SEP 12.1.4112.4156 - Windows 7 clients
I have several clients showing as offline in the server and web consoles but when I remotely connect to them they show online and up-to-date.
I manually update the client (troubleshooting - update policy) just to get it to check in with the server which it does but it doesn't change the fact that it's showing offline in the console.
I've checked client memory and hard drive space which isn't an issue, it can talk to the server, and everything appears to be configured properly.
Any insight as to what might be going on here?
Thanks in advance.
As long as it shows online on the client itself, it should be connected. The web console is buggy IMO. Does the remote console show different results? May be a cosmetic bug.
You can enable sylink debugging on the client to verify connectivity though if you wish just for proof.
Enable sylink debugging for Endpoint Protection clients
The server and web console's don't always sync up which I would expect but I would say they stay mostly consistent.
It does the same thing with client's showing definitions older than 7 days. The overwhelming majority that I connect to via RDP are online and up-to-date.
There are a lot of firewalls and what-not within the overall network that keep me from connecting directly to certain groups. I guess that could play a part.
If they're online, should be fine regardless of firewall. If you open a client and go to Help >> Troubleshooting >> Connection Status it will show you status. Again, you could enable sylink debugging for proof. To me it seems to be more of a cosmetic type issue. If you do a search of the client, does it show up multiple times?
Should be because of this, check on one machine and see if that shows up with green dot on the console
Personally I think this is an issue with 12.1.4112.4156 SEPM. We upgraded to this version as soon as it was released and it had other bugs associated with it as well. If you looked at a Windows 7 Professional x64 client machine within the SEPM, it would list the machine as a Windows Vista machine. We had issues with machines losing all network connectivity with this version too. It appeared that the Teefer.sys file would be missing from %windir%\system32 after the installation. The only way we could fix this was to uninstall the NTP Component, reboot, and then reinstall the NTP Component. We also experienced the same issue you are describing above. The machines that experienced this behavior would eventually stop getting updates from the SEPM. The client would have a green dot locally showing it was connected, but on the SEPM side it would show offline and when I checked the machine it would be outdated. We upgraded everything to 12.1.5337.5000 and it seems to have resolved the previous version problems.
Yea, I did see / hear about these same issues with 184.108.40.206b
I haven't seen any that show up multiple times yet. I've bookmared the link for future reference if/when I do.
Thanks for the help. Everything I check shows up as connected and online when I check the troubleshooting items. I guess I'll just have to operate with the knowledge that for whatever reason the console isn't displaying properly.
I meant to say %windir%\system32\drivers folder for the teefer.sys file.
Good to know. I'm planning to update to the new version in the next few weeks already so I'll just sit on it and wait to see what comes of it.
Thanks for all the input. Glad these forums exist, I've been gleaning helpful info for a while now.
Happy Thanksgiving everyone.
Good deal :)
Same to you!
Can you try this once?
I can say that this didn't fix the problem for us; http://www.symantec.com/business/support/index?page=content&id=TECH167284. We don't use embedded databases and we have always had a scheduled task to rebuild the indexes on our SQL DB.
Ok, Try this... Log in to sepm > Adminstrators>Domains..
See how many domains u have. There are chances that the client can communicate with other domains within sepm. Unless u change the domain, u wont be able to see them..
I agree Lumia@720. We only have 1 domain listed though. I am beginning to suspect that we have a bigger underlying issue though. When I look through some of the logs I can see an Agent Sweeping Task being run against domains that don't exist in our SEPM. Seems like we have some Ghost Domains in our Db. I am opening a support case to find out what is going on.