Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEPM replication partner

  • 1.  SEPM replication partner

    Posted Sep 06, 2012 07:10 AM

    I have a main Symantec Endpoint Protection Manager (SEPM1), I have done a replication partner on a server in my DR (SEPMDR). I can see from the management server that replication is being done.

    I stopped service Symantec Endpoint Protection Manager to be able to test SEPM1. There is a client installed on SEPM1, on SEPMDR I can see that the client on SEPM1 has connected, but when I check the actual client (Help and Support> Troubleshooting) there is no green dot. Is this normal?

    What test can I do on the SEPMDR to check that clients have connected? If SEPM1 is unavailable for 2-3 days, will the clients update normally?

    Any tip, link will be very helpful.



  • 2.  RE: SEPM replication partner

    Broadcom Employee
    Posted Sep 06, 2012 07:20 AM

     there is no green dot. Is this normal?

    yes, in case if the Management server list is not set for that group the client will not fall back to other SEPM

    create a management server where the prioirty 1 is the existing SEPM, priority 2 is the DR SEPM

     

    check this article to create a MSL

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55402

     



  • 3.  RE: SEPM replication partner

    Posted Sep 06, 2012 07:22 AM
    Hi, Do you have configure Failover between replication ? What is Management Server List and how to configure Failover between replication partners using embedded database. https://www-secure.symantec.com/connect/articles/what-management-server-list-and-how-configure-failover-between-replication-partners-using-e


  • 4.  RE: SEPM replication partner

    Broadcom Employee
    Posted Sep 06, 2012 08:46 AM

    Hi,

    Replication enables data to be duplicated between databases one separate sites so that both databases contain the same information. If one database fails, you can manage the entire site by using the information on the database from another site.

    After configuring replication please set Management Server List (MSL) with the correct priority for failover.

    By default, the management servers are assigned the same priority when configured for failover and load balancing. If you want to change the default priority after installation, you can do so by using the Symantec Endpoint Protection Manager console. Failover and load balancing can be configured only when a site includes more than one management server.

    What test can I do on the SEPMDR to check that clients have connected? If SEPM1 is unavailable for 2-3 days, will the clients update normally?

    --> You are testing in correct way, however green dot should stay on the client to receive the latest updates.

    Check following articles as well:

    Description of the different shield icon statuses in the System Tray for Symantec Endpoint Protection

    http://www.symantec.com/docs/HOWTO55020

    How replication works

    http://www.symantec.com/docs/HOWTO55328



  • 5.  RE: SEPM replication partner

    Posted Sep 07, 2012 06:10 AM

    Dear Chetan,

    Management Server List has already been configured as per extract from sylink.xml below:

    - <ServerList Name="New Management Server List">

    - <ServerPriorityBlock Name="Priority1">

    <Server Address="198.16.4.57" HttpsVerifyCA="0" VerifySignatures="1" />

    </ServerPriorityBlock>

    - <ServerPriorityBlock Name="Priority2">

    <Server Address="198.20.4.57" HttpsVerifyCA="0" VerifySignatures="1" />

    </ServerPriorityBlock>

    </ServerList>

    Have I set the priority correctly, 198.16.4.57 is the main SEPM?

    I saw that client do failover on the SEPMDR, some client appear with green dot on SEPM and some as 'The client can communicate with Symantec Endpoint Protection Manager at another site'. But still when I check the client, Help and Support>Troubleshooting> Server is Offline.

    The strange thing though is that when I check the policy serial number in the SEPMDR, there is no serial number at all. Is this normal? Is there a way for me to remedy to this?

    Please find report from sylink monitor:

    09/07 13:51:38 [3004] <GetIndexFileRequest:>SMS return=500
    09/07 13:51:38 [3004] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
    09/07 13:51:38 [3004] HTTP returns status code=500
    09/07 13:51:38 [3004] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
    09/07 13:51:38 [3004] <GetIndexFileRequest:>COMPLETED
    09/07 13:51:38 [3004] <IndexHeartbeatProc>GetIndexFile handling status: 500
    09/07 13:51:38 [3004] <IndexHeartbeatProc>Switch Server flag=1
    09/07 13:51:38 [3004] HEARTBEAT: Check Point 5.1
    09/07 13:51:38 [3004] <ScheduleNextUpdate>new scheduled heartbeat=2048 seconds
    09/07 13:51:38 [3004] HEARTBEAT: Check Point 8
    09/07 13:51:38 [3004] Get Next Server!
    09/07 13:51:38 [3004] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    09/07 13:51:38 [3004] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    09/07 13:51:38 [3004] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 13:51:38 ======
    09/07 13:51:38 [3004] <IndexHeartbeatProc>Set Heartbeat Result= 1
    09/07 13:51:38 [3004] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
    09/07 13:51:38 [3004] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
    09/07 13:51:38 [3004] Use new configuration
    09/07 13:51:38 [3004] HEARTBEAT: Check Point Complete
    09/07 13:51:38 [3004] <IndexHeartbeatProc>Done, Heartbeat=2048seconds
    09/07 13:51:38 [3004] </CSyLink::IndexHeartbeatProc()>

    Any help will be much appreciated.



  • 6.  RE: SEPM replication partner

    Posted Sep 07, 2012 06:15 AM

    hi,

    Check SEP client are able to telnet ?



  • 7.  RE: SEPM replication partner

    Broadcom Employee
    Posted Sep 07, 2012 07:09 AM

    Hi,

    Compare Sylink.xml file of both the clients which are online and offline.

    MSL mentioned above seems to be correct however it should be applied to all the groups/clients.

    MSL is same on another SEPM right?



  • 8.  RE: SEPM replication partner

    Posted Sep 07, 2012 09:11 AM

    Dear Chetan,

    MSL is the same on the main SEPM and replication partner. This is the correct way to do it?

    Please find error report from sylink monitor: 

    <GetIndexFileRequest:>SMS return=503
    <ParseHTTPStatusCode:>503=>503 SERVICE NOT AVAILABLE
    [3004] HTTP returns status code=503

    What could be the cause of the problem?



  • 9.  RE: SEPM replication partner

    Broadcom Employee
    Posted Sep 07, 2012 09:28 AM

    Hi,

    Q. MSL is the same on the main SEPM and replication partner. This is the correct way to do it?

    --> It's correct.

    Do one thing, replace Sylink.xml of offline machines and re-check whether failover is taking place or not.

    After replacing sylink.xml client must come online with green dot.If not then there is a communication problem.

    Restoring communication to clients with a new Sylink.xml file

    http://www.symantec.com/business/support/index?page=content&id=TECH106288



  • 10.  RE: SEPM replication partner

    Broadcom Employee
    Posted Sep 07, 2012 09:33 AM

    Check this video also.

    Replication Concepts and Configuration

    https://www-secure.symantec.com/connect/videos/replication-concepts-and-configuration



  • 11.  RE: SEPM replication partner
    Best Answer

    Posted Sep 12, 2012 02:19 AM

    I have been able to solve the problem

    All I had to do is copy everything in folder

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent from the main server to the replication server.