Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP Client on SEPM does not get updates

Migration User

Migration UserAug 18, 2010 09:18 AM

Disable IE ESC and try....
Migration User

Migration UserSep 07, 2010 08:28 AM

Thank you for sharing the solution..

  • 1.  SEP Client on SEPM does not get updates

    Posted Aug 12, 2010 09:26 AM
    Hi. I created a Windows 2008 R2 Enterprise virtual server (Hyper-v)and I installed SEPM and the MS WSUS Role on the server (different ports each program). I installed the SEP client on various machines and all are connecting and getting updates just fine except the client I installed on the SEPM itself. I tried the troubleshootong guides about connectivity issues but with no result. Any ideas?


  • 2.  RE: SEP Client on SEPM does not get updates

    Posted Aug 12, 2010 09:35 AM
    Do you have any proxy settings in IE.if yes try by bypassing it
    Check for the registry entries.
     
    1. HKCU\SOFTWARE\Microsoft\Windows\Currentversion\Internet settings Click on the internet setting key check for the keys called "ProxyEnable" if it is set to 1 then change it to 0 also check if there is a registry value called "GlobalUserOffline" if it is present delete it
    2. Now expand Internet settings key and take a backup of the "Connections" key, Delete the entire key
     
    3. Check HKU\.Default\SOFTWARE\Microsoft\Windows\Currentversion\Internet settings Click on the internet setting key check for the keys called "ProxyEnable" if it is set to 1 then change it to 0 also check if there is a registry value called "GlobalUserOffline" if it is present delete it
     
    4. expand "Internet settings" key in the above said location and take a backup of the "Connections" key, Delete the entire key
     
    5. Reboot the machine.


  • 3.  RE: SEP Client on SEPM does not get updates

    Posted Aug 12, 2010 09:53 AM

    You should check the policy serial number on the client to see if it matches the serial number that appears in the management console. If the client communicates
    with the management server and receives regular policy updates, the serial numbers should match.
     
    If the policy serial numbers do not match, you can try to manually update the policies on the client computer and check the troubleshooting logs.
     
    To view the policy serial number in the management console
    1. In the management console, click Clients.
    2. Under "View Clients", select the relevant group, and then select the Details tab.
     
    The policy serial number and the policy date appear at the bottom of the details list.
     
    To view the policy serial number on the client
    On the client computer, in the client user interface, click on the Help and Support button, select Troubleshooting.
    In the Management section, look at the policy serial number.
     
     
    The serial number should match the serial number of the policy that the management server pushes to the client.
     
     
    About performing a manual policy update to check the policy serial number
    You can perform a manual policy update to check whether or not the client receives the latest policy update. If the client does not receive the update, there might be
    a problem with the client and server communication.
     
    You can try a manual policy update by doing any of the following actions:
     
     
    In the client click on the Help and Support button, click Troubleshooting.  Under Policy Profile, click Update. You can use this method if you
    want to perform a manual update on a particular client.
     
    For the clients that are configured for pull mode, the management server downloads policies to the client at regular intervals (heartbeat). You can change
    the heartbeat interval so that policies are downloaded to the client group more quickly. After the heartbeat interval, you can check to see if the policy serial
    numbers match. (For the clients that are configured for push mode, the clients receive any policy updates immediately.)
     
     
    After you run a manual policy update, make sure that the policy serial number that appears in the client matches the serial number that appears in the
    management console.
     
    Using a browser to test the connectivity to the management server
    You can use a Web browser to test the connectivity to the management server.
     
    To use a browser to test the connectivity to the management server:
     
     
    On the client computer open a Web browser, such as Internet Explorer.
    In the browser command line, type a command that is similar to either of the following commands:
     
    http://<management server IP address>:<port used by the SEPM website>/reporting/index.php
     
    If the reporting log-on Web page appears, the client can communicate with the management server.
     
     
    http://<management server name>:9090
     
    If the Symantec Endpoint Protection Manager Console page appears, the client can communicate with the management server.
     
     
    If a Web page does not appear, check for any network problems. Verify the DNS service for the client and check its routing path.
     
     
    Using Telnet to test the connectivity to the management server
    You can use Telnet to test the connectivity to the IIS server on the management server. If the client can Telnet to the management server's HTTP or HTTPS port,
    the client and the server can communicate. The default HTTP port is 8014 (80 for the earlier builds of SEP); the default HTTPS port is 443.
     
    Note: You might need to adjust your firewall rules so that the client computer can Telnet into the management server.
     
    For more information about the firewall, see the Administration Guide for Symantec Endpoint Protection and Symantec Network Access Control.
     
    To use Telnet to test the connectivity to the management server
    On the client computer, make sure the Telnet service is enabled and started.
    Open a command prompt and enter the Telnet command. For example:
     
    telnet ip address 8014
     
    where ip address is the IP address of the management server.
     
     
    If the Telnet connection fails, verify the client's DNS service and check its routing path.
     
     
     
    Verify the Windows Firewall is not enabled on the management server (SEPM) or the client.
     
    Windows Server 2003:
    Use the netsh command line to disable the firewall:
     
    netsh firewall set opmode mode = disable
     
    Windows Server 2008 
    Server 2008 uses a profile based approach to the firewall settings.  Again, use the netsh command but you will need to specify profile you want to configure (or disable in this case):
     
    netsh advfirewall set <profile> state off
     
    Values for <profile> are as follows:
     
    allprofiles - change the settings for all the profiles.
    currentprofile  -  change the setting for just the current profile.
    domainprofile - change the settings for the domain profile.
    privateprofile - change the settings for the private profile.
    publicprofile - change the settings for the public profile.
     
    If SEPM and it's associated processes (Tomcat, IIS, etc..) are the only applications on this server, we recommend using the "allprofiles" profile for the command line; otherwise choose the appropriate profile.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008091215040048


  • 4.  RE: SEP Client on SEPM does not get updates

    Posted Aug 12, 2010 02:18 PM

    Does the SEP client on the SEPM have the green dot?  Also, silly question but: is the SEP client actually showing as managed under Help & Support > Troubleshooting?

    Sylink debugging will be probably the best bet for tracking down either a.) why communication is not happening in the case of no green dot, or b.) why definition updates are not applying if there is a green dot.

    Title: 'How to enable Sylink Debugging for Symantec Endpoint Protection in the registry'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008041812561948

    sandra


  • 5.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 09:50 AM
    Regarding what Aravind wrote I tried checking these registry entries and no proxy settings exist. I deleted the connections he mentioned but with no result.

    Regarding what Sandip_Sali & sandra.g wrote:

    1. The client is installed ON the Management Server.
    2. The client has the green dot and is shown as managed and in contact with the management server (which is himself)
    3. The management console shows the client as not reporting!!!
    4. The firewall service is off for all network types.
    5. The policy serial number is not changing either automatically or manually updated.
    6. The  http://<management server IP address>:<port used by the SEPM website>/reporting/index.phphttp://<management server IP address>:<port used by the SEPM website>/reporting/index.php works correctly
    7. The http://<management server name>:9090 works correctly
    8. The telnet access on port 8014 works correctly, the 443 SSL port is not configured for access.

    Thats all.
    Any more ideas??



  • 6.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 09:56 AM
    Try by repairing the SEP client from add/remove programs...


  • 7.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 10:38 AM

    Enabled sylink dumb logging as sandra.g suggested and I attach the log. Please note that I allready have tried uninstalling/installing/repairing the client several times with no results.

    08/17 17:14:47 [2636] ~~~Sylink log started. (SEP Product Version in registry: 11.0.6005.562, Sylink File Version: 11.0.6005.440)
    08/17 17:14:47 [2636] Stored HostGUID=F60F620A0A00004D00C22978A0B1F17F; outlen=16
    08/17 17:14:47 [2636] <RestoreSettings>Stored UserGuid=0; outlen=2
    08/17 17:14:47 [2636] <mfn_DecodeSSN>Sygate-SSN=276
    08/17 17:14:47 [2636] <mfn_DecodeSSN>Read CSN=277
    08/17 17:14:47 [2636] <mfn_DecodeSSN>Sygate-SSN=5
    08/17 17:14:47 [2636] <mfn_DecodeSSN>Read CSN=6
    08/17 17:14:47 [2636] Product Type=3,Major Ver=6,Minor Ver=1,Platform ID=18,OSType=50725138
    08/17 17:14:47 [2636] OS=Windows Server 2008 Enterprise Edition; number=6.1.7600
    08/17 17:14:47 [2636] SyLinkCreateInstance => Instance created: 00000000042E0080 Registry path: SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK
    08/17 17:14:47 [2636] <GetOnlineNicInfo>:Netport Count=0
    08/17 17:14:47 [2636] <GetOnlineNicInfo>:NicInfo
    08/17 17:14:47 [2636] SyLinkCreateConfig => Created instance: 0000000003A19800
    08/17 17:14:47 [2636] UseNewConfig => Created m_hNewConfig: 0000000003A19800
    08/17 17:14:47 [2636] Importing ConfigObject: 0000000003A17420 into: 0000000003A19800
    08/17 17:14:47 [2636] Importing ConfigObject: 0000000003A17420 into: 00000000042FC190
    08/17 17:14:47 [2636] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/17 17:14:47 [2636] SSA packageType is set as 105
    08/17 17:14:47 [2636] SyLinkDeleteConfig => Deleting instance: 0000000003A17420
    08/17 17:14:47 [2636] <SetHiStatus>HI status is changed to=3; reason=105; rule=Host Integrity check is disabled.
     Host Integrity policy has been disabled by the administrator.
    08/17 17:14:47 [2636] SyLinkCreateConfig => Created instance: 00000000044D69D0
    08/17 17:14:47 [2636] SetCurLocationName: Name is set to - Default
    08/17 17:14:47 [2636] SetCurLocationID: ID is set to - 8ED1035D0A01021B0046AA6157B6D0D7
    08/17 17:14:47 [2636] SyLinkCreateConfig => Created instance: 00000000044D8DB0
    08/17 17:14:47 [2636] RemeberCurrentGroup=0,RememberCurrentPolicyMode=0
    08/17 17:14:47 [2636] Importing ConfigObject: 00000000044D8DB0 into: 0000000003A19800
    08/17 17:14:47 [2636] Importing ConfigObject: 00000000044D8DB0 into: 00000000042FC190
    08/17 17:14:47 [2636] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/17 17:14:47 [2636] SyLinkDeleteConfig => Deleting instance: 00000000044D8DB0
    08/17 17:14:47 [2636] SyLinkDeleteConfig => Deleting instance: 00000000044D69D0
    08/17 17:14:47 [3600] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
    08/17 17:14:47 [2636] <CSyLink::Start()>
    08/17 17:14:47 [2636] <Start>PreferredGroup in sylink.xml has been saved into registry: My Company\Ktima Offices\Servers
    08/17 17:14:47 [2636] <Start>PreferredMode in sylink.xml has been saved into registry: 1
    08/17 17:14:47 [2636] <CSyLink::ImportConfigFile()>
    08/17 17:14:47 [2636] </CSyLink::ImportConfigFile()>
    08/17 17:14:47 [2636] <GetDomainHostName>msz_DomainName is taken from szDomainName
    08/17 17:14:47 [2636] <GetDomainHostName>DomainName (Final)=ktimaoffices.net
    08/17 17:14:47 [2636] <HWID CSyLink::GetHardwareKey> Get Hardware ID
    08/17 17:14:48 [2636] <HWID CSyLink::GetHardwareKey> Hardware ID assigned: E51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:48 [2636] <Start>Unable to create Session with 'No Proxies' settings - Error Code: 87
    08/17 17:14:48 [2636] <CSyLink::LoadLUInfo> Previous LU data was not loaded or found
    08/17 17:14:48 [1384] <HeartbeatThreadProc:>Thread is about to begin..
    08/17 17:14:48 [3508] Successfully created the heartbeat thread
    08/17 17:14:48 [2636] <Start>Started, contact SMS every 300 seconds
    08/17 17:14:48 [2636] <PostEvent>going to post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/17 17:14:48 [2636] <PostEvent>done post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED, return=0
    08/17 17:14:48 [2636] </CSyLink::Start()>
    08/17 17:14:48 [3956] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
    08/17 17:14:48 [2636] <SetClientAuth>Received new User/Domain from SMC..  User: administrator User Domain: KTIMAOFFICES
    08/17 17:14:48 [2636] <SetClientAuth>Getting RDNS Domain Name (user domain in AD setup)..
    08/17 17:14:48 [2636] <GetLoginRdnsDomain>DNS domain=KTIMAOFFICES.NET
    08/17 17:14:48 [2636] <SetClientAuth>Setting the User Domain to RDNS Domain ..
    08/17 17:14:48 [2636] <SetClientAuth>Logged in user info set to: KTIMAOFFICES.NET/administrator
    08/17 17:14:48 [2636] <SetClientAuth>Marking User Change Notify to redo registration..
    08/17 17:14:49 [1384] <CheckHeartbeatTimer>====== Heartbeat loop starts at 17:14:49 ======
    08/17 17:14:49 [1384] <GetOnlineNicInfo>:Netport Count=1
    08/17 17:14:49 [1384] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    08/17 17:14:50 [1384] <CalcAgentHashKey>:CH=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:50 [1384] <CalcAgentHashKey>:CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/17 17:14:50 [1384] <CalcAgentHashKey>:C=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.net
    08/17 17:14:50 [1384] <CalcAgentHashKey>:CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/17 17:14:50 [1384] <CalcAgentHashKey>:UCH=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:50 [1384] <CalcAgentHashKey>:UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/17 17:14:50 [1384] <CalcAgentHashKey>:UC=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.net
    08/17 17:14:50 [1384] <CalcAgentHashKey>:UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/17 17:14:50 [1384] <DoHeartbeat>HardwareID=E51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:50 [1384] <DoHeartbeat>CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/17 17:14:50 [1384] <DoHeartbeat>CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/17 17:14:50 [1384] <DoHeartbeat>UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/17 17:14:50 [1384] <DoHeartbeat>UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/17 17:14:50 [1384] <DoHeartbeat> Set heartbeat event
    08/17 17:14:50 [1384] Use new configuration
    08/17 17:14:50 [1384] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 17:14:50 ======
    08/17 17:14:50 [1384] HEARTBEAT: Check Point 1
    08/17 17:14:50 [1384] <GetFirstSEMServer> Selecting a random server
    08/17 17:14:50 [1384] HEARTBEAT: Check Point 2
    08/17 17:14:50 [1384] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    08/17 17:14:50 [1384] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    08/17 17:14:50 [1384] HEARTBEAT: Check Point 3
    08/17 17:14:50 [1384] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    08/17 17:14:50 [3600] SyLinkCreateConfig => Created instance: 00000000044D6480
    08/17 17:14:50 [3600] Importing ConfigObject: 00000000042FC190 into: 00000000044D6480
    08/17 17:14:50 [3600] SyLinkDeleteConfig => Deleting instance: 00000000044D6480
    08/17 17:14:50 [1384] HEARTBEAT: Check Point 4
    08/17 17:14:50 [1384] <RegHeartbeatProc>===Registration STAGE===
    08/17 17:14:50 [1384] <MakeRegisterData:>logon id (domain/user)=KTIMAOFFICES.NET/administrator
    08/17 17:14:50 [1384] <GeneratePreferredGroupAndModeInRegistration:>Loading current group:My Company\Ktima Offices\Servers
    08/17 17:14:50 [1384] <GeneratePreferredGroupAndModeInRegistration:>Loading preferred group:My Company\Ktima Offices\Servers
    08/17 17:14:50 [1384] <GeneratePreferredGroupAndModeInRegistration:>Loading preferred mode:1
    08/17 17:14:50 [1384] <GeneratePreferredGroupAndModeInRegistration:>It will remember nothing, PreferredGroup is My Company\Ktima Offices\Servers, PreferredMode is 1
    08/17 17:14:50 [1384] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="E5B158620A01021B01223CA6D6D5B00C" AgentType="105" UserDomain="KTIMAOFFICES.NET" LoginUser="administrator" ComputerDomain="ktimaoffices.net" ComputerName="kto-wsus-av" PreferredGroup="My%20Company%5cKtima%20Offices%5cServers" PreferredMode="1" HardwareKey="E51FAFED5A10EED5DF713B1335D09EBA" SiteDomainName=""/>

