<

Symantec Endpoint Protection: SEPM Status Utility

Published on
18,358 Points
8,558 Views
3 Endorsements
Last Modified:
Awarded
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing).

This release will be the last to include any feature updates. Any updates going forward will only include fixes for reported defects.

* The website formatting of this particular article is a little unyielding. Please review the guide attached to this article for a version easier on the eyes.
 
PREFACE
The purpose of this guide is to explain what the SEPM Status Utility is and how it works. I have tested this utility in an environment consisting of 54 SEPM's, 17 database servers and 17 SEP sites. While I am confident this utility will work well in environments its targeted towards, I must add a caveat that every environment is different and you may encounter errors.

AUDIENCE
Information Technology personnel responsible for the support of a two (2) or more SEP Site environment where replication is in use. The utility is not targeted to single SEP Site or embedded database environments.

ASSUMPTIONS
1. MS SQL is being used for the SEPM database. The embedded database is not supported by this utility.
2. There is one (1) password used for all of the SQL user accounts. If there is a different password for each account, the utility will fail to run properly.

PREREQUISITES
1. The Admin must know, or be able to obtain, the following information:
a. SEPM and database server hostnames.
b. SEPM database and instance names, usernames and password.
c. Ports used for the IIS and MS SQL services.
d. The drive letter the SEPM software is installed.
e. The drive letter the database resides on.
2. The Admin must have an account with administrator privileges on the SEPM and Database servers.

DEFINITIONS
SEP – Symantec Endpoint Protection
SEPM – Symantec Endpoint Protection Manager
IIS – Internet Information Server
MS SQL – Microsoft Structured Query Language

ABOUT
The utility will perform a basic, point-in-time, status check on the SEPM and DB servers to allow the Admin to determine if there are any issues that require attention. The intention of the utility is not to replace any real-time monitoring currently being performed by other applications, but to enhance them.

Most monitoring applications look at server health and not application health. That is where this utility can help fill the gap. By querying the SEPM databases, the utility reports on several metrics that would otherwise not be available using a traditional monitoring application. In addition to SEP Site information, the utility also collects data on the SEPM servers themselves. Refer to the What is Reported section for additional information.

DISCLAIMER
THIS UTILITY IS NOT ENDORSED OR SUPPORTED BY SYMANTEC TECHNICAL SUPPORT. IF YOU REQUIRE ASSISTANCE PLEASE CONTACT THE AUTHOR AT JOHN@JMLAMB.NET. THIS UTILITY IS PROVIDED AS-IS WITHOUT WARRANTY OF ANY KIND. THE AUTHOR EXPRESSLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL HAVE NEITHER LIABILITY NOR RESPONSIBILITY TO ANY PERSON OR ENTITY WITH RESPECT TO ANY LOSS OR DAMAGES ARISING FROM THE USE OF THIS UTILITY.  ALL REFERENCES MADE TO 'SYMANTEC', 'SYMANTEC ENDPOINT PROTECTION',  'SEP' AND THE SYMANTEC LOGO ARE REGISTERED TRADEMARKS OF SYMANTEC CORPORATION.

HOW IT WORKS
When the utility is launched, it reads a configuration file. It initially stores the data in the Management Servers, Ports and Data Drives sections, and makes reference to the other sections as the utility progresses.

The utility makes remote WMI and registry connections to the list of SEPM servers collecting various data. As the first SEPM server in a Site is reached, the utility connects to the corresponding database server and performs SQL queries collecting various site data.

As the data is collected, the utility writes the information to a log file, SEPMStatus.log. There is also a progress bar to indicate which step the utility is performing and to approximate when it will finish.

THE CONFIGURATION FILE
The configuration file is named config.ini and is stored in the same directory the utility is ran from. It contains the following sections: Status, Management Servers, Database Servers, Databases, Database Usernames, Database Password, Ports and Data Drives.

