This problem happens after a SEPM is added as a new replication partner while specifying a recovery file with a different KCS value than the existing SEPM Site farm.
Once the replication is done as described above and has completed and SEPMs are restarted, SEPM A got an inconsistent status by showing two different "kcs" values in its conf.properties and in sylink.xml published for its groups. Replacing the sylink.xml for the already registered clients resolves the communication issue, however newly installed clients are unable to register and connect to SEPM A.
Reconfiguring an independent SEPM to become a replication partner is not compliant with Symantec's Best Practice for configuring a replication partner already during its installation.
The SEPM encryption password is configured when the SEPM is first installed as part of the Management Server Configuration Wizard. The client's encryption password is stored in its sylink.xml configuration file as the XML value "kcs", and will also be stored in the automatically created recovery file. If the value of "kcs" is not identical to the SEPM's encryption password, the SEP client will not be able to encrypt/decrypt communications to/from the SEPM.
When a new existing standalone SEPM is reconfigured as a replication partner, the Configuration Wizard will default to using the recovery file. This can lead to the kcs mismatch and communication problems described here.
SEPM 12.1.6 (RU6) and above no longer allow you to specify a recovery file when configuring a new replication partner.
To resolve KCS a conflict:
Delete the newly added replication partner from the existing replication partner SEPM console.
Re-run the Management Server Configuration Wizard (MSCW) on the existing replication partner SEPM and choose Reconfigure the management server and use a recovery file.
Re-run the MSCW on the new replication SEPM and ensure Use a recovery file to restore communication with previously deployed clients is un-checked.
Any clients deployed from the new replication partner before making the above changes will need to have their communications settings reset either by dropping a sylink.xml file or pushing a communications package from the manager.
Imported Document ID: TECH185333
Subscribing will provide email updates when this Article is updated. Login is required.