Server 2003R2/64 bit, all up to date. Member of domain, can see every workstation, server on the the network though windows, firewall turned off. Only software installed is netbackup client which runs fine. I have wiped the system twice and reinstalled the OS and updates. I have this installed on another physically duplicate server running 2003R2/32 bit which is running fine, only difference is 32 vs 64 bit. I even redownloaded from symantec with fresh files. Is there a 64 bit version of manager I am missing on the download page ? In a nutshell it wont browse the network when adding a client, it will run for 12 hours trying though :-) ,it will find computers with no problem on the second push tab by IP or name, yes, computer browser is on, explorer security has been both installed and removed, no change, ran the symantec help, no problems, all passed. Wasted hours on this, yea I know, it's going be someting stupid but I have not been able to find it, yet.
SEPM 12.1.2 will not browse network for pushing clients
Port Conflict between SEPM 12.1 and DLO 7.5 dedupe service
Hello,
When you have installed both Symantec Endpoint Protection Manager and DLO Server 7.5 you can meet a port conflict. Both application use tomcat with default https port 8443.
i.e. if you have installed SEPM 12.1 and upgrade DLO to 7.5 you may encounter problems with logging to SEPM console like:
- Server Certificate is not present in your trusted store
- Unexpected server Error
Problem disappears after service Mindtree StoreSmart Dedupe Server (tomcat7.exe) is stopped.
DLO 7.5 have new feature: Dedupe Server, which uses tomcat on https port 8443, the same port that uses tomcat in SEPM.
I solved the problem by change DLO dedupe server port to 8443. I've edited "C:\Program Files\Symantec\Symantec DLO\Dedupe\Tomcat\conf\server.xml" file in notepad. I've updated all entries of "8443" to i.e. "8449".
Other possible solution is change the SEPM port. You can do it by "Management Server Configuration Wizard"
I want to make an UNMANAGED Client into a Managed Client SEP 12.1.2015 2015
I want to turn an unmanaged client into a managed client. I have copied the Sylink.xml to the following directory
\\PCNAME\c$\Program Files (x86)\Symantec\Symantec Endpoint Protection
I have restarted the machine since SEP no longer gives us any option to restart services.
After the restart the PC was STILL NOT managed even though I copied the Sylink over.
Where am I going wrong here?
Windows 7 64 BIT PC.
SEO 12.1.2015 2015
I do not want to upgrade just yet, but I do want to make this client managed, this is going to be part of our standard going forward.
Thank you
Symantec Antivirus Solution
Hello Everyone,
Can you please suggest what could be the best AV solution for the below?
- Exchange, SQL, Windows Servers
- 200 Windows client users
Thank you
Symantec Scanning all mail items continuously
I have disabled the outlook add in, but it continued to scan the e mails. I have never seen it before, can you please tell me what it is?
Need to make an unmanaged client into a managed client. This must be done remotely
I asked this earlier, but from what I have seen I have to go on to the PC locally to run SMC - commands which I often can not do. I HAVE to do this over a remote connection. I've tried using the communication update package from SEPM, but I have gotten errors and I could not switch it out. I tested this on my own PC and it said Deployment failed, there was NO explanation as to WHY this failed but it failed.
SEP 12.1.2015 2015
Windows 7 64 Bit Client
Runing SERT on an older P4 system
Hello all - I just want to share this information with you. It worked for me, but no guarantees...
We have a couple of older P4 systems (XP SP3 32-bit) with the Intel 865PE chipset and ICH5 controller. We couldn't boot from the SERT CD on these systems - got a boot error 5 - probably has something to do with the older chipset and WinPE.
So, here's what we did to boot from a USB memory stick
First follow the instructions in TECH131578 -
with the following exception in Step 6. Format the USB stick as FAT (format fs=fat) instead of FAT32. We used 7-zip to unzip the SERT .iso and also unzipped the latest AV defs to the root directory of the USB stick. Once you boot up the SERT, you can point it to the root directory of the USB stick and the SERT will update itself with the latest AV defs.
NOTE: You'll need to get a PIN from Symantec Support to run the SERT. Just e-mail them and they will send you the PIN.
Go into BIOS SETUP and set USB Device Legacy Support to ENABLED. You should find the setting under Integrated Peripherals or something similar.
Save the BIOS change and then boot from the USB device. PF11 on our machine pulled up the "boot from" list.
Then wait - the boot up of WinPE and the SERT is s-l-o-w. May take 10-20 minutes. Just be patient.
Be sure that you update your AV defs - the loaded defs date is in the lower right hand corner of the SERT UI.
Run the scan.
After the scan is completed, go back into BIOS SETUP and set USB Device Legacy Support back to DISABLED.
