Firewall session timeout causes Symantec Endpoint Protection Manager replication failure
search cancel

Firewall session timeout causes Symantec Endpoint Protection Manager replication failure

book

Article ID: 152676

calendar_today

Updated On:

Products

Endpoint Protection Network Access Control

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) replication fails after up to 4 hours.

  • SEPM console shows replication status as "Failed".
  • When SEPM log level is set to FINEST, one of the replication partners' replication log in tomcat logs folder (by default, it's C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs) shows messages similar to below:

------------------------------------------------------

2010-07-02 04:07:14.633 WARNING: ReplicationTask-<Site-Name>-2: ReplicationTask>> initialize: Error-> Rolling back db changes...
2010-07-02 04:07:14.633 WARNING: ReplicationTask-<Site-Name>-2: ReplicationTask>> initialize: Closing db connection...
2010-07-02 04:07:14.633 WARNING: ReplicationTask-<Site-Name>-2: ReplicationTask>> replicate: Communication Exception Error Code = -805240832 ErrorMsg Code = 130
2010-07-02 04:07:14.633 WARNING: ReplicationTask-<Site-Name>-2:
java.net.SocketTimeoutException: Read timed out

----------------------------------------------------

Cause

During a replication, a SEPM establishes a TCP connection to its partner and requests changes from the partner. Upon receiving the request, the partner retrieves the changes (since last successful replication) from its database and compress them into a zip file. This process can take some time due to reasons stated above and during this time, the TCP connection is idle. If this idle time is longer than the firewall session timeout, the firewall will remove this connection. As a result, replication will fail.

Resolution

This issue has been fixed in Symantec Endpoint Protection 11 Release Update 7 (RU7).  For information on how to obtain the latest build of Symantec Endpoint Protection, read TECH 103088: Obtaining an upgrade or update for Symantec Endpoint Protection or Symantec Network Access Control.  We have enhanced the product to send "keep-alive" packet while the TCP connection is idle during SEPM replication.  If you are not able to upgrade to RU7 you can work around the issue by reducing the ammount of data replicated and increasing the firewall session timeout to allow successful replication.


Applies To

This problem can happen when there is a proxy firewall between the 2 SEPM replication partners and a large amount of data (usually hundreds of MBs) needs to be replicated because

  • The 2 SEPMs have never replicated with each other before.
  • Or the replication between the 2 SEPMs has stopped for quite a while and it's resuming.
  • Or it's a large environment with more than thousands of clients.
Powered by Wolken Software