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

    Automatic Discovery for Firewall and Web Proxy Clients
    http://technet.microsoft.com/en-us/library/cc713344.aspx

    WinHTTP AutoProxy Support
    http://msdn.microsoft.com/en-us/library/aa384240%28VS.85%29.aspx

    AutoProxy Issues in WinHTTP
    http://msdn.microsoft.com/en-us/library/aa383157%28VS.85%29.aspx


  • 27.  RE: SEP Client Communication - ISA 2004 - RU5

    Posted Feb 23, 2010 03:50 PM
    We don't use WPAD though.  That is the odd thing.  We have to manually set all of our proxy settings up.  There is no dat or pac file.  :\