That should do it. I don't mean for this to be a definitive document on how to use the SERT, just sharing my experience with getting it to run on an older machine.
SEP 12.5 Due Soon ??
SEP 12.5 was supposed to be due in Q2 of 2013.
There has been no word if this is going to happen.
I have not seen a Beta or seen any postings.
Is this still happening ?
Thanks
Replication partner did not take over as priority 1 SEPM server
I am a little confused as to why this did not work as expected. I have two 12.1.2015.2015 SEPM servers running on Windows 2008 R2. All of my clients were reporting to one machine which is in our DR location. I wanted to move all clients to the SEPM Server running in our Production environment. The SEPM Server running in our DR site was built first then I created the second server in our Production environment and added it as an additional site and created replication between the two servers. To move all clients over to the second server (production environment) I made that server Priority 1 on my MSL. I then let about a week go by and a number of replication occurances. Then, this past Friday evening, I stopped the SEPM service and the Embedded Database service on the SEPM server than all clients were currently reporting to. When I checked on the status of the second server this morning I expected to see all clients now reporting there. This was not the case. All clients on the second machine were showing as Online on the Remote server. When I checked that server all clients were showing as offline. I started the SEPM and Embedded database services back up but still nothing is reporting to the orginial server. All clients are now in limbo. Shouldn't all of my clients started reporting to the second server? The I made Priority 1 in my MSL. I followed this procedure below but it didn't work and now I have all of my clients showing as offline. How do I get things back to the way they were before I tried to initiate the failover?
Thank you.
This is the article I followed to move all clients to the other machine: http://www.symantec.com/business/support/index?page=content&id=TECH104389&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1360096189165o7332jvX5mD2iNAby0N749pY17qMJePAbk4NW
Best practice to upgrade SEP 11.x clients to SEP 12.x
Hello everyone,
Scenario: SEPM 11.x just migrated to SEPM 12.1.2015.2015
I have a group of SEP clients running SEP 11. I sync those SEP 11 clients with SEPM 12
Now, I'm looking for a best way (or best practice) to upgrade those SEP 11 clients to SEP 12 clients
I would like to know if:
1. Upgrade SEP 11 clients to SEP 12 means "installing whole client package again"???
2. Upgrade SEP 11 clients to SEP 12 requires "reboot"?? (Probably it will, just wanna be sure!!)
3. Any situation or problem i could face during this migration???
Thanks in advance :)
Continuous restart after migrating to SEP 12
Hello
Last friday, I migrate SEPM 11 console to the latest version SEP 12.1.2015.2015
Then, move the SEP 12 clients to the new console SEPM 12 using "Update communication packge" option in "Add client" option on Clients tab
Since yesterday monday, i'm having problems with many PC (Running Windows 7, Windows 8 or XP) restarting constantly
I'm not 100% if this problem has anything to do with the migration, but wonder if anyone had problems of such type, related with SEP.
Thanks,
unmanage and find unmanage
find unmanage available in 11.x ver but not avaialble in 12.x ver. What is the reason?
What is the differnce between unmanage detector and find unmanage
BSOD after redirecting SEP 11 RU5 to new 12.1.2 SEPM
hi everybody,
We are having problems upgrading a SEPM to 12.1.2. the customer requested to migrate to a new server which deemed not possible, so we decided to install a new SEPM (old was 11.05, new is 12.1.2).
We thought on using Sylinkreplacer, but the console offered an option to push the new comms config to the clients. However, two days later, some computers started to BSOD with STOP ERROR F4.
I have analyzed some of the dumps and found this:
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com) Online Crash Dump Analysis Service See http://www.osronline.com for more information Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.18113.x86fre.win7sp1_gdr.130318-1533 Machine Name: Kernel base = 0x82a54000 PsLoadedModuleList = 0x82b9d4d0 Debug session time: Tue Apr 30 10:28:28.760 2013 (UTC - 4:00) System Uptime: 0 days 0:24:02.711 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_OBJECT_TERMINATION (f4) A process or thread crucial to system operation has unexpectedly exited or been terminated. Several processes and threads are necessary for the operation of the system; when they are terminated (for any reason), the system can no longer function. Arguments: Arg1: 00000003, Process Arg2: 880e3568, Terminating object Arg3: 880e36d4, Process image file name Arg4: 82c6ceb0, Explanatory message (ascii) Debugging Details: ------------------ ----- ETW minidump data unavailable-----TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2 PROCESS_OBJECT: 880e3568 DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: wininit FAULTING_MODULE: 00000000 PROCESS_NAME: WerFault.exe BUGCHECK_STR: 0xF4_WerFault.exe DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 82d323ad to 82b32c2c STACK_TEXT: c2237b18 82d323ad 000000f4 00000003 880e3568 nt!KeBugCheckEx+0x1e c2237b3c 82caffe5 82c6ceb0 880e36d4 880e37d8 nt!PspCatchCriticalBreak+0x71 c2237b6c 82caff28 880e3568 baa27328 000000ff nt!PspTerminateAllThreads+0x2d c2237ba0 8fdc4449 00000084 000000ff 87dda9f8 nt!NtTerminateProcess+0x1a2 WARNING: Stack unwind information not available. Following frames may be wrong. c2237c24 82a918ba 00000084 000000ff 0006e738 SYMEVENT+0x14449 c2237c24 0006f4bc 00000084 000000ff 0006e738 nt!KiFastCallEntry+0x12a 0000003b 00000000 00000000 00000000 00000000 0x6f4bc STACK_COMMAND: kb FOLLOWUP_NAME: MachineOwner IMAGE_NAME: wininit.exe FAILURE_BUCKET_ID: 0xF4_WerFault.exe_IMAGE_wininit.exe BUCKET_ID: 0xF4_WerFault.exe_IMAGE_wininit.exe Followup: MachineOwner ---------
So, I think SEP 11 RU5 is causing them.
