Endpoint Protection Small Business Edition

Hey Guys,

After many a late night I'm stuck. I have a SBS server, with 3 member servers. Symantec Protection console runs on one of the member servers. I have downloaded the latest version from fileconnect (12.0.1001.95). When I create a client install package, it creates version 11.0.5 for some reason.

Anyway, this won't install to either of the 2 Windows 7 PC's. All other PC's, Vista & XP, are all perfectly fine.

Installing the separate version 12 client, then importing the sylink.xml fails too. The console shows the client PC as offline, and the log on the client PC has lots of connect then disconnect messages.

Firewall is disabled, have installed/reboot as administrator. I'm now at a loss, and before I call Symantec tech support I thought I'd try here first. I hope some one can shed some light on this as it's really starting to frustrate me...

Cheers,

Sno

Version 12 and 11.0.X are two different products; 

12 is SMB and 11 for enterprise.

make sure you have downloaded 12.0.1000 from the fileconnect. I dont understand how 12 can create a package for 11.0.5 :)

download a fresh copy of 12.0 install and then create a package.

for rollback issue; follow this document

https://www-secure.symantec.com/connect/forums/rollback-issue-fix-works-windows-7-sep-1105

I downloaded Symantec Endpoint protection small business edition 12.0.1, and installed this on the server. This is all ok, however when I create a deployment package it simply won't install on Windows 7 clients. I have tried a push install, and creating a package and installing this directly on the client. The direct install gets to a point, then rolls back. Creating separate files for installation, then installing liveupdate first gets the software on the PC, but it will not update, or talk to the server.

Installing the standalone client an then importing the sylink.xml works to the point that there are no errors, but the server shows the client as being off-line, and the client PC is reporting lots and lots of connect and disconnect messages in the Symantec system log.

Was SEP 11 running on all these systems at one time?

Can you post the SPC_INST.log for us to troubleshoot?

From start - run - %temp%\SEP_INST.log,

search for Return Value 3 and post the 10 lines above the return value 3

I've got the SPC_INST log file, however it's almost 10mb in size!

I'm happy to attach this if this is expected, just let me know. Otherwise I'm happy to dissect it and post the last part of the log. The server was initially installed around August, then I have re-installed 12.0.1 recently to try and sort this issue, so the log can contain info from both of these.

The SPC_INST file doesn't contain any "return value 3" entries. There are "return value 1" entries.

The SEC_INST log from the workstation is much smaller, and has 2 sections with a return value 3. I suspect the first is the install, the second the uninstall.

I have pasted the first section, and have attached a txt file with both instances of return value 3.

If I install the LUSETUP first, then the client it actually installs, but then simply never communicates with the server, and never updates itself. Windows 7 firewall is off.

Thanks in advance guys!

Attachment(s)

SEP_INST_40.txt   5 KB 1 version

remove liveupate

delete all liveupdate folders

install liveupdate 

then install sep

you can find the liveupdate in the cD1 sep folder

here is the document

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/3c408fd413456b9088257377004a6fba?OpenDocument

Ok, this enabled me to install, however the virus definitions don't update, the management console tells me the client is offline, never having reported in.

I've attached the system log from the client management, which shows lots and lots of connects and disconnects. I've managed to get this far in the past, however I can not get it communicating with the server at any level.

All other apps/network stuff runs fine on this PC.

I hope some can shed some light on this for me, thanks for the help so far.

Attachment(s)

system.txt   8 KB 1 version

Are you running IE9 beta on these systems?

https://www-secure.symantec.com/connect/forums/warning-ie9-beta-causes-sep-client-not-update-virusdefinitions

No, this machine runs IE8.

Running LUALL I get an error back stating all updates had been downloaded successfully however all of them failed to install.

The version of the client software is 11.0.5002.333. This was installed from the SEP folder, created by the management console for client install.