    <SSAHostInfo><NetworkIdentity UserDomain="KTIMAOFFICES.NET" LogonUser="administrator" HostDomain="ktimaoffices.net" HostName="kto-wsus-av" HostDesc="" />
    <SSAProduct Version="11.0.6005.562" />
    <SSAOS Version="6.1.7600" Desc="Windows%20Server%202008%20Enterprise%20Edition" Type="50725138" ServicePack=""/>
    <Processor ProcessorType="Intel64%20Family%206%20Model%2026%20Stepping%205" ProcessorClock="1994" ProcessorNum="2"/>
    <Memory Size="4294500352"/>
    <BIOS Version="VRTUAL%20-%203000919"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="0725-08%2f12%2f2010%2010%3a58%3a32%20596"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-120" />
    <DNSs><DNS Address="10.0.0.119"/></DNSs>
    <SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    08/17 17:14:50 [1384] <SyLink>[MakeRegisterData] registration Hardware Key=E51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:50 [1384] ************Reg CSN=7
    08/17 17:14:50 [1384] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1254
    s_session_id: E51FAFED5A10EED5DF713B1335D09EBA
    Sygate-SSN: 7
    <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="E5B158620A01021B01223CA6D6D5B00C" AgentType="105" UserDomain="KTIMAOFFICES.NET" LoginUser="administrator" ComputerDomain="ktimaoffices.net" ComputerName="kto-wsus-av" PreferredGroup="My%20Company%5cKtima%20Offices%5cServers" PreferredMode="1" HardwareKey="E51FAFED5A10EED5DF713B1335D09EBA" SiteDomainName=""/>
    <SSAHostInfo><NetworkIdentity UserDomain="KTIMAOFFICES.NET" LogonUser="administrator" HostDomain="ktimaoffices.net" HostName="kto-wsus-av" HostDesc="" />
    <SSAProduct Version="11.0.6005.562" />
    <SSAOS Version="6.1.7600" Desc="Windows%20Server%202008%20Enterprise%20Edition" Type="50725138" ServicePack=""/>
    <Processor ProcessorType="Intel64%20Family%206%20Model%2026%20Stepping%205" ProcessorClock="1994" ProcessorNum="2"/>
    <Memory Size="4294500352"/>
    <BIOS Version="VRTUAL%20-%203000919"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="0725-08%2f12%2f2010%2010%3a58%3a32%20596"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-120" />
    <DNSs><DNS Address="10.0.0.119"/></DNSs>
    <SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    08/17 17:14:50 [1384] <SendRegistrationRequest:>http://kto-wsus-av.ktimaoffices.net:8014 [encrypted data]
    08/17 17:14:50 [1384] 17:14:50=>Send HTTP REQUEST
    08/17 17:14:51 [1384] 17:14:51=>HTTP REQUEST sent
    08/17 17:14:51 [1384] 17:14:51=>QUERY return code
    08/17 17:14:51 [1384] 17:14:51=>QUERY return code completed
    08/17 17:14:51 [1384] <SendRegistrationRequest:>SMS return=200
    08/17 17:14:51 [1384] <ParseHTTPStatusCode:>200=>200 OK
    08/17 17:14:51 [1384] <SendRegistrationRequest:>Content Lenght => 350
    08/17 17:14:51 [1384] HTTP returns status code=200
    08/17 17:14:51 [1384] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    08/17 17:14:51 [1384] <SendRegistrationRequest:>COMPLETED, returned 0
    08/17 17:14:51 [1384] <IsInClientIPorOnLink> NextHop is equal to10.0.0.77,return TRUE
    08/17 17:14:51 [1384] <mfn_GetOutIP> Out IP is:10.0.0.77
    08/17 17:14:51 [1384] HEARTBEAT: Check Point 5.1
    08/17 17:14:51 [1384] <ScheduleNextUpdate>Manually assigned heartbeat=3 seconds
    08/17 17:14:51 [1384] <PostEvent>going to post event=EVENT_SERVER_ONLINE
    08/17 17:14:51 [1384] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
    08/17 17:14:51 [1384] HEARTBEAT: Check Point 8
    08/17 17:14:51 [1384] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    08/17 17:14:51 [1384] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    08/17 17:14:51 [1384] <RegHeartbeatProc>====== Registration Procedure stops at 17:14:51 ======
    08/17 17:14:51 [1384] HEARTBEAT: Check Point 10
    08/17 17:14:51 [1384] HEARTBEAT: Check Point Complete
    08/17 17:14:51 [1384] <RegHeartbeatProc>Done, Heartbeat=3seconds
    08/17 17:14:51 [1384] <CheckHeartbeatTimer>====== Heartbeat loop stops at 17:14:51 ======
    08/17 17:14:55 [1384] <CheckHeartbeatTimer>====== Heartbeat loop starts at 17:14:55 ======
    08/17 17:14:56 [1384] <GetOnlineNicInfo>:Netport Count=1
    08/17 17:14:56 [1384] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    08/17 17:14:56 [1384] <CalcAgentHashKey>:CH=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:56 [1384] <CalcAgentHashKey>:CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/17 17:14:56 [1384] <CalcAgentHashKey>:C=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.net
    08/17 17:14:56 [1384] <CalcAgentHashKey>:CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/17 17:14:56 [1384] <CalcAgentHashKey>:UCH=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:56 [1384] <CalcAgentHashKey>:UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/17 17:14:56 [1384] <CalcAgentHashKey>:UC=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.net
    08/17 17:14:56 [1384] <CalcAgentHashKey>:UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/17 17:14:56 [1384] <DoHeartbeat>HardwareID=E51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:14:56 [1384] <DoHeartbeat>CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/17 17:14:56 [1384] <DoHeartbeat>CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/17 17:14:56 [1384] <DoHeartbeat>UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/17 17:14:56 [1384] <DoHeartbeat>UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/17 17:14:56 [1384] <DoHeartbeat> Set heartbeat event
    08/17 17:14:56 [1384] Use new configuration
    08/17 17:14:56 [1384] <CSyLink::IndexHeartbeatProc()>
    08/17 17:14:56 [1384] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 00000000042FC190
    08/17 17:14:56 [1384] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 17:14:56 ======
    08/17 17:14:56 [1384] HEARTBEAT: Check Point 1
    08/17 17:14:56 [1384] Get First Server!
    08/17 17:14:56 [1384] HEARTBEAT: Check Point 2
    08/17 17:14:56 [1384] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    08/17 17:14:56 [1384] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    08/17 17:14:56 [1384] HEARTBEAT: Check Point 3
    08/17 17:14:56 [1384] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
    08/17 17:14:56 [1384] HEARTBEAT: Check Point 4
    08/17 17:14:56 [1384] <IndexHeartbeatProc>===Get Index STAGE===
    08/17 17:14:56 [1384] ************CSN=278
    08/17 17:14:56 [1384] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=F60F620A0A00004D00C22978A0B1F17F&chk=E58CBC15723BBC6E20C1E60901D47F70&ck=7BFA30837B98EC4EB44221C1D44F3155&uchk=4D4E6C36B4EC96634C1093BD7AFF8AE4&uck=947CA246055EA0BA3ABCE0AD926188DB&hid=E51FAFED5A10EED5DF713B1335D09EBA&groupid=E5B158620A01021B01223CA6D6D5B00C&mode=0&hbt=900&as=278&cn=[hex]6B746F2D777375732D6176&lun=[hex]61646D696E6973747261746F72&udn=[hex]4B54494D414F4646494345532E4E4554
    08/17 17:14:56 [1384] <GetIndexFileRequest:>http://kto-wsus-av.ktimaoffices.net:8014/secars/secars.dll?h=81BF14B1A600D16C6E81D18DB49E3E86D17D218890156FB1668E2E09E95303ED3446113EEBE925FB04D0516FF85956EB06F03590862F8EBF54C731B421634B04F952DFEE537B480AEF5BD731529B6C84DBEB34AD7C3E71DD5110C60B2C766647C26CEE3B8346B4DB11B53AE585A074B4F2EB3D77CF101D4D2CE06993817A481E5386C0FC013008D6B24C086F18FF2767847740C60E4805F29CB69397A077FAFE6E167D73C77931CD776D47B690A2BE453F77E3027C83F27413716C3B16A16A21D4B4B3AD5251027453962F63960300A6F4CB3F794F0B87F4B9D1C435497EB087A56C8368EE74BC5959AD41A7D323799DC40196B1B115005EDE5E4C15FFC9AE664E9AC9614AE3F616A4130128CFF7EA6BD14CAC29D34AB8BA27E3842B2689995322D4E67A886159A89770220F4A92FAD9653ECFF1AFFF3BD9E93440A3127EE785591161CD86EEADA3995DB5408AB7DE3CF5BF84509906D8A02DE1292DE8B4B42473C47BA9911A466E610FB2AD3E6D92893669A9F0FA7B0FB99DEB531539C35321CE93670C9BC4375DBB62640192035C2A484EF02B3DC1CF2ADB772D84391EF9E2
    08/17 17:14:56 [1384] 17:14:56=>Send HTTP REQUEST
    08/17 17:14:56 [1384] 17:14:56=>HTTP REQUEST sent
    08/17 17:14:56 [1384] <GetIndexFileRequest:>SMS return=200
    08/17 17:14:56 [1384] <ParseHTTPStatusCode:>200=>200 OK
    08/17 17:14:56 [1384] <mfn_DoGetIndexFile200>Content Lenght => 0
    08/17 17:14:56 [1384] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
    08/17 17:14:56 [1384] <GetIndexFileRequest:>COMPLETED
    08/17 17:14:56 [1384] <IndexHeartbeatProc>GetIndexFile handling status: 1
    08/17 17:14:56 [1384] <IndexHeartbeatProc>Switch Server flag=0
    08/17 17:14:56 [1384] HEARTBEAT: Check Point 5.1
    08/17 17:14:56 [1384] Index File Error!
    08/17 17:14:56 [1384] <PostEvent>going to post event=EVENT_SERVER_ONLINE
    08/17 17:14:56 [1384] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
    08/17 17:14:56 [1384] <ScheduleNextUpdate>new scheduled heartbeat=32 seconds
    08/17 17:14:56 [1384] HEARTBEAT: Check Point 8
    08/17 17:14:56 [1384] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    08/17 17:14:56 [1384] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    08/17 17:14:56 [1384] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 17:14:56 ======
    08/17 17:14:56 [1384] <IndexHeartbeatProc>Set Heartbeat Result= 3
    08/17 17:14:56 [1384] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
    08/17 17:14:56 [1384] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
    08/17 17:14:56 [1384] Use new configuration
    08/17 17:14:56 [1384] HEARTBEAT: Check Point Complete
    08/17 17:14:56 [1384] <IndexHeartbeatProc>Done, Heartbeat=32seconds
    08/17 17:14:56 [1384] </CSyLink::IndexHeartbeatProc()>
    08/17 17:14:56 [1384] <CheckHeartbeatTimer>====== Heartbeat loop stops at 17:14:56 ======
    08/17 17:15:21 [3332] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
    08/17 17:15:21 [1384] <CheckHeartbeatTimer>====== Heartbeat loop starts at 17:15:21 ======
    08/17 17:15:22 [1384] <GetOnlineNicInfo>:Netport Count=1
    08/17 17:15:22 [1384] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    08/17 17:15:22 [1384] <CalcAgentHashKey>:CH=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:15:22 [1384] <CalcAgentHashKey>:CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/17 17:15:22 [1384] <CalcAgentHashKey>:C=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.net
    08/17 17:15:22 [1384] <CalcAgentHashKey>:CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/17 17:15:22 [1384] <CalcAgentHashKey>:UCH=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:15:22 [1384] <CalcAgentHashKey>:UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/17 17:15:22 [1384] <CalcAgentHashKey>:UC=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.net
    08/17 17:15:22 [1384] <CalcAgentHashKey>:UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/17 17:15:22 [1384] <DoHeartbeat>HardwareID=E51FAFED5A10EED5DF713B1335D09EBA
    08/17 17:15:22 [1384] <DoHeartbeat>CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/17 17:15:22 [1384] <DoHeartbeat>CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/17 17:15:22 [1384] <DoHeartbeat>UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/17 17:15:22 [1384] <DoHeartbeat>UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/17 17:15:22 [1384] <DoHeartbeat> Set heartbeat event
    08/17 17:15:22 [1384] Use new configuration
    08/17 17:15:22 [1384] <CSyLink::IndexHeartbeatProc()>
    08/17 17:15:22 [1384] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 00000000042FC190
    08/17 17:15:22 [1384] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 17:15:22 ======
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 1
    08/17 17:15:22 [1384] Get First Server!
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 2
    08/17 17:15:22 [1384] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    08/17 17:15:22 [1384] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 3
    08/17 17:15:22 [1384] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 4
    08/17 17:15:22 [1384] <IndexHeartbeatProc>===Get Index STAGE===
    08/17 17:15:22 [1384] ************CSN=279
    08/17 17:15:22 [1384] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=F60F620A0A00004D00C22978A0B1F17F&chk=E58CBC15723BBC6E20C1E60901D47F70&ck=7BFA30837B98EC4EB44221C1D44F3155&uchk=4D4E6C36B4EC96634C1093BD7AFF8AE4&uck=947CA246055EA0BA3ABCE0AD926188DB&hid=E51FAFED5A10EED5DF713B1335D09EBA&groupid=E5B158620A01021B01223CA6D6D5B00C&mode=0&hbt=900&as=279&cn=[hex]6B746F2D777375732D6176&lun=[hex]61646D696E6973747261746F72&udn=[hex]4B54494D414F4646494345532E4E4554
    08/17 17:15:22 [1384] <GetIndexFileRequest:>http://kto-wsus-av.ktimaoffices.net:8014/secars/secars.dll?h=81BF14B1A600D16C6E81D18DB49E3E86D17D218890156FB1668E2E09E95303ED3446113EEBE925FB04D0516FF85956EB06F03590862F8EBF54C731B421634B04F952DFEE537B480AEF5BD731529B6C84DBEB34AD7C3E71DD5110C60B2C766647C26CEE3B8346B4DB11B53AE585A074B4F2EB3D77CF101D4D2CE06993817A481E5386C0FC013008D6B24C086F18FF2767847740C60E4805F29CB69397A077FAFE6E167D73C77931CD776D47B690A2BE453F77E3027C83F27413716C3B16A16A21D4B4B3AD5251027453962F63960300A6F4CB3F794F0B87F4B9D1C435497EB087A56C8368EE74BC5959AD41A7D323799DC40196B1B115005EDE5E4C15FFC9AE664E9AC9614AE3F616A4130128CFF7EA6BD14CAC29D34AB8BA27E3842B26899953EC7C9A4DCF53B325B53123939C7A2279653ECFF1AFFF3BD9E93440A3127EE785591161CD86EEADA3995DB5408AB7DE3CF5BF84509906D8A02DE1292DE8B4B42473C47BA9911A466E610FB2AD3E6D92893669A9F0FA7B0FB99DEB531539C35321CE93670C9BC4375DBB62640192035C2A484EF02B3DC1CF2ADB772D84391EF9E2
    08/17 17:15:22 [1384] 17:15:22=>Send HTTP REQUEST
    08/17 17:15:22 [1384] 17:15:22=>HTTP REQUEST sent
    08/17 17:15:22 [1384] <GetIndexFileRequest:>SMS return=200
    08/17 17:15:22 [1384] <ParseHTTPStatusCode:>200=>200 OK
    08/17 17:15:22 [1384] <mfn_DoGetIndexFile200>Content Lenght => 0
    08/17 17:15:22 [1384] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
    08/17 17:15:22 [1384] <GetIndexFileRequest:>COMPLETED
    08/17 17:15:22 [1384] <IndexHeartbeatProc>GetIndexFile handling status: 1
    08/17 17:15:22 [1384] <IndexHeartbeatProc>Switch Server flag=0
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 5.1
    08/17 17:15:22 [1384] Index File Error!
    08/17 17:15:22 [1384] <PostEvent>going to post event=EVENT_SERVER_ONLINE
    08/17 17:15:22 [1384] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
    08/17 17:15:22 [1384] <ScheduleNextUpdate>new scheduled heartbeat=64 seconds
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 8
    08/17 17:15:22 [1384] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    08/17 17:15:22 [1384] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    08/17 17:15:22 [1384] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 17:15:22 ======
    08/17 17:15:22 [1384] <IndexHeartbeatProc>Set Heartbeat Result= 3
    08/17 17:15:22 [1384] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
    08/17 17:15:22 [1384] <IndexHeartbeatProc>Connection Failed! No. of tries = 2
    08/17 17:15:22 [1384] Use new configuration
    08/17 17:15:22 [1384] HEARTBEAT: Check Point Complete
    08/17 17:15:22 [1384] <IndexHeartbeatProc>Done, Heartbeat=64seconds
    08/17 17:15:22 [1384] </CSyLink::IndexHeartbeatProc()>
    08/17 17:15:22 [1384] <CheckHeartbeatTimer>====== Heartbeat loop stops at 17:15:22 ======
    08/17 17:15:48 [928] <CExpBackoff::CExpBackoff()>
    08/17 17:15:48 [928] </CExpBackoff::CExpBackoff()>
    08/17 17:15:51 [3508] <CSyLink::mfn_DownloadNow()>
    08/17 17:15:51 [3508] </CSyLink::mfn_DownloadNow()>
    08/17 17:15:57 [2636] SyLinkDeleteConfig => Deleting instance: 0000000000702160
    08/17 17:15:57 [2636] <PostEvent>going to post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/17 17:15:57 [2636] <PostEvent>done post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED, return=0
    08/17 17:15:57 [2636] <Stop>Stopping SyLink module...
    08/17 17:15:57 [2636] 17:15:57=>To stop LU download thread
    08/17 17:15:57 [2636] 17:15:57=>To stop LU download thread returned
    08/17 17:15:57 [2636] 17:15:57=>To stop MAIN thread
    08/17 17:15:57 [3508] <MainThreadProc:>***** Main Thread Exit ****
    08/17 17:15:57 [2636] 17:15:57=>To stop MAIN thread returned
    08/17 17:15:57 [2636] 17:15:57=>To stop HEARTBEAT thread
    08/17 17:15:57 [2636] HEARTBEAT RUN TIME=35sec
    08/17 17:15:57 [2636] 17:15:57=>To close Heartbeat thread...
    08/17 17:15:57 [1384] <HeartbeatThreadProc:>Thread is stopping..
    08/17 17:15:57 [2636] 17:15:57=>To close Heartbeat thread returned
    08/17 17:15:57 [2636] <StopHbThread>Heartbeat thread stopped, Heartbeat=64
    08/17 17:15:57 [2636] 17:15:57=>To stop HEARTBEAT thread returned
    08/17 17:15:57 [2636] 17:15:57=>To stop DOWNLOAD THREAD
    08/17 17:15:57 [2636] <CDownloadManager::mfn_StopDownload()>
    08/17 17:15:57 [2636] </CDownloadManager::mfn_StopDownload()>
    08/17 17:15:57 [2636] 17:15:57=>To stop DOWNLOAD THREAD returned
    08/17 17:15:57 [2636] <Stop>Switch the new setting.
    08/17 17:15:57 [2636] Importing ConfigObject: 0000000003A19800 into: 00000000042FC190
    08/17 17:15:57 [2636] SyLinkDeleteConfig => Deleting instance: 0000000003A19800
    08/17 17:15:57 [2636] Write to registry UserGUID=0
    08/17 17:15:57 [2636] <Stop>Stopped!
    08/17 17:15:57 [2636] 17:15:57=>STOP command completed
    08/17 17:15:57 [2636] SyLinkDeleteInstance => Deleting instance: 00000000042E0080
    08/17 17:15:57 [2636] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/17 17:15:57 [2636] <Stop>Not started yet!.
    08/17 17:15:57 [2636] SyLinkDeleteConfig => Deleting instance: 00000000042FC190
    08/17 17:15:57 [2636] SyLink object is deleted !
     


