Accomplishing an install of migration of the Symantec Endpoint Protection Manager (SEPM) or the Symantec Endpoint Protection (SEP) client results in a failed install or migration. Additionally, file corruption may be noted if the install is successful or not.

Accomplishing the same task locally is successfully.  The most likely cause is an improperly configured remote session.

Symptoms
Installation or migration failures while using a misconfigured remote session or remote session software.

• Product failure or configuration failure during an installation or migration through a remote session.
• Product exhibits unexpected behavior after an installation or migration through a remote session.
• When logged into the server via remote session, review the System Information application. (Start > Programs > Accessories > System Tools > System Information). Once the window for the System Information application is open, in the right hand pane, scroll down until the "User Name" value is seen. If the "User Name" is listed as "Not Available", the system is unable to identify the user's credentials and or potentially the user's rights. Please check applied account configuration and group policies.
• When logged in and running a command of "qwinsta" from a command prompt, the "ID" column is not 0 (Zero).  Any other value indicates a misconfigured remote session.
  Example:
  C:\>qwinsta
         SESSIONNAME       USERNAME                 ID    STATE   TYPE        DEVICE
  C:\>console                Administrator              0      Active     wdcon
  
  (Note: The above example is not applicable with Windows Server 2008 and RDP version 6.1 when using the /admin switch.)

Potential Causes:
1. Improper configuration of a remote session or remote session software.
2. Failed authentication of system.
3. Failed authentication of user.
4. Domain or local policy restrictions.

This scenario is seen on a very small percentage of installations or migrations. Connecting to or configuring a SEPM in a remote session is fully supported by Symantec. An installation or migration of the SEPM or unmanaged SEP client in a properly configured remote session software is fully supported by Symantec.

In a situation where a misconfigured remote session is suspected, installing or migrating the SEPM or unmanaged SEP client in a local session (physically at the system), using the Local Administrator account will resolve the issue.  The successful local install is a clear indicator that the remote session is misconfigured and requires further investigation.

Configurations:

• Microsoft Remote Desktop Protocol version 6.0 or under needs the following:
  • Proper authentication of the remote system and the user account.
  • Full administrative privileges in the console session for the system being connected to.
  • Domain policy restrictions do not interfere.
  • If connecting through Terminal Services with Server 2003, ensure that a properly configured the console session is used.
• Microsoft Remote Desktop Protocol version 6.1 or over needs the following:
  • Ensure the /admin switch is used when connecting to a properly configured Terminal Server.
  • Ensure the user account is a member of the Administrators group for the server being connected to.
• Third-party Remote Session software must ensure the following:
  • Proper authentication of the remote system and the user account.
  • Full administrative privileges in the session for the system being connected to.
  • Domain policy restrictions do not interfere with the session.

Note: Beginning in version 6.1 and above of Microsoft's RDP Client (mstsc.exe), the /console switch has been replaced with /admin. Version 6.1 is included in Server 2008, Vista SP1 and XP SP3.



Technical Information
Symantec Documentation: 

Title: 'How to install Symantec Endpoint Protection and Symantec Endpoint Protection Manager through Remote Desktop'
Document ID: TECH104331
Web URL: http://www.symantec.com/docs/TECH104331

3rd-party Remote Session Software:

If you have questions or concerns with the 3rd-party Remote Session software that you are using, such as:

• Will it allow the proper rights and permissions during a session?
• How do I configure the software to ensure the proper rights and permissions during a remote session?

Please refer to the software vendor's Support website.

Helpful Microsoft Documentation:

How to Connect to and Shadow the Console Session with Windows Server 2003 Terminal Services
http://support.microsoft.com/kb/278845

Changes to remote administration in Windows Server 2008
http://support.microsoft.com/kb/947723

About Remote Desktop Services
http://msdn.microsoft.com/en-us/library/aa380400(v=VS.85).aspx