Problems instaling Symantec Endpoint Protection on Vista ... seems 137 and 138 are not listening

How can I make sure the proper ports are listening.  According to the tech-note ( http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111408431148) I need to make sure 137 and 138 are listening and it doesn't appear to be the case.

I am attaching a screen shot of netstat -abn  It does not show 137 and 138 as "listening"

This is a Vista system .. the firewall is disabled  ... any thoughts ?
netstatcapture.JPG
DanRaposoAsked:
Who is Participating?
 
vvladaConnect With a Mentor Commented:
Hi,

Do you install SEP manager or SEP client? If it is the SEPM than do you use Vista 64-bit or 32-bit? If it is 64-bit, it is not supported as platform for SEP Manager.

If you are installing just SEP client, then you should pay attention to port 80 (http) for heartbit to SEP Manager and port 8443 (https) for content and product updates and policy update.

To access the SEP Manager, after you installed it, go to the browser and go to the http://<ip address of SEP Manager computer>:9090 (in case you use default values).

Best regards,
Vladimir
0
 
DanRaposoAuthor Commented:
I am installing 32-bit client.  I am not installing manager, nor did I know there was a remotely installable manager .. so thanks for that tip ;-)

netstat -abn shows it is listening on 80 and 443, but I still can't install.
0
 
vvladaCommented:
Hi,

If this is SEP client, then you don't need to check 137 and 138. Since you didn't installed the product and something is listening on 80 and 443 then it looks as you have something (maybe Skype or IIS server or something else) that prevent SEP to install. What is the exact message that you get? Did you take a look at installation log (in %TEMP% folder, just type CD %temp% in Command Prompt to see where it is).

best regards,
Vladimir
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
vvladaCommented:
Hi,

I forgot to write - you don't need ports 80 or 443 on client, since the client will initiate connection to SEP Manager on some port above 1024... So, the problem is not in ports but something else. Check MS Installer on that machine...

Best regards,
Vladimir
0
 
DanRaposoAuthor Commented:
The Error is "No Network provider accepted the given network path."

The credentials are correct.

The app never even begins install.  It can't get through to the PC so there are no logs to speak of in the TEMP folder.

0
 
DanRaposoAuthor Commented:
 I ran wireshark on the vista box and it seems that the SEP server (0.8)is not getting the ack for the client (0.184) .  This is repeated several times until timeout ...

1307       30.154742            192.168.0.184     192.168.0.8         TCP        55032 > ms-wbt-server [ACK] Seq=1148 Ack=17918 Win=16650 Len=0  
0
 
Tony GiangrecoCommented:
If you install the manager, it automatically opens the proper ports. It helps if you disable disable the client firewall's then un the deployment manager (part of endpoint manager) you select the option to deploy a client. It presents you with a view of your network. You select the workstation and add it into the dialogue box. It pushes the client to the workstation and it installs without any intervention.

I just performed this process on our network. it worked perfect.
0
 
DanRaposoAuthor Commented:
I have the manager installed on a server box and it works for some but not all of our systems.   For example, my Vista (32-bit) system, with firewall disabled can not even be seen on the network.  But if I browse by IP, I can get there adn it will challenge for username pass of Domain Admin, but it will fail.
I have other systems that it will see, but not install properly on.   I shold also mention that we have an OpenLDAP/Samba domain not a true AD.
0
 
vvladaCommented:
Hi,

Did you try to use local credentials instead of domain username and password?

Best regards,
Vladimir
0
 
Tony GiangrecoConnect With a Mentor Commented:
Check the Vista box and turn off the Firewall and disable the Anti Virus auto protest and file system protest. A;also if you have any spyware checker, disable that. If this dows not work you can copy the endpoint cliient to a flash drive or CD and then perform a manual install on that box.

Before doing that, make sure you have the correct 32 or 64 bit client.
0
 
DanRaposoAuthor Commented:
I was able to do the manual install, but I am trying to figure out why I can't do the automated managed install.  Firewall was off.  I may not have disable auto-protect, but I would think that now that SEP is on my system it should be allowing that through anyway ... no?


0
 
Tony GiangrecoCommented:
If this PC is in the same domain and you are logged into the domain, there could be an anti spyware app that is blocking it.

The push process normally works great for me. Ocassionally I have to use the manual install. Sometines it's quicker to just accept a manual and get on with the days tasks. i'm sure you understand....
0
 
DanRaposoAuthor Commented:
I believe this is a case of running an OpenLDAP domain instead of AD.  I believe it is not always passing the proper local administrator credentials.  I believe this should be closed.  There were  sme helpful answers in here.  Moderators can I award points?
0
 
ChiefITCommented:
There is no need to ask moderators if you can award points.

If you are satisfied with your answer, click on the tab that says accept as answer, or accept multiple answers. Then, you can award points.

0
All Courses

From novice to tech pro — start learning today.