Endpoint Protection

I am currently have some issues getting the Client packages to deploy successfully. The version being used is 11.0.4.202.75 and the symantec version and manager are both at 2009-06-07 REV21. I have successfully deployed this to several of our clients with the only differance being using SBS2008 versus SBS2003. All of the clients are Winxp with SP2 or above (no Vista). I had read that originally their were issues with the management console running on server 2008 but those issues had been resolved from what i have seen.

The management console is running on Windows Server 2008 SBS Standard. The console was installed using the defaults with the embedded DB. I have tried pushing both through the management console and through the deployment and migration wizard.

After pushing the client through deployment wizard or console, i can then log onto the console and the client does not show up. If i log into the client itself Symantec Endpoint installed successfully but definitions are not updating.

Any help in this matter would be appreciated. I have searched the forums and have had no success resolving this.


 

First check the basic communication seetings.Make sure windows firewall has the exception of the port 8014 (default) on both server and client side.If SEPM is not showing them then even the client won't have any green dot.
So if even after disabling or putting exception in the firewall you do not see the green dot on the clients do a secar test from any one of the client.

http://servername:<port number>/secars/secars?hello,secars   Where server name is the name of SEPM server and port number will be the port on which SEPM is installed on IIS ( 8014 by default )
Is it says OK then it is fine if not then there would be some HTTP error like 40x.x if we get this error then we can further drill down the issue and find out where exactly it is failing.

It says OK after the Secar Test. their is no green dot on client and still not showing in the management console.  I verified that port 8014 was open on both the server and client side in the firewall.

You might want to take a look at the SEP support tool....


http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008071709480648?Open&docid=2008120810393048&nsf=ent-security.nsf&view=854fa02b4f5013678825731a007d06af

Can you check sylink.xml file on the client? I saw few times that sylink was pointing to the server on port 80 instead of port 8014.

I have exactly the same problem as described above.

When I run theSEP support tool on the management server it shows 2 errors.

In Can the Symantec Endpoint Protection Manager communicate with itself: 

Error The Secars communication test failed some tests:
Error    127.0.0.1          8014 401
Error    10.0.4.117        8014 401
Ok         WVSEPP01     8014 200

All other tests are OK.

So the server can connect on it's name but can't communicate on it's own IP's ?
Firewall is disabled on the server.

what's the configuration of IIS? it may be configured to respond only to request by NIC/IP/name.
if you ping the server itself by name will it return correct IP?

The ping command gives a correct IP.

On the client I get also errors in the communicate section:

Error The Secars communication test failed for these consoles:
Site                   Port            Http Code Error
10.0.4.117      8014           401
10.0.4.117      8014           401

Information Sylink.xml lists the following Symantec Endpoint Protection Manager:
Priority        Address          DnsIP
List0           10.0.4.117      10.0.4.117
List0            wvsepp01      10.0.4.117

Ok None of the listed Management servers have a DNS error.

Ok The Secars communication test worked with these servers:
Site                   Port Http       Code Error
wvsepp01       8014             200

HTTP401 is unauthorized access. Check IIS config again.

Symantec Endpoint Protection Manager: You can't see the managed client in Symantec Endpoint Protection Manager.

Make sure that you have enabled the logging in the IIS manager for Symantec Web Server->Secars component before you run the secars test.

Check the IIS logs for more specific information. They are found int he location:  C:\windows\system32\logfiles\   you will find a folder for each website you have installed in the folder above. If u want to know which folder you should be looking for, then right click on the symantec web server click on properties, and then click on properties again in the logs section. I will show you the path for the logs and below it would be the folder name [e.g. w3svc1, w3svc2].

Open the latest log file and scroll down at the bottom to find the latst logs. Press the end key as the error code will always be listed at the end.

The error code may look like    "401 0 3" The meaning is HTTP 401.3

Cheers,
Aniket

It seems there is a policy in my network that's causing this problem.

The things I did to get it working:

- Changed the rights on the symantec website  (DirectorySecurity --> enabled Integrated Windows Authentication)
- That helped but not enough. So I removed all AD policy's -->  everything works

The Sep_SupportTool.exe is a perfect tool for troubleshooting !!

There is now a CPU problem when working in the Home section of the console, but that's already mentioned in another thread on this forum.

Everybody thx for the quick response/help !!