Agent is not getting policies from manager or is showing offline on the manager.
Multiple causes can stop the agent from communicating with the manager. You may have to check the network to make sure the agent and manager can communicate on the correct ports.
An agent may be unable to communicate with the manager for a number of reasons, but the following should help you isolate the cause:
1. Verify the sisips service or daemon is running by starting services.msc on Windows or by running 'ps -ef | grep sisips' in unix.
2. If the service/daemon is running, verify if you can ping the manager's ip and hostname.
3. If you can ping the manager, type 'netstat -anob' at the cmd line and verify that the agent is listening on TCP 2222 and that 'sisips' is the attached service.
4. If TCP 2222 is listening, Please browse to the following file on the manager and open it in wordpad:
c:\program files\symantec\critical system protection\console\critical system protection\server\agent-cert.ssl
Now browse to the following location on the agent, and open the keystore file in wordpad:
Windows: c:\program files\symantec\critical system protection\agent\ips\certs\keystore
Unix: /opt/Symantec/scspagent/IPS/certs/keystore
Please compare the hex numbers after the following text in the file "keystore':
"RSA Public Key: (1024 bit) Modulus (1024 bit): "
With the following hex numbers that come after the following text in the file agent-cert.ssl on the manager:
"RSA Public Key: (1024 bit)
Modulus (1024 bit):"
These numbers should be the same if the correct agent-cert.ssl is being used.
5. If the agent cert is correct, try re-registering the agent
6. If re-registering the agent does not resolve the problem, then uninstall/reinstall the agent.
7. If uninstalling/reinstalling the agent doesn't resolve the problem, then run getagentinfo located in the following locations:
Windows: C:\Program Files\Symantec\Critical System Protection\Agent\IPS\tools\getagentinfo.bat
Unix: /opt/Symantec/scspagent/IPS/tools/getagentinfo
8. After you run 'getagentinfo', run a packet capture (i.e., with wireshark) on the agent while you attempt to register the agent.
9. After this is completed, call support to have a case created so that an engineer can analyze the data.