Link to home
Start Free TrialLog in
Avatar of keith li
keith liFlag for Hong Kong

asked on

Symantec Endpoint Protection Manager client install packages problem

Hi All

          can not find the related computer name appeared in SEPM client list after installed the client install packages exported by the SEPM (only antivirus and antispyware) and policy I chose "export an managed client" , but the end point client software from the client computer  icon look running normally with latest virus defintions & with a green dot, any idea what goes wrong ?


Keith
Avatar of btan
btan

You may want to catch the below if you want to confirm with report in CSV or txt.
http://www.symantec.com/business/support/index?page=content&id=TECH104852

Likewise as below, can also try ]the reports section, select computer status as report type, then select client inventory for select a report and probably just set a period to include all machines. It should be showing webpage on the findings
http://www.symantec.com/business/support/index?page=content&id=TECH95541&locale=en_US

If the above is not showing then probably we have to drill further but I leaving the assumption that SEPM need not restart or the update from client will take a while esp if upgrading comes, hopefully not a bug on the version running...
Avatar of keith li

ASKER

i have installed another SEPM, just wonder how do i move the exisiting end point client from the current SEPM to the new SEPM , and i do not want to import the database to the new SEPM, i want to move the client one by one instead, is it possible to achieve that ?
It is possible by pointing the managed SEP clients to new SEPM server via the Communication Update Package Deployment Option. Pls see the update option http://www.symantec.com/business/support/index?page=content&id=TECH199124

The above may be better in term of central managed and oversight than the other means via the dependency on Sylink replacer/Sylink drop tool. http://www.symantec.com/business/support/index?page=content&id=TECH92556
let me try it tonight
Realised I have a free upgrade from version 11 to 12.1.5 , planning to install another 12.1.5 version on other server, just wonder am I allow to migrate the current end point client from SEPM 11 to the new installed SEPM 12.1.5, can anyone provide me the documentation for the miragtion from end point client and the new installed SEPM 12.1.5 as well ? Thanks !
Since you stated SEPM was upgraded, I was thinking if your issue is pertaining to this error advised - Clients show "No Symantec protection technologies are installed" after migrating the SEPM from 11.x to 12.1
When the SEPM is upgraded from 11.x to 12.1, the clients in groups that meet these conditions will have all their protection technologies uninstalled. .... This issue is resolved in Symantec Endpoint Protection 12.1 Release Update 1 (RU1).
http://www.symantec.com/business/support/index?page=content&id=TECH164677

For the SEPM 11 to SEPM 12.1.5 (RU5), it is possible. For 11.0 case, it can be upgraded to enterprise version only.
http://www.symantec.com/connect/articles/upgrade-overview-sep-121-release-update-5-12153375000

The overall guidance is stated in fact in the below as well
http://www.symantec.com/business/support/index?page=content&id=TECH224034
... and do catch the Symantec™ Endpoint Protection 12.1.5 Installation and Administration Guide (see Chapter 6 on upgrade processes)
Note: If you upgrade from 11.0, remove any packages that are assigned to the client groups. The Maintain existing client features when upgrading option on the 11.0 package causes the upgrade to remove all protection technologies from the clients.
http://kbdownload.symantec.com/resources/sites/BUSINESS/content/live/DOCUMENTATION/7000/DOC7698/en_US/Installation_and_Administration_Guide_SEP12.1.5.pdf?__gda__=1421050422_3cf4fd4f4303efa791ddc107b7046fda

... and client should also be upgraded from 11. See the autoupgrade below link. Also note
if you upgrade from SEP 11.x and use Application and Device Control, you must disable the "Protect client files and registry keys” rule set. After the clients receive the new policy, you may upgrade using AutoUpgrade.
http://www.symantec.com/business/support/index?page=content&id=TECH96789
... and there are features renamed in the 12 as spelled out in the link below.
http://www.symantec.com/business/support/index?page=content&id=HOWTO81063
i have another issue, currently using 11.0.6005.562 , license will be expiring on 25 Feb 2015, and SEP 11.x End of support life was on 05-jan 2015, is it true that after end of support life, the virus definition will not be updated, as my case is now all the end point client can not be update the virus definition, he latest definition now shown on client was 5-jan 2015, and I have been told that I have a free upgrade to version 12.1.5, but I do need to renew the license first, and do you suggested that I should install a new server for SEPM 12.1.5 or directly upgrade 12.1.5 on the current end point server ?
Catch this SEPM FAQ
EOLS means that as of January 5, 2014, no new versions of Symantec Endpoint Protection 11.x are under development or are planned for release. All support services, including without limitation, bug fixes/patches and engineering modification, for Symantec Endpoint Protection 11.x will end on the EOLS date. Content (virus definitions) will be provided until January 5, 2015, but will not support Windows Fundamentals or PowerPC as of January 5, 2014.
The upgrade to Symantec Endpoint Protection 12.1.x is free for Symantec Endpoint Protection 11.x customers with a current maintenance contract.
 
