You use Symantec System Center and either Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x. The communication between clients and servers does not work correctly. You may see one of the following symptoms:
- Clients disappear from Symantec System Center
- Clients cannot be configured from Symantec System Center
- Clients do not receive automatic virus definition updates
Before you begin: Before you follow the directions in this document, confirm basic network communication by using the ping, netstat, and telnet commands.
For directions, read Symantec AntiVirus Quick Communications Check.
If you see an error message or an entry in the Windows Event Viewer, first follow the directions in the document for that error message. You can find a list of documents that relate to common error messages in the References section of this document. If your error message does not appear in the list, search the Symantec Knowledge Base for a relevant document.
This document provides tools and techniques to help you troubleshoot common communication problems with Symantec Client Security and Symantec AntiVirus. In many cases, the procedures in this document can solve the problem. If problems persist after you complete the steps in this document, contact Symantec Technical Support for assistance. Take note of each change or discovery that you make while you use this document. Symantec Technical Support needs this information if you request assistance.
The following topics address the most common causes of communication problems with Symantec Client Security 3.x and Symantec AntiVirus 10.x
Symantec System Center does not hold any real time data for the environment. It is only a cached copy of the information from each parent server. When a change is made in Symantec System Center, a change request is sent to the correct Symantec AntiVirus server. The Symantec AntiVirus server processes the change and then sends it to the Symantec AntiVirus clients by using the Grc.dat file. The communications process that is used is the same, regardless of where you installed Symantec System Center and Symantec AntiVirus server. If they are both installed on the same computer, the same network communications still occur.
Common communication problems
A change in a parent server's computer name causes communication to fail. If you recently changed a parent server's IP address, or if your parent server has more than one Network Interface Card, first read the documents that apply to your situation:
When you install Windows XP Service Pack 2, Symantec AntiVirus appears automatically in the list of exceptions. However, the application that is associated with the rule does not handle communication. In order to allow Symantec AntiVirus to communicate, you must create exceptions for the correct services.
For help, read the document Adding service exceptions in Windows Internet Connection Firewall to allow Symantec AntiVirus to communicate.
Troubleshoot other communication problems
When you troubleshoot communications, at least three possible points of failure exist: Symantec System Center, the Symantec AntiVirus server, and the Symantec AntiVirus client. Start with the first section, "Make sure that information in Symantec System Center is up to date" and follow the directions in the order that they appear.
Confirm the presence of the server group root certificate and server private key
Communication fails if the server group root certificate and server private key are not present on Symantec AntiVirus servers, managed clients, and the computer that runs Symantec System Center.
Primary servers and secondary servers cannot communicate if the primary server's private key is not present on each computer. Legacy clients and servers do not need root certificates or private keys to communicate.
About the server group root certificate
The server group root certificate is a file in the following format:
The following is an example of a server group root certificate file name:
About the server group private key
The server group private key is a file in the following format:
The following is an example of a server group private key file name:
To confirm the presence of the server group root certificate
If the primary server does not have a server group root certificate, do one of the following:
To confirm the presence of the server private key on primary servers and secondary servers
If the primary server does not have a server private key, do one of the following:
Make sure that information in Symantec System Center is up to date
Run the Discovery Service to make sure that Symantec System Center has current information.
To update information in Symantec System Center
If the communication problems persist, continue with the "Make sure that Symantec System Center works correctly" section of this document.
Make sure that Symantec System Center works correctly
The first step is to stop and restart all of the communication-related services. Not all services are present on all Symantec AntiVirus servers. If you do not see a service, skip to the next service in the list, unless the missing service is Symantec System Center Discovery Service or Intel PDS. If Symantec System Center Discovery Service or Intel PDS is not listed, remove and reinstall both Symantec AntiVirus and Symantec System Center.
To resolve problems with Symantec System Center
If the communication problems persist, continue with the "Make sure that the Symantec AntiVirus server works correctly" section of this document.
Make sure that the Symantec AntiVirus server works correctly
Follow these steps on the primary server and any affected parent servers.
To resolve problems with the Symantec AntiVirus server
If the communication problems persist, continue with the "Make sure that the Symantec AntiVirus client works correctly" section of this document.
Make sure that the Symantec AntiVirus client works correctly
Follow these steps on the affected clients.
To resolve problems with Symantec AntiVirus client
If the communication problems persist, continue with the "Make sure that the Symantec AntiVirus server and client communicate correctly" section of this document.
Make sure that the Symantec AntiVirus server and client communicate correctly
Often, you can restore client communication with the parent server by dropping a copy of the parent's Grc.dat file on the client. If this step does not restore communication, and you have followed the directions in the other sections of this document, debug client-to-parent communication to find out whether the client and server can communicate.
To restore client communication with a parent server
To debug client-to-parent communication
To debug parent-to-client communication
For advanced debugging options, read the document Debugging secure communication in Symantec AntiVirus Corporate Edition 10.x and Symantec Client Security 3.x.
The following documents address the most common communication problems with Symantec Client Security 3.x and Symantec AntiVirus 10.x:
To change the Default Impersonation Level using Dcomcnfg.exe
To confirm and set up shares
To disable the "Disable the run once list" policy in the Group Policy Object Editor
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Set default language
Do you wish to save this as your future site?