TDAD AD Gateway fails to deploy after migrating the agent from SEPM-managed
search cancel

TDAD AD Gateway fails to deploy after migrating the agent from SEPM-managed

book

Article ID: 254192

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

An SES agent has been migrated from an on-premises Symantec Endpoint Protection Manager (SEPM) to the cloud. The Threat Defense for Active Directory (TDAD) AD Gateway feature does not successfully deploy, and the status is reported as "Not Responding".

Viewing the Activity History on the device, and filtering for Event Type Id:11-Command Activity shows the following:

"Command 'Feature Selection' is unsupported" or "Command 'Active Directory Gateway' is unsupported"

Environment

Component: TDAD AD Gateway

Cause

Client install files are missing from SEP cache.

Resolution

  1. Remove the failed AD Gateway from Active Directory integration in the ICDm
  2. Obtain and extract the original installation package from the old SEPM
  3. Create a new SES installation package, ensuring that the Feature Selection policy applied to the chosen Device Group has the Threat Defense for Active Directory feature selected for the relevant OS type
  4. In the extracted files from the old installation package, double-click the MSI file, then choose to uninstall the client. Reboot when completed
  5. Install the new SES installation package
  6. Add the device as an AD Gateway