Hi all,
Quick question – is the SpanVA pingable? I am trying to work out if the server hosting SEPM can communicate with SpanVA to send logs to..
Also, is it possible to see anywhere in SpanVA if it is accepting logs from SEPM or ProxySG for example?
Thanks!
Sam
I am having trouble when attempting to view any page from the SEPM server that are sent through port 8443. When I attempt to log on to the SEPM program, I get “Unexpected server error” .
When a log on is successful, I have a 100% chance of getting “Unexpected server error” when I click on a task, such as clients, or admin.
Hi,
Got an issue after upgrade SEP from 14.0 to 14.2, i have 10 windows client upgraded and all of them unable to communicate with the SEP Server. At all clients, i found error message that said: “SSL peer certificate or SSH remote key was not OK” in the Troubleshooting – Server Connection Status window.
Another information you guys might to know:
OS: Windows Server 2012 (SEP Server & clients)
Database: SQL Server
Note: Got the installer from official site Symantec and manually installed on server and each client.
Thanks in advance.
If the device is removed, the XenMobile server will be unable to deliver a profile for a device that is not meant to manage. It is a requirement for the device to be either in a Gray/Orange Color status which states that this is DEP device.
So, after a Full Wipe is performed, the device does not need to be deleted from console. In case the admin has deleted wait for some time so that Apple server syncs back that device with the XenMobile Server and it starts reflecting again.
I’m not sure where to start, but I’m running a distribute disk image job against a machine. PC reboots, connects to PXE, boots to WinPE, loads drivers successfully, and establishes a network connection. Then it starts dagent. Dagent displays “client record updated” but that is where it stops. It shows the address for my server, it shows the address for the client, but it doesn’t display computer name or MAC address.
I’d like to troubleshoot why it hangs. Are there logs I can create that can assist here? Any advice or tips would be appreciated. I’m running a trial version of GSS 3.2 trying to get a proof of concept going so we can evaluate this product.
Endpoint Prevent – Copy to Share – Not Working Properly
Dear DLP community
I am in a bit of a confusion here while I am currently testing out the “Copy to Share” functionality of Endpoint Prevent.
We are using DLP 14.6MP2 with also the agents running the same version.
Goal is to monitor a particular share on Windows 7 clients.
This share is mounted as a separate drive on a per-user base.
So far, nothing special. Should be possible to setup fairly easy – I thought.
Now, two days and quite some confusion and frustrating monents later, I see this might not be the case.
Of course, I assume that I am missing something.
I have activated the functionality in a test Agent Configuration. This Agent Configuration is assigned to my test workstation.
Also, I have added the file filter to include this particular share. There, I added the FQDN with share name as well as the IP of the server with the share name.
Like \servername.domainsharename* and \ipaddresssharename*
To make it effectively search for content, I created a new policy which contains a combined detection rule, a group rule and a response rule.
Detection rule:
Keyword Match AND Protocol is Copy to Network Share
Group rule:
Sender matches pattern of my test user domain name domainnameusername
Response rule:
Endpoint Prevent User Cancel when Protocol or Endpoint Monitoring is any of Copy to Network Share
The policy is active and assigned to a Policy Group that is actively assigned to my Endpoint Prevent server.
So much for the details.
What really happens now:
When I copy a file containing the defined keyword to the share I am monitoring, it gets detected. The warning pops up.
BUT: This also happens for each other network share, when I copy the test file.
What am I missing? Detailed configuration available if of any use.
Cheers
DrJay
A pretty tough task – I doubt that you will receive a straight answer.
This is how I would proceed:
– On the target server create a fake hosts table resolving all your current NW client names.
– Copy the NW databases to the new system – different directory!!
Forget the /nsr/index directory right now – it is nice to have but not mandatory.
– Copy the NW software to the target system
– Disconnect the network of the new host completely
– Rename the target server so that it will have the exact name as before
– Install the same NW version in the same directory as on the old system
– Copying the resource files will most likely not work for all of them – just think about the different device names
– Start NW and wait until it has started successfully.
It will take a few minutes
It will take much longer if he cannot resolve the hostnames
– Make sure to get the most important resources to work.
– Finalize the NW configuration
– Make sure you can run local backups and restores
Now you may restore/move the client file index directories
TEST – TEST – TEST !!!
– If your system runs fine, you may now try the upgrade to NW 9.x
TEST – TEST – TEST !!!
– Now you may shutdown the old server and
– Connect the new server to join the network
Pretty much things to do. Good luck.
Hi,
We have about 1000 +/- SEP12 managed endpoints (mainly windows while others are mac) pointing to our SEPM12 server and we have a new SEPM14 server setup with a different name and ip address. Rather than manually upgrade the endpoints from SEP12 to SEP14, is there a way to route the SEP12 endpoints to SEPM14 and then have them upgraded to SEP14? Please note we cannot perform SEPM14 Remote Push for security reasons. Thanks!
Not particularly, in general, try to consolidate down your number of shares and Drive letters from the windows servers into as simple of a folder structure as possible on Isilon. I once helped a customer migrate from 16 windows file servers with only 60TB of data, onto an Isilon cluster. There were 9,000 SMB shares covering that 60TB of data. Turns out, as you might have guessed that 8,200 of those are 1 share per user for home directories. With some powershell scripting to update AD profile paths during the cutover event, those 8,200 were cut down to just 1 share with variable expansion.
So:
\cluster-scz.domain.comhome points to /ifs/accesszone/homedirs/%U
Also, never use /ifs/data, /ifs/home, or /ifs/.ifsvar to store any user data. So in general make sure you understand good tenants of Isilon filesystem design/layout.
Make sure you understand the pros/cons of using user quotas versus directory quotas for homedirs. (directory quotas will show the mapped network drive as the size of the hard quota limit). User/Group Quotas will show the mapped network drive size as the size of the cluster, though the provisioning can be done dynamically per user, which is really helpful.
Think about the data itself and the users themselves. I once came across a customer that wanted to protect the data of their VP’s and above (CxO) at a higher level than their normal users. So they created a different folder for those VIPs, and set a different filepool policy on that directory and it’s contents, I think 4x mirroring instead of N+2:1 at the time (erasure coding in the old format).
Think about self-service restore with snapshots / VSS integration. What’s makes sense for application data in other folders may not be right for homedirs.
Setup your email templates for quota notifications, (assuming you get to use quotas).
That’s all that comes to mind off the top of my head. OneFS 8.x + only introduces concepts that may be more helpful in multi-tenant homedir environments, like groupnets. But unless you have to have those, I’d avoid them.
Chris Klosterman
Principal SE, Datadobi
Hi,
I am just getting started with this product, as I’m trying to help out my church with a few tecnical tasks. We are running version 14 build 2349, (14.0.2349.0100).
We have a Windows 10 Pro workstation that I recently updated and am trying to install an endpoint manager client. According to the endpoint server, I can create a client install package for Windows 64bit version 14.0.2349.0100, but when I attempt to install on the client, it is said to be incompatible.
Do I need to download new client versions to the server? Does the endpoint protection server maybe need to be updated? Any help you can give to put me on the right track is greatly appreciated.
Thanks!