  • 8.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 10:55 AM
    its communicating with 200
    restart the server once and check
    open sep client
    help and support 
    do you see the server name?
    check you network card
    it might be in differnet group also ;


  • 9.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 11:05 AM

    This thread and another have the same error in common:

    https://www-secure.symantec.com/connect/forums/client-sepm-not-communicating-sepm

    08/17 17:15:22 [1384] <IndexHeartbeatProc>Switch Server flag=0
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 5.1
    08/17 17:15:22 [1384] Index File Error!
    08/17 17:15:22 [1384] <PostEvent>going to post event=EVENT_SERVER_ONLINE
    08/17 17:15:22 [1384] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
    08/17 17:15:22 [1384] <ScheduleNextUpdate>new scheduled heartbeat=64 seconds
    08/17 17:15:22 [1384] HEARTBEAT: Check Point 8
    08/17 17:15:22 [1384] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED



  • 10.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 11:12 AM
    About Raffeq.
    I have already restarted the server several times.
    I see the server name. The client has the green dot. The management server sees the client name for a minute as connected but not reporting status. Then the green dot dissapears from the clients name on SEPM.
    Also although there with the 200 communication status that means ok there is this reference below.

    08/17 17:14:48 [2636] <Start>Unable to create Session with 'No Proxies' settings - Error Code: 87


  • 11.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 11:17 AM
    Oh! then we have two issues on this forum with same problem.
    can you try resetting the password for your IIS anonymous user?
    check integrated windows authentication in IIS and update the policy on client.


  • 12.  RE: SEP Client on SEPM does not get updates

    Posted Aug 17, 2010 12:22 PM

    I found one document in our KB with this error and it points to IPv6.  Is this in use on this server?

    Try disabling IPv6 or create a new management server list that utilizes IPv4 addresses only.

    The error code 87 usually means proxy... the steps you already took should have cleared out proxy info, but may want to verify / reset the proxy information for the System account using psexec to launch an interactive session of IE running as System.  SMC client runs as System.

    Title: 'How to launch any win32 file as "System account" on Windows Vista, Windows 7 or Windows Server 2008 / Server 2008 R2'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009091509195248

    Go to the Tools menu and select Internet Options, select the Connections tab and click the LAN Settings button. Uncheck Use a proxy server for your LAN (or verify they are the correct settings).  Also verify "Bypass proxy server for local addresses" is indicated. While still in this IE session, under File, verify that "Work offline" is not checked.  You can then close IE.

    sandra


  • 13.  RE: SEP Client on SEPM does not get updates

    Posted Aug 18, 2010 03:37 AM
    Regarding what Rafeeq said - I am not very keen on messing with IIS and its users specially when all the other clients access the server correctly and update just fine. Moreover I have WSUS installed on the same server (on a different IIS site and port) and I fear that messing with IIS might get me into more troubles.

    Regarding Sandra - I followed the article - No proxies or offline were setup in the system account  only the automaticaly detect settings box was checked and I unchecked it. No there are two errors 87 one with 'User Proxy' and one with 'No Proxies' mentioned. Full log follows.


    08/18 10:10:58 [1252] ~~~Sylink log started. (SEP Product Version in registry: 11.0.6005.562, Sylink File Version: 11.0.6005.440)
    08/18 10:10:58 [1252] Stored HostGUID=F60F620A0A00004D00C22978A0B1F17F; outlen=16
    08/18 10:10:58 [1252] <RestoreSettings>Stored UserGuid=0; outlen=2
    08/18 10:10:58 [1252] <mfn_DecodeSSN>Sygate-SSN=359
    08/18 10:10:58 [1252] <mfn_DecodeSSN>Read CSN=360
    08/18 10:10:58 [1252] <mfn_DecodeSSN>Sygate-SSN=29
    08/18 10:10:58 [1252] <mfn_DecodeSSN>Read CSN=30
    08/18 10:10:58 [1252] Product Type=3,Major Ver=6,Minor Ver=1,Platform ID=18,OSType=50725138
    08/18 10:10:58 [1252] OS=Windows Server 2008 Enterprise Edition; number=6.1.7600
    08/18 10:10:58 [1252] SyLinkCreateInstance => Instance created: 0000000004530080 Registry path: SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK
    08/18 10:10:58 [1252] <GetOnlineNicInfo>:Netport Count=1
    08/18 10:10:58 [1252] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    08/18 10:10:58 [1252] SyLinkCreateConfig => Created instance: 0000000003A19AD0
    08/18 10:10:58 [1252] UseNewConfig => Created m_hNewConfig: 0000000003A19AD0
    08/18 10:10:58 [1252] Importing ConfigObject: 0000000003A166E0 into: 0000000003A19AD0
    08/18 10:10:58 [1252] Importing ConfigObject: 0000000003A166E0 into: 000000000454D1A0
    08/18 10:10:58 [1252] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/18 10:10:58 [1252] SSA packageType is set as 105
    08/18 10:10:58 [1252] SyLinkDeleteConfig => Deleting instance: 0000000003A166E0
    08/18 10:10:58 [1252] <SetHiStatus>HI status is changed to=3; reason=105; rule=Host Integrity check is disabled.
     Host Integrity policy has been disabled by the administrator.
    08/18 10:10:58 [1252] SyLinkCreateConfig => Created instance: 00000000046F4D10
    08/18 10:10:58 [1252] SetCurLocationName: Name is set to - Default
    08/18 10:10:58 [1252] SetCurLocationID: ID is set to - 8ED1035D0A01021B0046AA6157B6D0D7
    08/18 10:10:58 [1252] SyLinkCreateConfig => Created instance: 00000000046F70F0
    08/18 10:10:58 [1252] RemeberCurrentGroup=0,RememberCurrentPolicyMode=0
    08/18 10:10:58 [1252] Importing ConfigObject: 00000000046F70F0 into: 0000000003A19AD0
    08/18 10:10:58 [1252] Importing ConfigObject: 00000000046F70F0 into: 000000000454D1A0
    08/18 10:10:58 [1252] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/18 10:10:58 [1252] SyLinkDeleteConfig => Deleting instance: 00000000046F70F0
    08/18 10:10:58 [1252] SyLinkDeleteConfig => Deleting instance: 00000000046F4D10
    08/18 10:10:58 [2040] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
    08/18 10:10:58 [1252] <CSyLink::Start()>
    08/18 10:10:58 [1252] <Start>PreferredGroup in sylink.xml has been saved into registry: My Company\Ktima Offices\Servers
    08/18 10:10:58 [1252] <Start>PreferredMode in sylink.xml has been saved into registry: 1
    08/18 10:10:58 [1252] <CSyLink::ImportConfigFile()>
    08/18 10:10:58 [1252] </CSyLink::ImportConfigFile()>
    08/18 10:10:58 [1252] <GetDomainHostName>msz_DomainName is taken from szDomainName
    08/18 10:10:58 [1252] <GetDomainHostName>DomainName (Final)=ktimaoffices.net
    08/18 10:10:58 [1252] <HWID CSyLink::GetHardwareKey> Get Hardware ID
    08/18 10:10:58 [1252] <HWID CSyLink::GetHardwareKey> Hardware ID assigned: E51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:10:58 [1252] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87
    08/18 10:10:58 [1252] <Start>Unable to create Session with 'No Proxies' settings - Error Code: 87
    08/18 10:10:58 [1252] <CSyLink::LoadLUInfo> Previous LU data was not loaded or found
    08/18 10:10:58 [384] <HeartbeatThreadProc:>Thread is about to begin..
    08/18 10:10:58 [2668] Successfully created the heartbeat thread
    08/18 10:10:58 [1252] <Start>Started, contact SMS every 300 seconds
    08/18 10:10:58 [1252] <PostEvent>going to post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/18 10:10:58 [1252] <PostEvent>done post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED, return=0
    08/18 10:10:58 [1252] </CSyLink::Start()>
    08/18 10:10:58 [3960] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
    08/18 10:10:59 [1252] <SetClientAuth>Received new User/Domain from SMC..  User: administrator User Domain: KTIMAOFFICES
    08/18 10:10:59 [1252] <SetClientAuth>Getting RDNS Domain Name (user domain in AD setup)..
    08/18 10:10:59 [1252] <GetLoginRdnsDomain>DNS domain=KTIMAOFFICES.NET
    08/18 10:10:59 [1252] <SetClientAuth>Setting the User Domain to RDNS Domain ..
    08/18 10:10:59 [1252] <SetClientAuth>Logged in user info set to: KTIMAOFFICES.NET/administrator
    08/18 10:10:59 [1252] <SetClientAuth>Marking User Change Notify to redo registration..
    08/18 10:10:59 [384] <CheckHeartbeatTimer>====== Heartbeat loop starts at 10:10:59 ======
    08/18 10:10:59 [384] <GetOnlineNicInfo>:Netport Count=1
    08/18 10:10:59 [384] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    08/18 10:11:00 [384] <CalcAgentHashKey>:CH=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:11:00 [384] <CalcAgentHashKey>:CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/18 10:11:00 [384] <CalcAgentHashKey>:C=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.net
    08/18 10:11:00 [384] <CalcAgentHashKey>:CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/18 10:11:00 [384] <CalcAgentHashKey>:UCH=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:11:00 [384] <CalcAgentHashKey>:UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/18 10:11:00 [384] <CalcAgentHashKey>:UC=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.net
    08/18 10:11:00 [384] <CalcAgentHashKey>:UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/18 10:11:00 [384] <DoHeartbeat>HardwareID=E51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:11:00 [384] <DoHeartbeat>CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/18 10:11:00 [384] <DoHeartbeat>CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/18 10:11:00 [384] <DoHeartbeat>UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/18 10:11:00 [384] <DoHeartbeat>UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/18 10:11:00 [384] <DoHeartbeat> Set heartbeat event
    08/18 10:11:00 [384] Use new configuration
    08/18 10:11:00 [384] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 10:11:00 ======
    08/18 10:11:00 [2040] SyLinkCreateConfig => Created instance: 00000000038DE300
    08/18 10:11:00 [2040] Importing ConfigObject: 000000000454D1A0 into: 00000000038DE300
    08/18 10:11:00 [2040] SyLinkDeleteConfig => Deleting instance: 00000000038DE300
    08/18 10:11:00 [384] HEARTBEAT: Check Point 1
    08/18 10:11:00 [384] <GetFirstSEMServer> Selecting a random server
    08/18 10:11:00 [384] HEARTBEAT: Check Point 2
    08/18 10:11:00 [384] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    08/18 10:11:00 [384] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    08/18 10:11:00 [384] HEARTBEAT: Check Point 3
    08/18 10:11:00 [384] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
    08/18 10:11:00 [384] HEARTBEAT: Check Point 4
    08/18 10:11:00 [384] <RegHeartbeatProc>===Registration STAGE===
    08/18 10:11:00 [384] <MakeRegisterData:>logon id (domain/user)=KTIMAOFFICES.NET/administrator
    08/18 10:11:00 [384] <GeneratePreferredGroupAndModeInRegistration:>Loading current group:My Company\Ktima Offices\Servers
    08/18 10:11:00 [384] <GeneratePreferredGroupAndModeInRegistration:>Loading preferred group:My Company\Ktima Offices\Servers
    08/18 10:11:00 [384] <GeneratePreferredGroupAndModeInRegistration:>Loading preferred mode:1
    08/18 10:11:00 [384] <GeneratePreferredGroupAndModeInRegistration:>It will remember nothing, PreferredGroup is My Company\Ktima Offices\Servers, PreferredMode is 1
    08/18 10:11:00 [384] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="E5B158620A01021B01223CA6D6D5B00C" AgentType="105" UserDomain="KTIMAOFFICES.NET" LoginUser="administrator" ComputerDomain="ktimaoffices.net" ComputerName="kto-wsus-av" PreferredGroup="My%20Company%5cKtima%20Offices%5cServers" PreferredMode="1" HardwareKey="E51FAFED5A10EED5DF713B1335D09EBA" SiteDomainName=""/>
     
