[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Symantec Anti-Virus Corp 10.0

Posted on 2006-05-08
22
Medium Priority
?
2,037 Views
Last Modified: 2008-01-09
I have Symantec Anti-Virus Corp 10.0. I am trying to roll-up the software to clients on another sub-net, I can manage them just not see them from the Symantec System Center underTools NTClient Install. Any ideas?
0
Comment
Question by:spayer
  • 10
  • 10
  • 2
22 Comments
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16634237
I'm assuming, you can route to all of these machines you are speaking of, ping them etc...

When you say, you can manage them?  Do you mean from Computer Management console? Are the Symantec clients installed on the computers on the other subnet? or
Are you saying that you don't see the computers when you go to choose which computers to deploy the client?

0
 

Author Comment

by:spayer
ID: 16634580
Yes I can ping all computers no matter what the sub-net. Yes I can manage them no matter what the sub-net.
I am trying ro roll out version 10.0 to clients with 9.0.
I can see the computers in every way you can think of, ping, Windows network, remote assistance, you name it.
From the Symantec System console I can manage, view logs, change settings, just can't see them from the "Tools" menu
and NT Client remote install window. The same thing goes for clients that are connected with VPN.
I know this is quite an interesting problem, but there has got to be some way to make this work.
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16635700
can you see ALL the computers on the network from Network Neighborhood on the computer the AV Server is installed on? (I know you said Windows Network, just double checking)

Symantec uses WINS to browse the network (just like Net Neighborhood), if that is the case, then you can manually import IP addresses for each client you want to push it to.  This may not be practical, depending on the number of clients of your network.  However, if WINS resolution is the problem, Importing the client IP addresses manually, may be more practical then implementing WINS.  

Also keep in mind, there are probably some savvy ways of obtaining the IP addresses of all the computer on your network pretty quickly, with some sort of scanning utility, which you could then export to a TXT file, then your problem is solved...re-import that list back into Symantec...

Here is something I found on Symantec might help explain....


Situation:

You need to install Symantec AntiVirus Corporate Edition remotely. However, target browsing requires the use of the WINS (Windows Internet Name Service) protocol. Computers that are located in a non-WINS environment, such as a native Windows 2000 network that uses the LDAP (Lightweight Directory Access Protocol) or DNS (Domain Name System) protocol, cannot be seen by the installer.

Solution:
Symantec AntiVirus Corporate Edition allows you import a list of target IP addresses for installation. The Import feature is designed for use with Windows NT, 2000, XP, and 2003 only. It is not intended for use with NetWare or Windows 98/Me computers.

To create a text file with IP addresses to import

   1. Create a new text file using a text editor. such as Notepad.
   2. Type the IP address of each server or client that you want to import on a separate line.
      For example:
      127.0.0.1
      127.0.0.2
      127.0.0.3
   3. Save the file to a location that you can access when you run the server installation program.


When necessary, you can comment out IP addresses that you do not want to import with a semicolon (;) or colon (:). For example, if you included addresses in your list for computers that are on a subnet you know to be down, you can comment them out to eliminate errors.

To install using a text list of IP addresses

   1. Launch the Symantec AntiVirus Server or NT Client installation from Symantec System Center or select Deploy Antivirus Client or Server from CD1 under the Install Symantec AntiVirus menu.
   2. At the "Select Computers" screen, highlight the intended parent server on the right and then click the "Import" button on the Select Computers list.
   3. Browse to the file you created in the previous section, and then click Open.
   4. Click OK to continue the installation. You may need to provide a user name and password for computers that require authentication.

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:spayer
ID: 16638511
Well creating the text file with the IP addresses did work for all local clients.
I was not able to do the same thing with the remote VPN clients.
The remote VPN clients may just need to be done manualy.
If you have any ideas with the VPN clients that would be great.

Thanks
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16639148
Well, the remote VPN clients have IP addresses as well, and if all the network traffic can flow to the VPN clients, and the computers used to connect to VPN are a part of the domain(no security rights issues), then you should be able to push the clients to them too.  Also, depeding on your company policy, since these are only VPN clients, maybe they would be more inclined to not be managed, instead download their updates via Internet.  But I'm not sure what your company policy would be on that.

what happens when you try to push it to the clients?  or is it that you cannot determine their IP addresses?  
0
 

Author Comment

by:spayer
ID: 16639293
We do need the remote VPN client to be managed.
I know the IP address that gets assigned to them when they connect, however that is not the actual IP of the computer.
I have clients connecting with several methods, dial-up, home high speed Internet, and Verizon air cards.
As with the other clients they get the updates and managed settings, just can't push out the new version.
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16639522
the IP address assigned to them through VPN is their actual IP, but only when they are on VPN.

If someone connects via VPN, they are part of your network for that time period they are connected.  Just like they can navigate around your network, you can navigate to them, its not a one-way-street, so to speak...

