CAM Communication issue with Symantec Endpoint Protection

book

Article ID: 5953

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction

CAM Communication issue with Symantec Endpoint Protection (SEP).

CAM communication does not work with the default UDP packet size of 8397 bytes. There are network errors seen in the CAM logs as below.

15:40:39.492 send_message(): Seq 2428, XX, from SERVERABC.ABC.CA.COM/CAI001344-00036, to 10.1.1.11/U-SECTOR_SRV, len 1359, data >Caxxxx<, created 31935, life 0, notifFy: yes, flags: 1, src 10.1.1.8, dst 10.7.48.11 

15:40:40.508 timer: discarding message sequence 2428 

15:40:40.508 start_poll( 10.1.1.11:4104, index 0 ) called 

15:40:40.508 bounce() called 

15:40:40.508 discarding message (reason: network error) ... 

15:40:40.508 bounce(): Seq 2428, XX, from SERVERABC.ABC.CA.COM/CAI001344-00036, to 10.1.1.11/U-SECTOR_SRV, len 1359, data >Caxxxx<, created 31935, life 0, notify: yes, flags: 1, src 10.1.1.8, dst 10.1.1.11 

15:40:40.508 swap_addr() called 10.1.1.11/U-SECTOR_SRV->SERVERABC.ABC.CA.COM/CAI001344-00036 

 

Camping and Nping (Nmap.org) seem to work with large UDP packet size of 10000 bytes confirming that there are no UDP packet drops.

Environment

CA Client Automation Version - 12.8, 12.8 FP1, 12.9, 14.0, 14.0 SP1

Resolution

This problem may happen due to 'Symantec Endpoint Protection'. 

Symantec Endpoint Protection (SEP) supports the following actions - where the traffic is allowed or blocked or the user is prompted.

  • Allow

    Allows any communication of this type to take place.

  • Block

    Prevents any communication of this type from taking place.

  • Ask

    Asks the user to allow or block the traffic.

However, for some reason instead of blocking or allowing traffic, SEP was allowing smaller UDP packet size with CAM fragment size set to 1024 but was blocking 5% of larger UDP packet sizes randomly. 

The only way to get around this problem is to uninstall Symantec Endpoint Protection as disabling SEP still locks down the system.

 

If you experience similar behavior, please open a support issue with Symantec.