Thursday, April 10, 2008

Symantec Endpoint Protection...blech

My SEPM server decided to do the BSOD the other night, at about 2:00am. Nice. Right when a few users from India were working on the server, which also happens to be our Terminal Server.

Thankfully, I didn't get a call.

I can't wait until MR2 comes out. Some of the touted improvements is a lighter weight processor footprint, fixed graphics (mine ALWAYS work at the console, just not remotely...), and I'm sure numerous other fixes.

I hope I don't have to run around the office yet AGAIN to use their sylink tool reconnect my clients. I had originally scripted it, but it doesn't work if you impose password protection on the UI...hmph...

I'd also found that logging on some of the clients was out of control. Saw many posts on Symantec's user forums to this affect, and my uninstalling and reinstalling seemed to fix that, for now.

4 comments:

John Croson said...

UPDATE - 4/14: Good news. Just started downloading MR2, and found this quote on the FileConnect site:

Product Description:
Symantec Endpoint Protection 11.0 Maintenance Release 2 (MR2) has been released. This release contains a new build of the Symantec Endpoint Protection Manager (SEPM version 11.0.2000) and the latest version of the Client binaries (version 11.0.2000).

Please note This version of the SEPM and Client binaries can be installed as a new install or as an upgrade to an existing 11.0, 11.0 MR1, or 11.0 MR1 MP1 installation.

John Croson said...

UPDATE 4/14, 2pm.

I've uninstalled this crap twice now...

Can't they just get the installer right? Each time I tried to install over the previous version, my IIS Symantec web gets hosed, and the installer fails...

This is a PITA!

John Croson said...

UPDATE: 4/15. Good thing I took care of my taxes yesterday, becuase I doubt I'll be thinking of them today.

Finally got SEPM installed last night before I left for the day. What a bummer. This is what I've discovered, while doing an in-place upgrade from MR1 to MR2.

1. You CAN install over the top of your original installation. I've noticed a couple of odd behaviors though. The first is you'll probably have to run the "Server Configuration Wizard" to reconnect your database, if you see these errors in your Application Event Log: The Java Virtual Machine has exited with a code of -1, the service is being stopped.; Event ID 4096. This error points to database connectivity, that will be restored by running the aforementioned tool.

If you restore from your old database, be sure to run the tool again, otherwise you will chase your tail as I did, re-installing this $%*+ more than once.

2. You will likely find that your client packages will not be upgraded. You may also find, like I and others did that your client installation packages are corrupted, or worse, you can't delete and re-create them.

It would seem that in order to replace the old, you must create new ones. Go to the Admin tab in SEPM, and select Install Packages, and create a new set, using the MR2 source you downloaded, specifically CD1/SEP, and choose setup.exe. Make sure you choose NOT to create a single EXE, or your clients won't auto-update...or would that be a GOOD thing, if your environment is currently stable... ;-)

John Croson said...

UPDATE 4/15, 8:45am. Boy, I'm getting tired of looking at this....

Note to anyone reading: REBOOT YOUR TERMINAL SERVER IF YOU DEPLOY SEP TO IT. You'll be getting angry emails if you don't...

SEPM is still exhibiting the "broken image linking" when viewing inside an RDP session, but not on the console...strange but true for me.

I've recreated my 11.2000 client package to a single OU, and am patiently waiting for my Command Status to update, showing me this crap will actually work.

Stay tuned, boys and girls...