Problems instaling Symantec Endpoint Protection on Vista ... seems 137 and 138 are not listening

How can I make sure the proper ports are listening.  According to the tech-note ( http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111408431148) I need to make sure 137 and 138 are listening and it doesn't appear to be the case.

I am attaching a screen shot of netstat -abn  It does not show 137 and 138 as "listening"

This is a Vista system .. the firewall is disabled  ... any thoughts ?
netstatcapture.JPG
DanRaposoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

vvladaCommented:
Hi,

Do you install SEP manager or SEP client? If it is the SEPM than do you use Vista 64-bit or 32-bit? If it is 64-bit, it is not supported as platform for SEP Manager.

If you are installing just SEP client, then you should pay attention to port 80 (http) for heartbit to SEP Manager and port 8443 (https) for content and product updates and policy update.

To access the SEP Manager, after you installed it, go to the browser and go to the http://<ip address of SEP Manager computer>:9090 (in case you use default values).

Best regards,
Vladimir
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DanRaposoAuthor Commented:
I am installing 32-bit client.  I am not installing manager, nor did I know there was a remotely installable manager .. so thanks for that tip ;-)

netstat -abn shows it is listening on 80 and 443, but I still can't install.
0
vvladaCommented:
Hi,

If this is SEP client, then you don't need to check 137 and 138. Since you didn't installed the product and something is listening on 80 and 443 then it looks as you have something (maybe Skype or IIS server or something else) that prevent SEP to install. What is the exact message that you get? Did you take a look at installation log (in %TEMP% folder, just type CD %temp% in Command Prompt to see where it is).

best regards,
Vladimir
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

vvladaCommented:
Hi,

I forgot to write - you don't need ports 80 or 443 on client, since the client will initiate connection to SEP Manager on some port above 1024... So, the problem is not in ports but something else. Check MS Installer on that machine...

Best regards,
Vladimir
0
DanRaposoAuthor Commented:
The Error is "No Network provider accepted the given network path."

The credentials are correct.

The app never even begins install.  It can't get through to the PC so there are no logs to speak of in the TEMP folder.

0
DanRaposoAuthor Commented:
 I ran wireshark on the vista box and it seems that the SEP server (0.8)is not getting the ack for the client (0.184) .  This is repeated several times until timeout ...

1307       30.154742            192.168.0.184     192.168.0.8         TCP        55032 > ms-wbt-server [ACK] Seq=1148 Ack=17918 Win=16650 Len=0  
0
Tony GiangrecoCommented:
If you install the manager, it automatically opens the proper ports. It helps if you disable disable the client firewall's then un the deployment manager (part of endpoint manager) you select the option to deploy a client. It presents you with a view of your network. You select the workstation and add it into the dialogue box. It pushes the client to the workstation and it installs without any intervention.

I just performed this process on our network. it worked perfect.
0
DanRaposoAuthor Commented:
I have the manager installed on a server box and it works for some but not all of our systems.   For example, my Vista (32-bit) system, with firewall disabled can not even be seen on the network.  But if I browse by IP, I can get there adn it will challenge for username pass of Domain Admin, but it will fail.
I have other systems that it will see, but not install properly on.   I shold also mention that we have an OpenLDAP/Samba domain not a true AD.
0
vvladaCommented:
Hi,

Did you try to use local credentials instead of domain username and password?

Best regards,
Vladimir
0
Tony GiangrecoCommented:
Check the Vista box and turn off the Firewall and disable the Anti Virus auto protest and file system protest. A;also if you have any spyware checker, disable that. If this dows not work you can copy the endpoint cliient to a flash drive or CD and then perform a manual install on that box.

Before doing that, make sure you have the correct 32 or 64 bit client.
0
DanRaposoAuthor Commented:
I was able to do the manual install, but I am trying to figure out why I can't do the automated managed install.  Firewall was off.  I may not have disable auto-protect, but I would think that now that SEP is on my system it should be allowing that through anyway ... no?


0
Tony GiangrecoCommented:
If this PC is in the same domain and you are logged into the domain, there could be an anti spyware app that is blocking it.

The push process normally works great for me. Ocassionally I have to use the manual install. Sometines it's quicker to just accept a manual and get on with the days tasks. i'm sure you understand....
0
DanRaposoAuthor Commented:
I believe this is a case of running an OpenLDAP domain instead of AD.  I believe it is not always passing the proper local administrator credentials.  I believe this should be closed.  There were  sme helpful answers in here.  Moderators can I award points?
0
ChiefITCommented:
There is no need to ask moderators if you can award points.

If you are satisfied with your answer, click on the tab that says accept as answer, or accept multiple answers. Then, you can award points.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.