I am able to download and install the latest version 12 from fileconnect, and this works perfectly as a standalone. When I import the sylink file I get identical behaviour.

why are u trying to communicate version 12 client to a version 11 manager ??

Forget about the 12 as of now...

if you manager has proper internet access which allows all the sites as mentioned above it should get the update

clear all the defs and start a new download from the manager as per this document

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

You can migrate SEP 11 clients to SEP12 , but you cannot manage SEP 11 clients from the SEP 12 SPC.

Make sure the client is upgraded to SEP 12 before troubleshooting this issue.

What is the migration path for SEP 12?
Migration detects and migrates installations of the following Symantec legacy virus protection software:

• SAV Corporate Edition 9.x and 10.x
• Symantec Client Security (SCS) 2.x and 3.x
• SEP 11 (client only)

http://www.symantec.com/business/support/index?page=content&id=TECH96135&locale=en_US

All other clients are fine and updating - it's only the Windows 7 PC that won't.

There is another Windows 7 box present, I will run the same install on this (Liveupdate first, then SEP) to see what's going on.

All clients have version 11 installed, which was generated from the SEP manager console. I mentioned SEP 12 because this is supplied as a separate download from fileconnect for the same serial number. I thought I'd test this too, and this works as a standalone install. It gives the exact same issues when I import the sylink file to get it centrally managed.

The second Windows 7 PC (a laptop running Windows 7 Pro 64-bit) displays the exact same issue.

I'm going to clear the old virus defs from the SEP server as per the link Rafeeq provided.

More info to follow.

So now your only problem is with 1 Windows 7 Client that has SEP 11.0.5 on it and that is showing offline and not updating definitions Correct ?

Disable UAC and turn off WIndows FIrewall.

Also replace sylink.xml on this machine from a working SEP client machine like your XP

From XP machine copy sylink.xml from  Program files\Symantec\Symantec endpoint protection\sylink.xml

then on the Windows 7 machine go to Start -- run -smc -stop

Replace the Sylink.xml file in the same location

then Start - Run -- smc -start

This will allow the client to connect to SEPM..if the clients are showing offline they cannot update the definitions

No difference after importing the sylink file.

This isn't a single PC, both Windows 7 machines are having this same issue. One is a brand new Sony laptop with Windows 7 pro 64-bit, the other a desktop with Win7 pro 32-bit.

I grabbed the sylink file from a working machine, as per above, ensured the firewall and UAC where disabled, stopped smc and copied the file over the top of the existing file (which reported as being a couple of kb larger)

Started smc, tried to update but the same result.

Under Help -> Troubleshooting it lists the server as "offline" in the sever section.

I enabled debugging on this client, and have attached the log. Hope someone has another clever idea...

Attachment(s)

debug_6.txt   191 KB 1 version

Is there proxy on these Machines also disable Enhanced IE security..Also if you IE9 on it remove it.

Try posting the sylink logs

Yes, the PC's all run a proxy (to the ISA server). All other PC's are fine (There's 20 or so PC's)

The PC's run the Microsoft Firewall/ISA connector (I had to download a Windows 7 version of this as the built-in SBS 2003 PROXY tool doesn't install).

I'll see if I can find the Sylink log, and will post it once I've dug it out.

Thanks so far for the help guys!

Sylink log attached. I ran the SylinkMonitor tool and took this snapshot.

I can't see anything in there myself. 

The addressing looks ok, the server named WEB on 10.2.4.14 is in there, the DNS and DHCP server IP's are correct at 10.2.4.11/24

Hope someone spots the issue!

Attachment(s)

sylink_12.txt   87 KB 1 version

Check this "Troubleshooting Client Communication".

https://www-secure.symantec.com/connect/articles/troubleshooting-client-commuincation

Try this

http://www.symantec.com/business/support/index?page=content&id=TECH105229&locale=en_US

Also do secars test and check if you get OK..or you get prompted for Credentials

http://www.symantec.com/business/support/index?page=content&id=TECH102682&locale=en_US