    <SSAHostInfo><NetworkIdentity UserDomain="KTIMAOFFICES.NET" LogonUser="administrator" HostDomain="ktimaoffices.net" HostName="kto-wsus-av" HostDesc="" />
    <SSAProduct Version="11.0.6005.562" />
    <SSAOS Version="6.1.7600" Desc="Windows%20Server%202008%20Enterprise%20Edition" Type="50725138" ServicePack=""/>
    <Processor ProcessorType="Intel64%20Family%206%20Model%2026%20Stepping%205" ProcessorClock="1994" ProcessorNum="2"/>
    <Memory Size="4294500352"/>
    <BIOS Version="VRTUAL%20-%203000919"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="0725-08%2f12%2f2010%2010%3a58%3a32%20596"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-120" />
    <DNSs><DNS Address="10.0.0.119"/></DNSs>
    <SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    08/18 10:11:01 [384] <SyLink>[MakeRegisterData] registration Hardware Key=E51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:11:01 [384] ************Reg CSN=31
    08/18 10:11:01 [384] <mfn_GenPostData (for Registration):>Request is: s_origin_length: 1254
    s_session_id: E51FAFED5A10EED5DF713B1335D09EBA
    Sygate-SSN: 31
    <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="E5B158620A01021B01223CA6D6D5B00C" AgentType="105" UserDomain="KTIMAOFFICES.NET" LoginUser="administrator" ComputerDomain="ktimaoffices.net" ComputerName="kto-wsus-av" PreferredGroup="My%20Company%5cKtima%20Offices%5cServers" PreferredMode="1" HardwareKey="E51FAFED5A10EED5DF713B1335D09EBA" SiteDomainName=""/>
    <SSAHostInfo><NetworkIdentity UserDomain="KTIMAOFFICES.NET" LogonUser="administrator" HostDomain="ktimaoffices.net" HostName="kto-wsus-av" HostDesc="" />
    <SSAProduct Version="11.0.6005.562" />
    <SSAOS Version="6.1.7600" Desc="Windows%20Server%202008%20Enterprise%20Edition" Type="50725138" ServicePack=""/>
    <Processor ProcessorType="Intel64%20Family%206%20Model%2026%20Stepping%205" ProcessorClock="1994" ProcessorNum="2"/>
    <Memory Size="4294500352"/>
    <BIOS Version="VRTUAL%20-%203000919"/>
    <TpmDevice Id="0"/>
    <SSAProfile Version="5.0.0" SerialNumber="0725-08%2f12%2f2010%2010%3a58%3a32%20596"/>
    <SSAIDS Version="" SerialNumber=""/>
    <SSAUTC Bias="-120" />
    <DNSs><DNS Address="10.0.0.119"/></DNSs>
    <SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    </SSAHostInfo>
    </SSARegData>
    08/18 10:11:01 [384] <SendRegistrationRequest:>http://kto-wsus-av.ktimaoffices.net:8014 [encrypted data]
    08/18 10:11:01 [384] 10:11:1=>Send HTTP REQUEST
    08/18 10:11:01 [384] 10:11:1=>HTTP REQUEST sent
    08/18 10:11:01 [384] 10:11:1=>QUERY return code
    08/18 10:11:01 [384] 10:11:1=>QUERY return code completed
    08/18 10:11:01 [384] <SendRegistrationRequest:>SMS return=200
    08/18 10:11:01 [384] <ParseHTTPStatusCode:>200=>200 OK
    08/18 10:11:01 [384] <SendRegistrationRequest:>Content Lenght => 350
    08/18 10:11:01 [384] HTTP returns status code=200
    08/18 10:11:01 [384] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
    08/18 10:11:01 [384] <SendRegistrationRequest:>COMPLETED, returned 0
    08/18 10:11:01 [384] <IsInClientIPorOnLink> NextHop is equal to10.0.0.77,return TRUE
    08/18 10:11:01 [384] <mfn_GetOutIP> Out IP is:10.0.0.77
    08/18 10:11:01 [384] HEARTBEAT: Check Point 5.1
    08/18 10:11:01 [384] <ScheduleNextUpdate>Manually assigned heartbeat=3 seconds
    08/18 10:11:01 [384] <PostEvent>going to post event=EVENT_SERVER_ONLINE
    08/18 10:11:01 [384] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
    08/18 10:11:01 [384] HEARTBEAT: Check Point 8
    08/18 10:11:01 [384] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    08/18 10:11:01 [384] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    08/18 10:11:01 [384] <RegHeartbeatProc>====== Registration Procedure stops at 10:11:01 ======
    08/18 10:11:01 [384] HEARTBEAT: Check Point 10
    08/18 10:11:01 [384] HEARTBEAT: Check Point Complete
    08/18 10:11:01 [384] <RegHeartbeatProc>Done, Heartbeat=3seconds
    08/18 10:11:01 [384] <CheckHeartbeatTimer>====== Heartbeat loop stops at 10:11:01 ======
    08/18 10:11:05 [384] <CheckHeartbeatTimer>====== Heartbeat loop starts at 10:11:05 ======
    08/18 10:11:06 [384] <GetOnlineNicInfo>:Netport Count=1
    08/18 10:11:06 [384] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.0.0.77" Mac="00-15-5d-02-52-09" Gateway="10.0.0.67" SubnetMask="255.255.255.192"/></SSANICs>
    08/18 10:11:06 [384] <CalcAgentHashKey>:CH=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:11:06 [384] <CalcAgentHashKey>:CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/18 10:11:06 [384] <CalcAgentHashKey>:C=E5B158620A01021B01223CA6D6D5B00C1kto-wsus-avktimaoffices.net
    08/18 10:11:06 [384] <CalcAgentHashKey>:CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/18 10:11:06 [384] <CalcAgentHashKey>:UCH=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.netE51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:11:06 [384] <CalcAgentHashKey>:UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/18 10:11:06 [384] <CalcAgentHashKey>:UC=E5B158620A01021B01223CA6D6D5B00C0administratorKTIMAOFFICES.NETkto-wsus-avktimaoffices.net
    08/18 10:11:06 [384] <CalcAgentHashKey>:UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/18 10:11:06 [384] <DoHeartbeat>HardwareID=E51FAFED5A10EED5DF713B1335D09EBA
    08/18 10:11:06 [384] <DoHeartbeat>CHKey=E58CBC15723BBC6E20C1E60901D47F70
    08/18 10:11:06 [384] <DoHeartbeat>CKey=7BFA30837B98EC4EB44221C1D44F3155
    08/18 10:11:06 [384] <DoHeartbeat>UCHKey=4D4E6C36B4EC96634C1093BD7AFF8AE4
    08/18 10:11:06 [384] <DoHeartbeat>UCKey=947CA246055EA0BA3ABCE0AD926188DB
    08/18 10:11:06 [384] <DoHeartbeat> Set heartbeat event
    08/18 10:11:06 [384] Use new configuration
    08/18 10:11:06 [384] <CSyLink::IndexHeartbeatProc()>
    08/18 10:11:06 [384] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 000000000454D1A0
    08/18 10:11:06 [384] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 10:11:06 ======
    08/18 10:11:06 [384] HEARTBEAT: Check Point 1
    08/18 10:11:06 [384] Get First Server!
    08/18 10:11:06 [384] HEARTBEAT: Check Point 2
    08/18 10:11:06 [384] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    08/18 10:11:06 [384] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    08/18 10:11:06 [384] HEARTBEAT: Check Point 3
    08/18 10:11:06 [384] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
    08/18 10:11:06 [384] HEARTBEAT: Check Point 4
    08/18 10:11:06 [384] <IndexHeartbeatProc>===Get Index STAGE===
    08/18 10:11:06 [384] ************CSN=361
    08/18 10:11:06 [384] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=F60F620A0A00004D00C22978A0B1F17F&chk=E58CBC15723BBC6E20C1E60901D47F70&ck=7BFA30837B98EC4EB44221C1D44F3155&uchk=4D4E6C36B4EC96634C1093BD7AFF8AE4&uck=947CA246055EA0BA3ABCE0AD926188DB&hid=E51FAFED5A10EED5DF713B1335D09EBA&groupid=E5B158620A01021B01223CA6D6D5B00C&mode=0&hbt=900&as=361&cn=[hex]6B746F2D777375732D6176&lun=[hex]61646D696E6973747261746F72&udn=[hex]4B54494D414F4646494345532E4E4554
    08/18 10:11:06 [384] <GetIndexFileRequest:>http://kto-wsus-av.ktimaoffices.net:8014/secars/secars.dll?h=81BF14B1A600D16C6E81D18DB49E3E86D17D218890156FB1668E2E09E95303ED3446113EEBE925FB04D0516FF85956EB06F03590862F8EBF54C731B421634B04F952DFEE537B480AEF5BD731529B6C84DBEB34AD7C3E71DD5110C60B2C766647C26CEE3B8346B4DB11B53AE585A074B4F2EB3D77CF101D4D2CE06993817A481E5386C0FC013008D6B24C086F18FF2767847740C60E4805F29CB69397A077FAFE6E167D73C77931CD776D47B690A2BE453F77E3027C83F27413716C3B16A16A21D4B4B3AD5251027453962F63960300A6F4CB3F794F0B87F4B9D1C435497EB087A56C8368EE74BC5959AD41A7D323799DC40196B1B115005EDE5E4C15FFC9AE664E9AC9614AE3F616A4130128CFF7EA6BD14CAC29D34AB8BA27E3842B26899953166B205AD4D3CEB4B6F30FFA2A28256C653ECFF1AFFF3BD9E93440A3127EE785591161CD86EEADA3995DB5408AB7DE3CF5BF84509906D8A02DE1292DE8B4B42473C47BA9911A466E610FB2AD3E6D92893669A9F0FA7B0FB99DEB531539C35321CE93670C9BC4375DBB62640192035C2A484EF02B3DC1CF2ADB772D84391EF9E2
    08/18 10:11:06 [384] 10:11:6=>Send HTTP REQUEST
    08/18 10:11:06 [384] 10:11:6=>HTTP REQUEST sent
    08/18 10:11:06 [384] <GetIndexFileRequest:>SMS return=200
    08/18 10:11:06 [384] <ParseHTTPStatusCode:>200=>200 OK
    08/18 10:11:06 [384] <mfn_DoGetIndexFile200>Content Lenght => 0
    08/18 10:11:06 [384] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
    08/18 10:11:06 [384] <GetIndexFileRequest:>COMPLETED
    08/18 10:11:06 [384] <IndexHeartbeatProc>GetIndexFile handling status: 1
    08/18 10:11:06 [384] <IndexHeartbeatProc>Switch Server flag=0
    08/18 10:11:06 [384] HEARTBEAT: Check Point 5.1
    08/18 10:11:06 [384] Index File Error!
    08/18 10:11:06 [384] <PostEvent>going to post event=EVENT_SERVER_ONLINE
    08/18 10:11:06 [384] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
    08/18 10:11:06 [384] <ScheduleNextUpdate>new scheduled heartbeat=32 seconds
    08/18 10:11:06 [384] HEARTBEAT: Check Point 8
    08/18 10:11:06 [384] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    08/18 10:11:06 [384] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    08/18 10:11:06 [384] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 10:11:06 ======
    08/18 10:11:06 [384] <IndexHeartbeatProc>Set Heartbeat Result= 3
    08/18 10:11:06 [384] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
    08/18 10:11:06 [384] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
    08/18 10:11:06 [384] Use new configuration
    08/18 10:11:06 [384] HEARTBEAT: Check Point Complete
    08/18 10:11:06 [384] <IndexHeartbeatProc>Done, Heartbeat=32seconds
    08/18 10:11:06 [384] </CSyLink::IndexHeartbeatProc()>
    08/18 10:11:06 [384] <CheckHeartbeatTimer>====== Heartbeat loop stops at 10:11:06 ======
    08/18 10:11:26 [1252] SyLinkDeleteConfig => Deleting instance: 00000000006F3170
    08/18 10:11:26 [1252] <PostEvent>going to post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/18 10:11:26 [1252] <PostEvent>done post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED, return=0
    08/18 10:11:26 [1252] <Stop>Stopping SyLink module...
    08/18 10:11:26 [1252] 10:11:26=>To stop LU download thread
    08/18 10:11:26 [1252] 10:11:26=>To stop LU download thread returned
    08/18 10:11:26 [1252] 10:11:26=>To stop MAIN thread
    08/18 10:11:26 [2668] <IsToStop:>stopping
    08/18 10:11:26 [2668] <MainThreadProc:>***** Main Thread Exit ****
    08/18 10:11:26 [1252] 10:11:26=>To stop MAIN thread returned
    08/18 10:11:26 [1252] 10:11:26=>To stop HEARTBEAT thread
    08/18 10:11:26 [1252] HEARTBEAT RUN TIME=20sec
    08/18 10:11:26 [1252] 10:11:26=>To close Heartbeat thread...
    08/18 10:11:26 [384] <CheckHeartbeatTimer>Sylink is Stopping mode
    08/18 10:11:26 [384] <IsToStop:>stopping
    08/18 10:11:26 [384] <HeartbeatThreadProc:>Thread is stopping..
    08/18 10:11:26 [1252] 10:11:26=>To close Heartbeat thread returned
    08/18 10:11:26 [1252] <StopHbThread>Heartbeat thread stopped, Heartbeat=32
    08/18 10:11:26 [1252] 10:11:26=>To stop HEARTBEAT thread returned
    08/18 10:11:26 [1252] 10:11:26=>To stop DOWNLOAD THREAD
    08/18 10:11:26 [1252] <CDownloadManager::mfn_StopDownload()>
    08/18 10:11:26 [1252] </CDownloadManager::mfn_StopDownload()>
    08/18 10:11:26 [1252] 10:11:26=>To stop DOWNLOAD THREAD returned
    08/18 10:11:26 [1252] <Stop>Switch the new setting.
    08/18 10:11:26 [1252] Importing ConfigObject: 0000000003A19AD0 into: 000000000454D1A0
    08/18 10:11:26 [1252] SyLinkDeleteConfig => Deleting instance: 0000000003A19AD0
    08/18 10:11:26 [1252] Write to registry UserGUID=0
    08/18 10:11:26 [1252] <Stop>Stopped!
    08/18 10:11:26 [1252] 10:11:26=>STOP command completed
    08/18 10:11:26 [1252] SyLinkDeleteInstance => Deleting instance: 0000000004530080
    08/18 10:11:26 [1252] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
    08/18 10:11:26 [1252] <Stop>Not started yet!.
    08/18 10:11:26 [1252] SyLinkDeleteConfig => Deleting instance: 000000000454D1A0
    08/18 10:11:26 [1252] SyLink object is deleted !
     


