Posted On: 6/6/2006

Troubleshooting Parent to Child Communications in Symantec AntiVirus Corp Ed v10x

Scenario:

Newly deployed SAVCE v10x clients on WORKGROUP PC systems, behind a firewall, in a new domain. No client getting into SSC under assigned parent. Once IN the console, one-way communications only (client-to-parent). Trying to pull up logs on the client returns error.

Minimal Requirements to get this working:

Parent and Client must be able to resolve respective IP and NAME. Failing this, add an LMHOSTS entry on the parent and client to resolve IP/Name of opposite end of the connection (our domain has a fairly restrictive/minimal DNS implementation)

TCP ports 2967 open in both directions.

(updateed 6/5/06) NOTE WELL that if you are using a remote Admin SSC instance (on your desktop, for example), and you have valid TCP comms on port 2967 to/from parent and client, but do not have port 2967 open between the managed client and your remote Admin worstation, you will not be able to manage the clients (e.g. drag-n-drop between parents; retrieve client side data like logs, threat history, scan history, etc)!!

To work around this limitation, install and operate the SSC from the PARENT server using a remote desktop session or equivalent. Now you are working in an environment where port 2967 is fully operational between all core components (SSC; parent server; managed clients).

Troubleshooting:

Easy test to validate communications via port 2967 (SAV10 always "listens" on 2967): Open command session. execute the command TELNET <IP of distant system> 2967. If successful, you'll get an empty CMD session window.

Generate DEBUG logs:

This is used to diagnose the issue of a client IN the SSC, but trying to retrieve logs FROM the client via the SSC fails. Delete the client from the SSC list. Enable debug logging on the parent server and the client.

To enable SAV debug logging, first close the SSC. Then (on the parent, the client, and the SSC workstation if operated on a system other than the parent server) go to... [HKLM\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\ProductControl] and set Debug=ALL.

Open the SSC. Restart the SAV service on the client. This will generate some check-in data in the debug logs on the client and the parent. We should soon see the client re-appear in the SSC (don't forget to REFRESH the SSC).

After the client appears in the SSC, right-click on it and try to view any of the logs. Once you get an error, you can disable logging on all systems and analyze the log files or send theem to Symantec if needed. The Parent and Client log VPDEBUG.LOG is found in the SAV10 install directory. The SSC log is found in the System Center install directory.

No restart of the machine or services is necessary (other than the restart of the client to get it to check back in to the SSC). SAV immediately sees the value change and starts logging. To turn off debugging, set the DEBUG value back to the default value <blank.>