Test it out, try to connect to a VPN connected PC, via file system \\VPNConnectedComputer, ping them, etc....if you can do all that, then you know network connectivity will not be your issue when trying to push the client to them....

Now if you try to connect to the file system \\VPNConnectedComputer, and you get a login prompt, that tells you right there, that you might have trouble pushing the clients due to Security Rights issues, but NOT because of networking issue
0
 
LVL 38

Expert Comment

by:younghv
ID: 16640414
You can also configure the clients to run their 'Live Update' pointing at your Symantec Server.
That will at least create a connection between the clients and your server.
0
 

Author Comment

by:spayer
ID: 16641051
I cam ping remote VPN computers, I can't map to them.
If I can remember correctly I was able to map to them at one time.
I have domain admin rights.
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16641148
well, if you can't map to them, you probably won't be able to push clients to them.  I would be surprised that you couldn't map to them, since you can Ping them.  Usually if you can ping, you can map to them, but maybe there is some firewall or something going on that is blocking that from happening.  As far as Domain Admin rights, thats good, but its only relevant if the PC's that are connecting via VPN are part of the Domain.  IF they aren't part of the domain, then your admin rights have no bearing on them.
0
 

Author Comment

by:spayer
ID: 16641469
Yes all VPN clients are part of the domain.
I have some Windows XP firewall settings in place that should allow me to do anything.
I can connect to them with Symantec PCanywhere.
These are my firewall settings.

Add programs:
PcAnywhere
Symantec Antivirus

Add Ports:
5631 TCP - for PCanywhere
5632 UDP - for PCanywhere
SAV 2967 UDP - for Symantec Anti-Virus
PPTP 1723 TCP - for VPN
And checked "File and printer sharing" box.
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16641585
If you have file and printer sharing checked, then you should be able to connect to them using the \\VPNConnectedComputer, and since they ARE part of the domain and you are DOMAIN admin, then there shouldn't be any rights issues

what happens when you put the IP address of a Connected VPN computer to push the SYmantec Client?
0
 

Author Comment

by:spayer
ID: 16641923
This is what I get when trying to update a VPN client with the Symantec System Center.

Unable to detect the standard network share ADMIN$, on <XXX.XXX.XXX.96>
It will not be possible to install Symantec AntiVirus client software on this machine until the machine is available and ADMIN$ network share is accessible.

Since file and printer sharing in enabled and and they are in the domain I can't come up with a reason why this will not work.
0
 
LVL 38

Expert Comment

by:younghv
ID: 16641978
If you can PCanywhere to a box, why not log in remotely and do an install FROM the box?
0
 

Author Comment

by:spayer
ID: 16642145
Yes I could do that but then the VPN user will be interrupted and the file transfer would be greater, I would need to send the complete install folder to the computer and then run the install. The client roll-out would be mush easyer.
Any of the VPN users with dial-up will need a CD sent to them anyway.
The use of the text file with the IP's worked great for the local users on a different sub-net.

Thanks
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16642433
I suggest FIRST try to connect to \\VPNCOnnectedMachine\admin$ manually, if that doesn't work, then maybe for some reason the ADMIN$ share is disabled

You can remotely add the share again using the good old AT command

at xx:yy \\Machine net share Admin$

If you still can't connect to the share, you may have to resort to some sort of manual process

Also keep in mind that you can always have the client connect to the install files themselves, or create a batch file, place it on their desktops and have it run from their computers

The install files are located at \\AVSERVER\VPHOME\CLT-INST\WIN32

or..........

There is a Browswer based installation, located at
\\AVSERVER\VPHOME\CLT-INST\WEBINST\start.htm

You could put the link in an email, and send it to each of the users, and make up some sort of screen shot tutorial so that they can set it up, and then have them contact you if they have any issues, etc.
0
 

Author Comment

by:spayer
ID: 16642658
Thanks.
The Browser based install looks like it my be a good thing to try.
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16642968
Can I get the points, or do you need more assistance?
0
 

Author Comment

by:spayer
ID: 16644310
Get the points.
You have helped a lot!
I am new to Experts Exchange, do I heed to do anything for you to get the points?
0
 
LVL 3

Accepted Solution

by:
rickyclourenco earned 2000 total points
ID: 16648528
I'm not sure, I've never asked a question on here myself, but I would assume that there is someplace where you can "Accept my Answer" and award me the points, and then I think it will ask you to grade me.....maybe a moderator could help
0
 

Author Comment

by:spayer
ID: 16648700
I did this.

Accept this Comment as an Answer and close the Question.
Select an appropriate grade: (Grading Tips)
A: Excellent!!!
B: Good!
C: Average.

I selected A: Excellent!!!
0
 
LVL 3

Expert Comment

by:rickyclourenco
ID: 16648835
Thanks Man!  glad i could Help
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question