Corrupted Policies (Serdef.dat) is preventing clients from starting the SEP service.

book

Article ID: 177982

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Some clients no longer check in for updates and the SEP Services do not start.  

Customer has clients that cannot start the SEP service and the tray icon is not displayed.  The SEP client may have been functioning correctly for a long period of time. Recently there was a network issue where the clients lost connectivity with the manager. 

Cause

Serdef.dat corruption occurs when a new policy is being distributed and there is a network outage.  The policy update on the client does not fully complete and this causes the client services to be disabled and fail to restart.

To verify policy, compare the policy information within the SEP Client User Interface (UI) with the policy within the SEPM.

To determine the policy in place on the client:

  1. Double click on the SEP client icon in the task bar to pull up the client UI.
  2. Click on Help and Support and select Troubleshooting.
  • The policy information that you are looking for is under "Policy Serial Number" and consists of a sequence id and date/time such as XYXY-04/02/2010 09:16:06 165.

To determine the policy the group is set to:

  1. Within the SEPM, click on Clients and select the client's group.
  2. Click on the Details tab.
  • The policy information to compare is also under "Policy Serial Number".

 A good sign of corruption is when these policy numbers do not match.

Resolution

To resolve the issue:

  1. Stop the SMC service by clicking ‘Start’ then in the Run box type “Smc –Stop”.
  2. Go to *\Program Files\Symantec\Symantec Endpoint Protection and find the Serdef.dat and Serdef.dat.bak.
  3. Rename the serdef.dat file to serdef1.dat.
  4. Rename serdef.dat.bak back to serdef.dat.
  5. Start the SMC service by clicking ‘Start’ then type in the Run box “Smc –Start”.

The client will now use the serdef.dat backup file to connect with the SEP Manager and get the new policy/updates.