Solved

ClientRemote Install doesn't work in SAV 10.1

Posted on 2006-11-26
8
1,787 Views
Last Modified: 2008-01-09
Hello

This weekend I came over armed with the idea that I am going to upgrade SAV 8.1.0.825 to 10.1.5.500 and SMS 4.0 to 5.0.

I started it with a call to Symantec on Friday the 10th of November. They sent me a nice almost step by step looking document.
On Saturday I run around and disabled third party anti-spyware software so it won't interfere with clients upgrades.

I uninstalled Symantec System Center from two servers, primary and secondary, restarted, over-installed the new version to primary server, restarted.
Copied the pki folder to removable drive.
Started SSC and I was stunned PASSWORD / USER combination wrong.
I don't remember now, but there were two choices. I don't remember which one I chose.
Anyway it let me unlock the server group. The primary server was still a primary server and I had no choice of making it primary again as Symantec's instruction suggested.

So I clicked on AntiVirus Server Rollout, picked the secondary server and third server and no go on secondary, the tird was ok. No communication with the server.
So I checked the third, wrong password. I checked the second, SAV installed but wrong password.
The password was not wrong. I did not change it since 2004. I logged in with it to SSC at the primary server anyway.
I uninstaled completey Symantec from the secondary server.
Now used the Server Rollout install, but there was no communication.
Tried the third server. Password works.
Restarted second. Tried installation from primary again, different error, 'The format of the specified computer name is invalid', however the software was installed. Password is ok.
Added SSC Console. Works fine.

Now I would like to use ClientRemote Install. Some computer appear in the domain list, some I don't. Win 2K and XP Pro workstations. Firewalls are off. On those that I see, I added them to primary server. Installation runs, stops, DONE. I go to a workstation - Win 2K did not even notice anything, XP Pro askes me for user name and password. Again wrong password.
On those I don't see I can manually update definitions.

What am I doing wrong?
Primary - server - Win 2003
Secondary - Win 2k Server,
Third - Win 2k Server.

Thank you.
Wes


I am not a requent user of this group, so the question was not posted, because I did not enter anything in the subject line.
I came up and wanted to add the following comment:

I tried to install SAV through network path from the CLT_INST directory and it worked. It displayed a message that definitions were not updated and whether I want to update them again, I said no, but it seems ok.
The settings for File System Auto-Protect are grayed out.
Internet E-mail Auto-Protect can be changed from workstation.
Microsoft Exchange Auto-Protect can be changed from workstation.
Tamper Protection can be changed from workstation.

Still, what am I doing wrong that I cannot install clients from the server? I just can't imagine installing SAV on individual workstations manally. I have over 80 computers.

And the SMS I did not even start.
Thank you.
0
Comment
Question by:WesZalewski
  • 4
  • 3
8 Comments
 
LVL 4

Expert Comment

by:Soutie
ID: 18017576
WesZalewski,

I also upgraded from v.8.0 to ver 10.1 last week so I understand the frustration.  If i tried installing through the Client install bit in the system centre, somehting alwauys seems to go wrong.  Most of the time it is that the definions never got sent to the client.

What i found is that the easiest way to overcome this is to use the Logon script function.  there is a directory called logon in your SAV installation folder, copy vplogon.bat and npshpop.exe from this folder to your netlogon folder.  Edit the file vp_login.ini and change the line that reads WINNT=NONE to WINNT=FORCE.  Set all your users up to use the logon script vplogon.bat and the next time they log on and off they should automatically install the new version of SAV.  This is all documented on the CD.  Have a read through that section to clarify things a bit.

The nice thing about doing it this way is that if you do put a later version of the client on the server the clients should anutomatically update seeing as the logon script runs everytime the client is started and checks the versions.

I hope this helps.
0
 
LVL 4

Expert Comment

by:Soutie
ID: 18017599
@ WesZalewski

Just one last thing. You mentuioned that alot of options client side were accessable. You can config the server to allow as much or as little access client side as you like.  This is all accessable in your system centre through right clicking on your server and then selecting all tasks -> symantec Antivirus -> Client Autoprotect options.
0
 

Author Comment

by:WesZalewski
ID: 18018617
Thank you, I will try that sometime this week.
We are in production mode now and I have some other minor tasks, like ERP database platform upgrades and some reports to create on labour, template pricing changes etc. Then I might come back to the group for help.
So, depending what the priority will be I will follow it.
This part is directed to the administrator, please, do not close the question. I will follow the instructions and thank you, and reward people here. They deserve it.
Not like Symantec not supporting enterprise customers on weekends. Did I mentioned it here?

