Hi,

I have question about search network client, I use client deployment wizard to scan client in SEPM 12.1

Client is joined domain, OS is win7. If I enable windows firewall from client. SEPM cannot detect client, result as below:

But when I disable client windows firewall, SEPM can detect client, result as below:

So it is because of windows firewall. I have open TCP 139, 445 and UDP 137, 138. but it still fail.

Does anyone know which port should be open? Thanks.

Prepare computers for remote deployment and management

Modify firewall settings to allow communication between Symantec Endpoint Protection Small Business Edition components:
■ Push deployment ports, used on management servers and clients: TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports.
■ For legacy communications, open UDP port 2967 on all computers.
■ General communication: TCP 8014 (HTTP)/TCP 443 (HTTPS) for management servers. These are the default ports, and may be customized. See Symantec Endpoint Protection 12.1: How to Change the ports used for communication between the Manager and clients.

Steps to prepare computers to install Symantec Endpoint Protection 12.1 client

check this link

http://www.symantec.com/business/support/index?page=content&id=TECH163112

Push deployment ports, used on management servers and clients: TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports.
 

Hello,

Check these Articles:

Preparing Windows operating systems for remote deployment

http://www.symantec.com/docs/HOWTO80805

About firewalls and communication ports

http://www.symantec.com/docs/HOWTO81451

For preparing Windows Vista, Windows 7, or Windows Server 2008 computers - 

Windows User Account Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. You do not need to fully disable User Account Control on the client computers during the remote deployment if you disable the registry key LocalAccountTokenFilterPolicy. For more information, visit the following URL:

http://support.microsoft.com/kb/951016

To push the client software to computers, you should use a domain administrator account if the client computer is part of an Active Directory domain. Remote deployment also requires administrator privileges to install.

Perform the following tasks:

Hope that helps!!

HI, 

Have you checked the communication ports using for push deployment. This needs to be open from SEPM server to client

TCP 139 and 445, UDP 137 and 138.

Regards

Ajin

Is the remote registry service running?

Hello,

Is the Windows User Account Control (UAC) on Windows 7 machine been turned off? Make sure it is turned off. (requires a restart of the machine)

Windows User Account Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. You do not need to fully disable User Account Control on the client computers during the remote deployment if you disable the registry key LocalAccountTokenFilterPolicy. For more information, visit the following URL:

http://support.microsoft.com/kb/951016

To push the client software to computers, you should use a domain administrator account if the client computer is part of an Active Directory domain. Remote deployment also requires administrator privileges to install.

Hope that helps!!

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

I would suggest to disable firewall if going to use SEP NTP feature.

If planning to use Windows firewall then disable it temporary till the time SEP install finishes.

These are the troubleshooting steps specifically applicable on Windows 7 machine.

Windows User Account Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. You do not need to fully disable User Account Control on the client computers during the remote deployment if you disable the registry key LocalAccountTokenFilterPolicy. For more information, visit the following URL:

http://support.microsoft.com/kb/951016

To push the client software to computers, you should use a domain administrator account if the client computer is part of an Active Directory domain. Remote deployment also requires administrator privileges to install.

Perform the following tasks: