Endpoint Protection

I get an error when trying to export client packages.
 

Failed to retrieve the policy files from the management server for group TestGroup2.

I have a primary site installed that works fine.  I made all the groups there and then installed a new site and did a full initial replication.  On the new server, when I try to export a client installation package for one of the already existing groups, it fails.

For the TestGroup2 group, the communication settings has the management server list set for "Default Management Server List for <New Site>".  The site existed before I installed this server, but I selected to completely replace it (this site is a reinstall).

There are no policy names folders in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent on the new server, but there are lots on the old server.  When I create a new group on the new server a folder is not created for it in the data\outbox\agent folder.

I have already tried completely uninstalling the new server SEPM and reinstalling with no luck.

I saw a thread on this already ( https://www-secure.symantec.com/connect/forums/unable-export-install-package-mr2 ) where a few people seem to have had the same problem.  Hopefully this is an easy fix being that thread was posted a while ago.  Wanted to try my luck here before calling support.

Thanks.

Symantec Endpoint Protection clients do not show up in new groups, and exporting client install packages fails at retrieving the group policies.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c16395479bca8bfd882573b60064f1fb?OpenDocument

I think the point of your issue is that the replication is failed. If your replication success, then the client install packages will be exported.

Before you reinstall the new site, I suggest you to confirm that the primary site is not running LiveUpdate. As you know, the replication will read the DB information on primary site and write into your new DB, and, on the other hand, the LiveUpdate will  write data into SEPM's DB. So, if the LiveUpdate on your primary site is running, the DB on your primary site will be in writing, the replication may fail.

I reran the "Management Server Configuration Wizard" on the new site after setting LiveUpdate on the primary to only update on Monday to avoid it trying to update during replication.  It reconfigured itself and fully replicated.  I get the same error.

Were you able to make a package if you un-checked the box "Export packages with policies from the following groups:" or if you selected a different policy? Just to test it out.

If I uncheck "Export packages with policies from the following groups" the export is successful.  If I leave it checked and select any group it errors out, even for a group I just created on this server.

Thanks.

Try giving full permission to everyone in
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\

then select Advanced--Replace permission entries.

Do the same with 
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub

Just to make sure its not a permission issue.

I've applied the permissions and get the same result.  I'm also logged into the server as the domain administrator.  The symantec servcies run as the Local System.

can try running dbvalidator once.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008050810375848

Also check if you find anything in scm-server0.log.

The log file is pretty large, but here is what happened when I tried to run the dbvalidator.  It failed after about 3 seconds with the following at the end of the file:

2010-05-28 17:03:01.436 SEVERE: Unexpected server error. in: com.sygate.scm.server.task.PackageTask
com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
com.sygate.scm.server.util.ServerException: Unexpected server error.
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1325)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
Caused by: com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    ... 4 more
2010-05-28 17:03:11.528 SEVERE: Unexpected server error. in: com.sygate.scm.server.task.PackageTask
com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
com.sygate.scm.server.util.ServerException: Unexpected server error.
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1325)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
Caused by: com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    ... 4 more
2010-05-28 17:03:21.621 SEVERE: Unexpected server error. in: com.sygate.scm.server.task.PackageTask
com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
com.sygate.scm.server.util.ServerException: Unexpected server error.
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1325)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
Caused by: com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    ... 4 more
2010-05-28 17:03:31.713 SEVERE: Unexpected server error. in: com.sygate.scm.server.task.PackageTask
com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
com.sygate.scm.server.util.ServerException: Unexpected server error.
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1325)
    at com.sygate.scm.server.task.PackageTask.checkLiveUpdateDirectory(PackageTask.java:1506)
    at com.sygate.scm.server.task.PackageTask.run(PackageTask.java:271)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
Caused by: com.sygate.scm.server.metadata.MetadataException
    at com.sygate.scm.server.metadata.MetadataManager.getFile(MetadataManager.java:475)
    at com.sygate.scm.server.configmanager.ConfigManager.getFile(ConfigManager.java:1323)
    ... 4 more

I'm not really sure what this means.  Since I have reinstalled SEPM twice perhaps it's a java issue?  I don't think I manually installed java on either of these servers (not in control panel) so it must have been rolled in with Symantec.

Hmm..I have seen similar issues..when the download of CD1 was corrupt.

I would suggest to download the CD1 again...

Or one more thing you can check is try installing normal SEPM without replication and check if its working fine..

Also try running Dbvalidator once on your parent SEPM just to make sure there is no abnormality in database.

The md5sum for the CD1.zip that was used for both servers is the same: 9df9367264911a5b6d560cbeb7542f87

Running dbvalidator on the parent SEPM server also errored out with the following message: "Database validation failed"

Nothing is in the scm-server0.log file, but in dbvalidator.log I have this:

----------
2010-05-28 18:21:20.468 INFO: Link is broken for [25] physical file ids :
2010-05-28 18:21:20.468 INFO: TargetId:[1DC1D08ED971803204B4FDAFF1488475] TargetType:[LuDownloadedPackage] ObjectTypeName:[ObjReference] ParentObjectTypeName :[PhysicalFile] Parent's TopLevelObject's GUID:[C457EF451A5760593AF5019CAF1AEAAC]
2010-05-28 18:21:20.468 INFO: <?xml version="1.0" encoding="UTF-8"?>
<PhysicalFile CreationTime="1268322272828" Description="SESM Symantec Security Content B1:11.0:SymAllLanguages" FileChecksum="D9AC10F3816458121D2FE62E140335EC" FileLastModifiedTime="1268322272828" FileName="full.zip" FileSize="76781" Id="C457EF451A5760593AF5019CAF1AEAAC" Name="DownloadedContentFile" NameSpace="schema" _d="false" _i="A6EC533272F928D27365DF5395C2D908" _t="1268322272828" _v="13">
  <ObjReference Name="full.zip" TargetId="1DC1D08ED971803204B4FDAFF1488475" TargetType="LuDownloadedPackage" _d="false" _i="C2BAA227B99A3C34F72B7DC5F1E941C7" _t="1268322272828" _v="6"/>
</PhysicalFile>

2010-05-28 18:21:20.468 INFO: TargetId:[CC291989D8A9912256887357B7A00C94] TargetType:[LuDownloadedPackage] ObjectTypeName:[ObjReference] ParentObjectTypeName :[PhysicalFile] Parent's TopLevelObject's GUID:[1CAB351752EBEE39CBB09307647700D1]
----------

Followed by 30-50 lines of similar text.

If this is a corrupted database perhaps I should reopen the ticket I had with symantec where we were troubleshooting database corruption (wasn't downloading some LiveUpdate stuff, specifically truscan definitions).  Possible the two may be related?

Dbvalidator id it fails it means there is some corruption in database..
Corruption not always means the SEPM ill stop working however these things happen in few corruption case.

I would suggest open case with symantec and get the parent server sorted out first..
Remember Disaster Recovery with database back and restore will bring you to the same place..