Back to the problem.
Now the strange part, too.
I could change autoprotection options before. I could log-in through to Terminal Services, disable autoprotect, Install SolidWorks for example, and then enable autoprotect back.
Now, in the morning, about twelve hours later, at the server, I don't get the communication error problem to a workstation, but all options are grayed out in the SSC - All tasks - Symantec AntiVirus - Client Autporotect Options and I cannot change them.
I have a few users who started the day already and I see definitions are updating fine to their workstations to the old version of SAV. At least as I see in the Symantec System Centre, but the ClientRemote Install does still fools me.
I am going to check a workstation.

OK. Still old version, new definitions, user has no access to change any settings. Neither do I at the server. i did not log in to the workstation as admin to check it.

Thank you. I will keep you posted.
0
 

Author Comment

by:WesZalewski
ID: 18021770
Hello

I am with Symantec on the phone, I mean, on hold. They honestly stated it is going to be about 1 hour 30 minutes before I get to licensing dept. for SMS. I am having problems installing a license for SMS 4.0.

I talked to Symantec Antivirus group. The guy said I downloaded the unlicesed version of the 10.1.5.5000 because there is no License Manager in [Server group] - All Tasks.
I will have to download the licensed version and upgrade the same way as I did yesterday.

He admitted there is a problem with ClientRemote Install and the design department works on it. Doesn't matter whether it is licensed or not he said. The only difference between licensed and unlicensed is the License Manger in [Server group].
Is that so? Why would people bother to pay for it?

To be supported on weekends you have to be a platinum customer. I am gold only.


I am still going to try workout your solution through log in scripts. I am not sure now that I should install the 'new' downloaded version first and then run your suggestion on a few workstations.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Expert Comment

by:Soutie
ID: 18025606
WesZalewski,

Best practice would be to install it then try the logon scrpit on a few workstations till you have all the bugs ironed out.  The one thing i have noticed is that on a few workstations you need to reboot them twice before they configure the software properly.  It isnt really an issue as the installer does tell you it needs to be restarted but just good to be aware of.

I wasnt aware of the two versions of the software and noticed now that I have the version without the licence manager myself (and it is straight off the CD my local distributer gave me)  But you are dead right, why make a version of the software that people dont have to pay for?
0
 

Author Comment

by:WesZalewski
ID: 18028032
Good morning

I spent over three hours with Symantec on the phone btween SAV support, SMS support and licensing. I was so pissed at them that I was ready to go to McAfee or somewhere.
This is what happened in my case. I started with this company in 2000 as Cost Accountant. Because I knew a bit more about computers I was supporting about 40 people at that time. We had outside consultants comming in and taking over the servers side. They installed Norton, without SMS at that time every year, but we paid only the licensing and renewal fees. They had the support.
In the meantime the company grew and cost for those consultants was higher than a person. I was given a choice, I do my primary position or I do computers. Since nobody thought about proper labour and material reporting being busy growing I didn't want to be responsible for crappy costing reports and financials. I took some MS Office courses etc. and here I am. Every year I purchased the licensing fees added a few users and was happy with the certificate Enterprise Edition - Gold Maintenance. The 'gold' word here mislead me. It means some support during business hours. So, yesterday I learned a few more things after writing the previous message.
Platinum Support gives you 24/7 support and priority with updates + web cases. (Have no idea what are these). Licensing dept. clarified for me the missing License Manager issue. There is no issue - Enterprise edition customers get automatically licensing files and don't need Licensing Manager, which the Tech didn't know. So, you must have the Enterprise version.

Symantec Mail Security protects only from 'known' spam. I guess known means something that is circulating on the net for longer than the net exists, because I get about 4000 undeliverables a day + other spam.  If you want protection, they said, you should add a Bright Mail service.
It is important to us. We have Blackberry users with no Blackberry Enterprise Server and they became useless devices. Maybe ok as cell phones.

I won't do any upgrades to SAV and you should not worry about it either. I'll do the SMS upgarde tonight first, then do some reporting and then I work on the login script. Acutally I started looking what I have in my login script already, because I did not visit it for a long time. I use kixtart here.

Thank you
0
 
LVL 4

Accepted Solution

by:
Soutie earned 500 total points
ID: 18034737
it is actually quite simple to get going, Symantec gives you the logon script which you just have to either point to in your existing script or paste into your existing script.


if "%OS%" == "Windows_NT" goto WINNT_NBPSHPOP
goto END
:WINNT_NBPSHPOP
NBPSHPOP +T: \\%SERVER%\vplogon
T:\VP_Log32 /p=T:
NBPSHPOP -T:
GOTO END
:END

and thats it... paste that in, change SERVER to your server name, and you away. Just remember to change that line in the ini file, the one that reads WINNT=NONE (Took me ages hassling and pulling my hair out could it wouldnt work to figure that out)  For some reason they have it as default not to install in the ini.

Hope everything runs smoothly
0
 
LVL 14

Expert Comment

by:Ehab Salem
ID: 18062991
I suggest you install the symnatec admin tools on a domain member winXP, then run client remote install, it worked for me that way.
One other solution is to manually type the list of IPs and import all and install.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now