2010-09-13 11:49:05.684 INFO: PushInstallClient>> stopProcess: Close ClientRemote process' outputstream.
2010-09-13 11:49:05.684 INFO: PushInstallClient>> stopProcess: Close BufferReader.
2010-09-13 11:49:05.684 INFO: ProcessManager>> Unregistered the Process ClientRemote.exe -s
The issue is caused by a change in the way Windows 7 and Windows Server 2008 R2 systems authenticate the "System" account in a domain environment.
The following behavior will be seen in these environments:
If the two machines are in different domains/workgroups, the local system accounts will be considered equivalent, and the ClientRemote/Find Unmanaged tool will operate properly.
If the two machines are in the same domain, the client will attempt to validate the server account (in our case SYSTEM account) against Active Directory, and will be told to treat it as Guest. This will prevent the deployment.
Find Unmanaged computers calls clientremote.exe to deploy the clients using the built-in System account on the system. When deploying to a Windows 7 or Server 2008 R2 client in the same domain, this will result in a failure.
In order to resolve this issue, upgrade to Symantec Endpoint Protection 12.1. The find unmanaged computers feature has been integrated into the new Client Deployment Wizard. You can search for clients in your environment by IP range and a list of the current protection technologies installed on the system will be displayed in the results. For information on how to obtain the latest build of Symantec Endpoint Protection, please see Obtaining the latest version of Endpoint Protection or Network Access Control
If you are still on Endpoint Protection 11.x, the following workarounds are available.
Alternatively, you can run the Symantec Endpoint Protection Manager service under a domain user account or domain administrator account. This will launch clientremote.exe under a domain account when using Find Unmanaged Computers, allowing the installation to go through successfully.
To change the the account that launches the SEPM service:
1.Go to Start > Run menu
3.Display the properties of Symantec Endpoint Protection Manager service
4.In Logon tab, choose “This account”
5.Apply appropriate account
6.Click on Apply
7.Click on OK
8.Restart Symantec Endpoint Protection Manager service
9.Login to Symantec Endpoint Protection Manager Console
10.Continue the deployment
Note: This is only a workaround. You should change the SEPM service account back to SYSTEM as soon as the installations are completed.
Domain environment with Windows 7 or 2008R2 clients.
Imported Document ID: TECH98273
Subscribing will provide email updates when this Article is updated. Login is required.