Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Problems instaling Symantec Endpoint Protection on Vista ... seems 137 and 138 are not listening

Posted on 2009-07-15
14
Medium Priority
?
715 Views
Last Modified: 2013-12-09
How can I make sure the proper ports are listening.  According to the tech-note ( http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111408431148) I need to make sure 137 and 138 are listening and it doesn't appear to be the case.

I am attaching a screen shot of netstat -abn  It does not show 137 and 138 as "listening"

This is a Vista system .. the firewall is disabled  ... any thoughts ?
netstatcapture.JPG
0
Comment
Question by:DanRaposo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +1
14 Comments
 
LVL 7

Accepted Solution

by:
vvlada earned 750 total points
ID: 24862354
Hi,

Do you install SEP manager or SEP client? If it is the SEPM than do you use Vista 64-bit or 32-bit? If it is 64-bit, it is not supported as platform for SEP Manager.

If you are installing just SEP client, then you should pay attention to port 80 (http) for heartbit to SEP Manager and port 8443 (https) for content and product updates and policy update.

To access the SEP Manager, after you installed it, go to the browser and go to the http://<ip address of SEP Manager computer>:9090 (in case you use default values).

Best regards,
Vladimir
0
 

Author Comment

by:DanRaposo
ID: 24862492
I am installing 32-bit client.  I am not installing manager, nor did I know there was a remotely installable manager .. so thanks for that tip ;-)

netstat -abn shows it is listening on 80 and 443, but I still can't install.
0
 
LVL 7

Expert Comment

by:vvlada
ID: 24862567
Hi,

If this is SEP client, then you don't need to check 137 and 138. Since you didn't installed the product and something is listening on 80 and 443 then it looks as you have something (maybe Skype or IIS server or something else) that prevent SEP to install. What is the exact message that you get? Did you take a look at installation log (in %TEMP% folder, just type CD %temp% in Command Prompt to see where it is).

best regards,
Vladimir
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 7

Expert Comment

by:vvlada
ID: 24862586
Hi,

I forgot to write - you don't need ports 80 or 443 on client, since the client will initiate connection to SEP Manager on some port above 1024... So, the problem is not in ports but something else. Check MS Installer on that machine...

Best regards,
Vladimir
0
 

Author Comment

by:DanRaposo
ID: 24862741
The Error is "No Network provider accepted the given network path."

The credentials are correct.

The app never even begins install.  It can't get through to the PC so there are no logs to speak of in the TEMP folder.

0
 

Author Comment

by:DanRaposo
ID: 24863193
 I ran wireshark on the vista box and it seems that the SEP server (0.8)is not getting the ack for the client (0.184) .  This is repeated several times until timeout ...

1307       30.154742            192.168.0.184     192.168.0.8         TCP        55032 > ms-wbt-server [ACK] Seq=1148 Ack=17918 Win=16650 Len=0  
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 24883950
If you install the manager, it automatically opens the proper ports. It helps if you disable disable the client firewall's then un the deployment manager (part of endpoint manager) you select the option to deploy a client. It presents you with a view of your network. You select the workstation and add it into the dialogue box. It pushes the client to the workstation and it installs without any intervention.

I just performed this process on our network. it worked perfect.
0
 

Author Comment

by:DanRaposo
ID: 24885647
I have the manager installed on a server box and it works for some but not all of our systems.   For example, my Vista (32-bit) system, with firewall disabled can not even be seen on the network.  But if I browse by IP, I can get there adn it will challenge for username pass of Domain Admin, but it will fail.
I have other systems that it will see, but not install properly on.   I shold also mention that we have an OpenLDAP/Samba domain not a true AD.
0
 
LVL 7

Expert Comment

by:vvlada
ID: 24885845
Hi,

Did you try to use local credentials instead of domain username and password?

Best regards,
Vladimir
0
 
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 750 total points
ID: 24885987
Check the Vista box and turn off the Firewall and disable the Anti Virus auto protest and file system protest. A;also if you have any spyware checker, disable that. If this dows not work you can copy the endpoint cliient to a flash drive or CD and then perform a manual install on that box.

Before doing that, make sure you have the correct 32 or 64 bit client.
0
 

Author Comment

by:DanRaposo
ID: 24895770
I was able to do the manual install, but I am trying to figure out why I can't do the automated managed install.  Firewall was off.  I may not have disable auto-protect, but I would think that now that SEP is on my system it should be allowing that through anyway ... no?


0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 24895882
If this PC is in the same domain and you are logged into the domain, there could be an anti spyware app that is blocking it.

The push process normally works great for me. Ocassionally I have to use the manual install. Sometines it's quicker to just accept a manual and get on with the days tasks. i'm sure you understand....
0
 

Author Comment

by:DanRaposo
ID: 24935979
I believe this is a case of running an OpenLDAP domain instead of AD.  I believe it is not always passing the proper local administrator credentials.  I believe this should be closed.  There were  sme helpful answers in here.  Moderators can I award points?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24984561
There is no need to ask moderators if you can award points.

If you are satisfied with your answer, click on the tab that says accept as answer, or accept multiple answers. Then, you can award points.

0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question