• The Status section contains a single entry called Ready. The value can be 0 or 1, and is set to 0 by default. It is there to ensure the Admin running the utility reviews this guide so they understand the configuration file needs to be updated before running the utility.
• The Management Servers section contains a list of the SEPM server hostnames.
o The entries in this section should follow this format: SITE_#=SEPM_HOSTNAME
- SITE = The SEP Site name.
- # = The number SEPM in the Site.
- SEPM_HOSTNAME = Hostname of the SEPM server.
o Examples
- CORP-A_2=sepm2.corp.local
- CORP-A_1=sepm1.corp.local
- CORP-B_2=sepm4.corp.local
- CORP-B_1=sepm3.corp.local
o There must always be a SITE_1 listed at a minimum. The utility looks for the #1 SEPM in the Site to know when to establish the database connection.
It is best to list your servers in reverse order for better flow of the log file.
• The Database Servers section contains a list of the SEP Sites and their corresponding server names.
o The entries in this section should follow this format: SITE=DBSRV_HOSTNAME\INSTANCE
o Examples
- CORP-A=db1.corp.local\sql
- CORP-B=db2.corp.local\sql
• The Databases section contains a list of the database names that reside on the database servers.
o The entries in this section should follow this format: SITE=DB_NAME
o Examples
- CORP-A=sepmdb1
- CORP-B=sepmdb2
• The Database Usernames section contains a list of the SQL usernames that interact with the databases.
o The entries in this section should follow this format: SITE=SQL_USER
o Examples
- CORP-A=sepmuser1
- CORP-B=sepmuser2
• The Database Password section contains an encrypted string of the password that, along with the username, is used to access the databases.
o There should only be one (1) entry in this section. If the entry doesn’t look like an encrypted string, or it’s blank, the EncryptPwd utility needs to be run.
• The Ports section contains a list of the two (2) ports used by the utility. IIS refers to the port the Symantec Web Server site uses. SQL refers to the port the SQL Server uses.
o The entries in this section should follow this format: IIS=PORT and SQL=PORT
o There are two (2) default entries already specified. 8014 for IIS and 1133 for SQL. Update them if they don’t match your configuration.
• The Data Drives section contains a list of the drive letters where the SEPM and SQL database reside.
o The entries in this section should follow this format: SEPM=DRIVE: and DB=DRIVE:
o Examples
- SEPM=D:
- DB=E:

The configuration file must exist in the same directory as the EXE at the time the utility is launched. If it does not exist the utility will report an error and close. The file must also be named config.ini.

Now would be an appropriate time to update the Ready key under the Status section to 1.

WHAT IS REPORTED
The following data is collected on each SEPM server:
• Network presence
• IP address
• Operating system, service pack and status
• Current local time
• Last reboot time and bootup state
• Domain membership
• Computer system type and status
• Free diskspace on the system and SEPM drives
• IISADMIN, W3SVC and semsrv service state
• Semsrv service uptime
• SEPM and SEPC installed versions
• SEPM and SEPC install date
• Current virus definitions, SSC A1/B1 definitions and IPS signatures
• SECARS result

The following data is collected on each SEP Site:
• Current client count
• Last admin session
• Last policy change
• Last event
• Last successful incoming and outgoing replications
• Last successful LiveUpdate and when its scheduled to run again
• SQLSERVERAGENT service state
• Free diskspace on the database drive

RUNNING THE UTILITY
1. Extract the ‘SEPM Status Utility.zip’ archive to a preferred location on your workstation (i.e., your "Desktop").
2. Confirm the configuration file is located in the same directory as SEPM_Status_Utility.EXE and EncryptPwd.EXE.
3. If this is the first time the utility is being run, the EncryptPwd utility must be run first. Otherwise skip to step 9.
4. Double-click EncryptPwd.exe to launch the UI.
5. Enter the password that corresponds to the SQL user account the SEPM uses to interact with the database.
6. Click the Encrypt button.
7. Confirm the encrypted password string has been written to the Pwd key under the Database Password section of the configuration file.
8. Click the Close button.
9. Double-click SEPM_Status_Utility.exe to launch the UI.
10. Enter your Administrator privileged credentials then click Next.
11. Choose which data points you want to collect then click Start.
a. The database validation option confirms whether or not the database is healthy. It remotely executes the dbvalidator.bat file located in the Tools folder of the SEPM server. You should not need to choose this option more than once per week.
12. The utility will report when it’s complete. Click the Close button to exit the utility and open the log file.

DOWNLOAD
SEPM-Status-Utility.pdf
SEPM-Status-Utility.zip

EE no longer permits EXE files to be uploaded. There are 2 files in the archive with 'myapp' extensions. You will need to rename them to exe before attempting to launch them.
3
Comment
Author:jmlamb
3 Comments
 
LVL 38

Expert Comment

by:younghv
An excellent adjunct tool for SysAdmins.
Thank you for putting it together.

"Yes" vote above.
0
 
LVL 2

Expert Comment

by:SaqibAlam
Wow Gr8 reporting tool for SEPM
 
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
thanks for sharing !
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month