search cancel

Endpoint Protection clients do not fail over or load balance to other managers

book

Article ID: 174054

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Once a Symantec Endpoint Protection (SEP) 14.2 client successfully connects to a Symantec Endpoint Protection Manager (SEPM), it doesn't attempt to communicate with other SEPMs even if it can no longer communicate with that SEPM. This commonly happens after updating the server certificate on a SEPM in the environment.

Cause

The SEP 14.2 client uses a new communications module that doesn't contain logic to move to another manager in the event of a certificate based communications failure. Instead, the client continues to attempt to communicate with the last manager it successfully connected to.

Resolution

To work around this problem after it happens, generate a new sylink communications file and deploy it to the affected clients. See Restoring client-server communications with Communication Update Package Deployment​ for more information.

To prevent this problem, be sure to follow best practices before updating a SEPM certificate, follow the steps in Update the server certificate on the management server without breaking communications with the client. Specifically follow the steps in the To update the server certificate on a single management server site without breaking communications with the client section. Do not attempt to use the steps for a multi-management server site with 14.2.x clients.

Note: If clients are configured to check the server certificate for HTTPS connections, and the server certificate is expired, you will need to work around the problem using the method above.

{SUBSCRIBE.EN_US}