Endpoint Protection

We have about 100 SEPv11 clients (running MR4 and MR4 MP2 on both XP and W2K) that fail to start the SMCSERVICE service (C:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe).
The service is configured to Auto start after booting (the default setup). If we try to start it from the services.msc, the following logs are written to the Event Viewer - System. The same goes for executing "smc.exe -start" from CMD.

1. 12:13:01 PM The Symantec Management Client service was successfully sent a start control.
2. 12:13:02 PM The Symantec Management Client service entered the running state.
3. 12:13:03 PM The Symantec Management Client service entered the stopped state.

The syslog.log located in the install directory has the following entries repeated over and over on all the clients exhibiting this issue.
00000066    01ca150958c5aade    12070203    00000000    00000002    00000000    Manager cannot load client policy    Smc   
0000006b    01ca15095941a526    12070204    00000000    00000000    00000000    Symantec Management Client is stopped.    Smc


Trying to run a repair or upgrading the SEPv11 client does not fix the problem. However, removing , rebooting and then reinstalling does seems to fix the issue, but we would like to be able to resolve this some other way.

Has anyone experienced this issue?

I would try running the SEP support tool to gather some additional data. Let us know what issues the tool reports


http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008071709480648

How did you install the clients in the first place?

Did you deploy them from SEPM? And when you re-installed the client, did you manually run the setup?


If yes, then it could be related to permissions.

You can attach a debugger to smc.exe or Symantec Management Client process, and then start it.

You can create a crash dump for this process and analyze it with DebugDiag tool.

Let us know your findings.

Cheers,
Aniket

We think we may have resolved the reported issue of the SMCService failing to start. The procedure has been performed on 50 PC's with 100% success.

By enabling the debugging settings (following http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090611252048) and then starting SMC.exe, the results in the debug.log located in the default install directory, pointed us to the cltdef.dat and the serdef.dat files.

CONTENTS of DEBUG.LOG

08/07 10:42:52 [2136:3196] Enterprise version, Build 51!!!
08/07 10:42:52 [2136:3288] IsAlone() = 004DC1B0
08/07 10:42:52 [2136:3288] Service ThreadID 7C809740
08/07 10:42:52 [2136:3288] Loading C:\Program Files\Symantec AntiVirus\Cltdef.dat
08/07 10:42:52 [2136:3288] Loading C:\Program Files\Symantec AntiVirus\Serdef.dat
08/07 10:42:52 [2136:3288] ImportFromStream :  loadXML failed
08/07 10:42:52 [2136:3288] Fail to import profile from C:\Program Files\Symantec AntiVirus\Serdef.dat.bak
08/07 10:42:52 [2136:3288] ProfileMan: cannot load server profile C:\Program Files\Symantec AntiVirus\Serdef.dat
08/07 10:42:52 [2136:3288] Service Start Initialize() Failed!
08/07 10:42:52 [2136:3288] Service is shutting down
08/07 10:42:52 [2136:3288] Saving SMC State
08/07 10:42:52 [2136:3288] Skip saving state because Engine is not running
08/07 10:42:52 [2136:3288] Stopping SyLink...
08/07 10:42:52 [2136:3288] delete SMC State...
08/07 10:42:52 [2136:3288] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
08/07 10:42:52 [2136:3288] delete netport...
08/07 10:42:52 [2136:3288] delete IDSSignatureLib...
08/07 10:42:52 [2136:3288] Disable damper...
08/07 10:42:52 [2136:3196] System configuration has been saved.

After coping the 2 files from a known good SEPv11 client, the SMC.exe service successfully started and normal communications with the SEPM are now occurring.