  • 14.  RE: SEP Client on SEPM does not get updates

    Posted Aug 18, 2010 03:44 AM
    Try this once
    Edit the SYSTEM account proxy settings through using a Scheduled Task:

    Click Start > Run
    Type cmd and click OK
    Type in this the following command and press Enter:

    at 12:00 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe"

    You should receive a confirmation stating "added a new job..."

    Navigate to the Control Panel and open Scheduled Tasks
    Right-click the new task just created in the previous step (probably named "At1") and click Run.
    This will open an Internet Explorer window that will now be running under the SYSTEM account.
    Go to the Tools menu and select Internet Options
    Select the Connections tab and click the LAN Settings button.
    Uncheck Use a proxy server for your LAN
    Click OK twice
    Click Start > Run
    Type SMC -stop and click OK.
    The Symantec Endpoint Protection icon should disappear from the system tray.
    Click Start > Run
    Type in SMC -start and click OK.


  • 15.  RE: SEP Client on SEPM does not get updates

    Posted Aug 18, 2010 03:53 AM
    Regardinf ARAVIND

    The procedure you describe does not work on 2008 server. The procedure that sandra.g described in the following url works and has been implemented with no results. Also I dont have IP V6 in use on the server.
    Any more Ideas?

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009091509195248


  • 16.  RE: SEP Client on SEPM does not get updates

    Posted Aug 18, 2010 06:41 AM
    Create a new sylink file from SEPM and replace it in the client and see....


  • 17.  RE: SEP Client on SEPM does not get updates

    Posted Aug 18, 2010 09:13 AM
    Regarding Aravind

    Used sylynkdrop tool to replace the sylink of the client
    No Result whatsoever



  • 18.  RE: SEP Client on SEPM does not get updates

    Posted Aug 18, 2010 09:18 AM
    Disable IE ESC and try....


  • 19.  RE: SEP Client on SEPM does not get updates

    Posted Aug 23, 2010 07:28 AM
    Checked IE ESC and it was not enabled either on users or on administrators.
    No result in updating the definitions.


  • 20.  RE: SEP Client on SEPM does not get updates
    Best Answer

    Posted Sep 07, 2010 08:22 AM
    I opened a case with Symantec Tech Support.
    After extensive checking and testing a very polite and efficient representative named Priya Bangar
    suggested that although I have already disabled IP V6 on the server that I should disabled it by means of registry editing some parameters.
    These parameters would disable the IP V6 not only on the server adapters but also to other interfaces that the server uses like Loopback Adapter. Froma what I understand since I have the client installed on the Management server  that it tries to connect on windows 2008 it uses the loopback adapter instead of the network interface.
    The registry entries for this change follow.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

    NEW REG DWORD ENTRY named --> DisabledComponents with a hex value of --> 0xffffffff 

    restart  server and all is well.

    A big thank you for the time she spended on helping me.


  • 21.  RE: SEP Client on SEPM does not get updates

    Posted Sep 07, 2010 08:28 AM
    Thank you for sharing the solution..