-
October 31st, 2005, 02:54 PM
#1
Junior Member
Symantec AV SSC
hello
i am using symantec anti virus corporate edition version 10.
for some reason in the SSC a lot of the clients shows as if they are offline.
i can ping these machines and connect to them via netbios.
also, a few of the machines have update problems and only after adding port 2967 to the exeptions of the XP SP2 firewall they get updated.
nothing has changed in the configuration so i dont know why i need to add this port all of a sudden to the clients.
-
October 31st, 2005, 04:10 PM
#2
Havent upgraded to 10 yet
But they seem to have alot of documentation and trouble shooting on thier sitehttp://www.symantec.com/techsupp/ent...topics_ts.html
http://service1.symantec.com/SUPPORT...ent_tutweb_nam
this looks like it may help
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 31st, 2005, 04:14 PM
#3
From Symantec Platinum support:
Other server-to-server communications
In server-to-server communication, the sending Symantec AntiVirus server picks a random port, starting at TCP 1025 and moving up from that point. From that point, traffic is returned on that random port. To allow communication to pass through a firewall or gateway, create rules to allow any port to accept TCP communication on 2967 and 38293 and to allow outbound TCP communication from ports 2967 and 38293:
TCP Allow 2967 to *
UDP Allow 38293 to *
TCP Allow * to 2967
UDP Allow * to 38293
Cheers:
-
October 31st, 2005, 04:19 PM
#4
Junior Member
the question is why do i need to add these ports all of a sudden?
AV server and clients are located in a flat LAN.
also why do machines appear as offline when they are not.
-
October 31st, 2005, 04:26 PM
#5
Because the firewall is blocking communication with the Symantec AV server????
As to why...phone symantec and ask them...
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 31st, 2005, 04:31 PM
#6
Junior Member
the XP SP2 FW was always activated on the clients and there was never a problem.
i am thinking it might be to do with one of the latest Microsoft security updates as this is the only thing that has been installed on the clients/servers.
-
October 31st, 2005, 04:58 PM
#7
You mentioned that you have SAV 10 clients, however, did you install the Ver 10 SSC? If you try to manage ver10 clients with a ver 9 console bad things will happen.
Now, as for communications, they rely on NetBIOS so if you have any NetBIOS traffic blocked, they will not be able to speak to the parent server(s).
Second, the FW ports listed above assumes that you have ACLs in the path between the clients and the parent server. Only pay attention to that info if that is the case. Now, from time to time, I have seen busted installs where the client appears in the console but when visiting the workstation, they show as unmanaged. This would explain the communication issue when they cross your perimeter and check in with the Symantec servers and Symantec cannot initiate an inbound connection to you (that's a good thing).
Third, SAV10 is a huge POS. Yes. It is a perfect example of bloatware that came from a rushed development cycle and a piss poor QA cycle. However, that's another post.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 31st, 2005, 05:58 PM
#8
Senior Member
As an additional info, if your workstations are in an unmanaged state as thehorse13 mentioned, you can try to copy & paste the GRC.DAT file from the server (located at \\server\vphome\) to this folder on the workstation:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5
(the path may vary a little after the '..\Symantec\' folder...)
The workstation should pick up this file automatically and re-connect to the server, when ever it's due to check for updates, or if you simply re-start the AntiVirus service.
Hope that helps.
/ SawPer
ps. But your problem sure sounds like the XP firewall issue, try to disable it temporarily to see if it helps...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|