Have anyone happened to have the same issue?
Marco Tafur
Magnatech Technical Support
SEP Management Question
Hello,
Got a question as I was unable to locate an answer on Google or here.
If we upgrade our primary SEPM 11.x to 12.x, would the other secondary SEPM 11 servers still be able to download the updates from it? If there are any documentation, please feel free to forward. Thanks in advanced...
Update to 12 RU1 MP1 messed up my USB blocking policy
I recently upgraded my SEPM to RU1 MP1. Afterward, my USB blocking policy got messed up. I am trying to block all USB drives, but allow Kingston Encrypted Drives. In creating a new policy, I cannot get the SEPM to recognize the Kingston USB drive, although I used DEVVIEWER.EXE, copied, and pasted into the hardware devices part of policies.
When pushing out to a client, sometimes I will ONLY see the domain name and IP
I am not sure why this happens but on occasion, when I go to push a client using SEPM, I will see the PCname plus the IP address.
Recently I have been seeing the domain name, no PC name and the IP address. I want to be able to see the PC name as well as the IP address.
Any idea what gives here?
SEP Clients Fail to Update after Installing LiveUpdate Administrator
We are running Symantec Endpoint Protection Manager v.11. For some odd reason, this product does not allow client updates to be scheduled when clients use the default management server to receive updates. We have some computers that must be updated on a schedule, so I installed LiveUpdate Administrator on another server and configured a policy for those computers to get their updates from the LUA server. This works fine, but now the clients in the original policy don't get updates from the default management server. They seem to believe that they have the latest updates. The shield has the green dot and status says "Your computer is protected," but the date of the virus definitions is two days old. The management server also seems to think it has the latest updates. If I highlight the site and click "Download LiveUpdate Content," it says everything is up to date. If I remove the policy containing the LUA server and restart the SEP services, the management server and clients update correctly again. What could be wrong? Isn't SEP supposed to be able to do this?
Verify ProActive Threat Protection via Registry or File
I need to verify ProActive Threat definitions on a few SEP 11 clients without console access or RDP access. I have remote registry rights and access to the default shares as an admin. Is the definitions date and revision stored anywhere in the registry or in a file in plain text?
I found this article for SEP 12: https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-v121-proactive-threat-protection-definition-date
But can't find anything for SEP 11. Any help would be appreciated.
Thanks,
Location Awareness Problem with client switching
I have 4 sites. Each site has a management server and the replicate in a hub and spoke configuration. I have configured location awareness based on IP and it seems to work fine. But I have an ongoing issue going back to SEPM 11 where the Symantec Endpoint Protection Manager service occasionally stops on the management servers (although this is not what I want help with here). My issues is that when the local management server stops, all of the clients move to a management server across the WAN, despite the fact that none of the MSL's have remote servers listed. Then when I bring up the local server, none of the clients switch back. What I would like is for clients to either not update until the local server comes back or use live update as the secondary. And what I really need is help getting them all to switch back to the local management server once it is back up.
I have 12.1.2015
List of client fixes and improvements between 11.5 and 11.73
Hello esteemed colleagues,
I have some departments in my agency that need assistance with keeping their clients updated to the latest version and am hoping that you an provide me with some evidence or docs, to help them see the good in keeping clients up to the latest release for their version of SEP in production(11.0.7101). These people have some clients at 11.0.5, 11.0.6 and are reluctant to update to 11.0.73(latest11.x client). We will be standing up a new SEP12.1.2 environment and manging these clients soon but any data or release notes for these earlier versions can help me convince them to get to latest v11 and v12 clients is appreciated.
Thanks in advance