Endpoint Protection

 View Only
  • 1.  Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Sep 27, 2012 05:35 AM

    Hi,

    We migrated our SEP Management Server to a new Windows server ond followed the migrate with replication partner method. It worked well and the old server is now uninstalled and removed.

    - The SEP clients check in to the new server and  show up in the client part och Endpoint Protection Manager.

    - The SEP client do have a "green dot" at the Symantec Shield at all times.

    - The SEP client does havend does have the latest updates and policy.

    Our problem now is this:

    - The SEP Clients do NOT stay online in the SEPM. The show up "Green" a short while now and then but are mostly shown as offline. If we do a manual connect they show up short time again. 

    - When they are offline we do not se any information about "Last Time Status Changed" "Virus Defs." "Policy Serial.." "Last scan" etc.. we do see "Name" and "Logon User". No info is saved.

    - Connection Status in the troubleshooting part in SEP client show that they have connected recently to the correct server.

    - We have reinstalled som clients did not fix this.

    - We hava replaced the symlink.xml with SymlinkDrop.exe and the "Trouble Shooting" part in SEP client no fix.

    - We have imported policy manualy, no fix.

     

    Regards, Birger Jarl

     

     



  • 2.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Sep 27, 2012 05:40 AM

    HI,

    Are you able to telnet 8014 ?



  • 3.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Sep 27, 2012 05:44 AM

    Yes Telnet connects. No info show in Putty but it does connect.

     



  • 4.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Sep 27, 2012 05:49 AM

    HI,

    This steps apply only two or three system

    Try to create New Test group and export SEP client package.

    When you are exporting package,you must switch the option "Remove all logs,communication settings.." from Installation Settings under Admin/Install Packages/ tab and export package with this installation settings you created.

    How to create Client Install Packages to migrate clients and move them to a different SEPM

    http://www.symantec.com/business/support/index?page=content&id=TECH158065



  • 5.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Sep 27, 2012 06:04 AM

    Solution

    The legacy proxy settings can be removed by performing the following steps:

    1.   Open the registry (Start->Run->type "regedit").

    2.  Go to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InternetSettings\connections

    3.  Delete the registry keys "DefaultConnectionSettings" and "SavedLegacySettings".

    4.  Reboot the machine.

    Note:  These registry keys will automatically regenerate after reboot of machine.

    Also, this also could be caused due to incorrect proxy server information in the following registry location: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InternetSettings

    Removing the incorrect proxy info from this key and then rebooting allowed the client to communicate normally.

    One important thing to keep in mind is that any incorrect proxy information must also be removed from the following two locations as well:

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

    If the settings are not removed from these two keys, they will repopulate the Internet Settings key after every reboot.



  • 6.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Trusted Advisor
    Posted Sep 27, 2012 07:41 AM

    Hello,

    Could you let us know what version of SEP are you running?

    What is the OS running on the SEPM server?

    Secondly, Could you check at what priority is newer SEPM under MSL.

    To check the MSL, 

    1. In the Symantec Endpoint Protection Manager console, click Policies.
    2. In the Policies page, under View Policies, click Policy Components > Management Server Lists

    Make sure you have deleted the IP address of older SEPM server OR  have the IP address / host name of current SEPM server changed moved to Top priority.

    Also, make sure you have the older Replication partner deleted from the Latest SEPM server.

    Hope that helps!!



  • 7.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Sep 27, 2012 09:00 AM

    Hi,

    SEPM Version = 12.1.671.4971

    OS = Windows Server 2008 R2

    The priority of the new server was 1 (High) before i removed and uninstalled the old server from the MSL/replication. The MSL does only contain the new server now with IP and name. And check ins do occur but client are not online all time.

    Could the registry change by "gsp_sepm" do the trick?

    To create a new package group by "Ashish Sharma"? 

    Johan

     



  • 8.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.
    Best Answer

    Trusted Advisor
    Posted Sep 27, 2012 09:35 AM

    Hello,

    Yes, you could work on the steps provided by gsp_sepm and check on 1 of the client machines, if that helps.

    However, I would suggest you to make sure you migrate the SEP Version: 12.1.671.4971 to SEP Version 12.1 RU1 and Later to SEP Version 12.1 RU1 MP1 and check if that resolves the issue.

    When Migrating from SEP 12.1 RTM >> SEP 12.1 RU1 >> SEP 12.1 RU1 MP1, you would need to migrate SEPM as well as all SEP clients.

    Here are few steps to look at for Migration:

    1) How to upgrade the Symantec Endpoint Protection Manager (SEPM) to Version 12.1 RU1

    http://www.symantec.com/docs/TECH176260

    2) a) Upgrading or migrating to Symantec Endpoint Protection 12.1.1000 (RU1)

    http://www.symantec.com/business/support/index?page=content&id=TECH174545

    b) Upgrading or migrating to Symantec Endpoint Protection 12.1.1101 (RU1 MP1)

    http://www.symantec.com/business/support/index?page=content&id=TECH187753

    3) Steps to prepare computers to install Symantec Endpoint Protection 12.1 client

    http://www.symantec.com/docs/TECH163112

    4) Activating your Symantec Endpoint Protection 12.1 product license

    http://www.symantec.com/business/support/index?page=content&id=TECH162623

    Also, check the Articles for the Migration on :

    Quick Access to Symantec Knowledgebase Articles of Symantec Endpoint Protection 12.1

    https://www-secure.symantec.com/connect/articles/quick-access-symantec-knowledgebase-articles-symantec-endpoint-protection-121

    Upgrade clients to SEP 12.1 by Auto upgrade feature

    https://www-secure.symantec.com/connect/articles/upgrade-clients-sep-121-auto-upgrade-feature

    WhitePaper for Migration:

    https://www-secure.symantec.com/connect/downloads/migration-whitepaper-symantec-endpoint-protection-version-121

    Hope that helps!!



  • 9.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Sep 27, 2012 03:50 PM

    Hi Johan,

    A couple of things to check:

    1. Is the Windows Firewall active on the SEPM server?  If so, is it blocking port 8014?

    2. How many clients do you have and what is the communication mode? (push or pull)

    3. When the client goes offline in the SEPM, does it go offline on the client too (still has the green dot or not?)

    4. Any recent error messages in scm-server*.log in \Symantec Endpoint Protection Manager\tomcat\logs ?

     



  • 10.  RE: Symantec Endpoint Protection 12.1 clients do not stay online in Endpoint Manager.

    Posted Oct 03, 2012 05:53 AM

    Hi,

    It works now. I downloaded the latest version from fileconnect "Symantec_Endpoint_Protection_12.1_RU1_MP1" started the upgrade process with setup and all default next next... and after this it works as it should. I did not follow all the steps in the post above only a plain upgrade with the standard installation package.

    Something in the installation or database must have been corrupt because no other changes to the server or clients was done.

    Thank you for your input.

     

    Regards, Briger Jarl