No, you can install Symantec Endpoint Protection 12.1.x directly over your Symantec Endpoint Protection 11.x environment; however, you may find that additional or updated hardware is required. For more information, see the following knowledge base article:
http://www.symantec.com/business/support/index?page=content&id=TECH207274

The prev mentioned overall upgrade allow SEPM 11 to 12.1.5 directly - extracted here again
http://www.symantec.com/business/support/index?page=content&id=TECH224034
i'm not sure the SEPM that i'm using now is enterprise or SBE, If i'm using SBE, I can not direct upgrade to 12.1.5 ?

Symantec Endpoint Protection 11.x (can be upgraded to the enterprise version only)


am I correct for beow steps before the upgrade ?

Do it before the upgrade to avoid the ""No Symantec protection technologies are installed"

1. If i have not updated my SEPM to 12.1, remove all existing packages from your groups before performing the upgrade.



Otherwise I would need to install below RU1 after the SEPM 12.1.5 upgrade without remove all the exiting packages

solution:
1. Symantec Endpoint Protection 12.1 Release Update 1 (RU1).

workaround:
2. Uncheck the maintain existing features checkbox and specify the client features you want installed on the client.
For upgrade, check your v11 path to v12 as in. You can still upgrade for SBE but it is upgraded into Enterprise not SBE
Symantec Endpoint Protection Manager and Symantec Endpoint Protection Windows client versions do not support the following downgrade paths:

Symantec Endpoint Protection 11.0 to 12.1.2 Small Business Edition

Symantec Endpoint Protection 12.1.x (enterprise version) to Symantec Endpoint Protection Small Business Edition
http://www.symantec.com/business/support/index?page=content&id=TECH192779

You must uninstall all legacy Symantec products before you install Symantec Endpoint Protection 12.1.2. Legacy products include Symantec AntiVirus and Symantec Client Security. And do follow as advised in Symantec article below.
http://www.symantec.com/business/support/index?page=content&id=HOWTO80759

The steps stated to avoid that error is only if 11.x SEPM with packages are assigned to the groups and "Maintain existing client features when updating"  is unchecked in your upgrade process defining the client installation package.

http://www.symantec.com/business/support/index?page=content&id=TECH164677
So that before the upgrade to SEPM 12.1.5 , I do need to remove all existing packages from all the groups before performing the upgrade ? for example below screenshot, otherwise after the upgraded to 12.1.5 all the existing end point clients show no protection technologies installed, am my concept correct ?

also i need to use to remote push to upgrade the existing end point client from 11.x to 12.1.5 ?




User generated image
Ref my prev post in the last link, if you are using the SEP12.1 Release Update 1 (RU1) above, it is resolved automatically by unchecking the "Maintain existing client features when updating". The workaround is just the manual means to remove all existing packages from your groups before performing the upgrade.  

Ref my prev post in the second link, see step 6 to upgrade Symantec client software, you can go for autoupdate as well as Remote push
When Symantec provides updates to client installation packages, you add the updates to Symantec Endpoint Protection Manager and make them available for exporting. You do not, however, have to reinstall the client with client deployment tools. The easiest way to update Windows clients in groups with the latest software is to use AutoUpgrade. You should first update a group with a small number of test computers before you update your entire production network.
Would like to know where I can download  12.1 Release Update 1 (RU1). I have just upgraded to 12.1.5, but all the end point clients show offline, although I have uncheck the "maintain the existing client feature when updating" from group packages, I hope it can resolved by installed the RU1, thanks !
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
sorry for late reply, the version that I downloaded it was working, it just needs time to sync with client, everything work fine now, and can I keep end point client version to 11.x ?
should be good if it does affect and the links stated those measures in case it does not turn out well. you can monitor for time being and see if there are any side effects, if any (we should not expect any). give some grace period to monitor before deleting it but my sense is that if does not break the machine, I rather err on the safe side to stay status quo till the next new patch