Skip to main content

Symantec endpoint protection deployment fails



Deploying Symantec Endpoint Protection or SEP 14 on remote computers will fail if Firewall or services on remote computer is not properly set.

Deploying SEP version 14 to computers running Windows 8.1 will not install successfully.

If ICMPV4 is not allowed on the firewall will also cause fail deployment.

Even though ICMPV4 is enabled and allowed on the firewall and the deployment still fails.

If unable to deploy SEP 14 to remote computers running Windows 8.1, either do manual installation, send a link to user and ask them to install if user has a local admin password.

Of course, if trying to install to multiple computers remote deployment is the best way to do.

It's efficient, faster and user productivity is not disturbed.

One solution for this issue, is to enable "remoteregistry" service on the remote computers.

To enable "remoteregistry" on remote computers, open an elevated command prompt and enter the domain credentials.

Type:
C:\>sc \\James_PC_001 config remoteregistry start= auto

[SC] ChangeServiceConfig SUCCESS -- this message will be shown if the command is successful.

Next step,

C:\>sc \\sg0103 start remoteregistry 

If the command is successful a message will be displayed, success command will have this output: WIN32_EXIT_CODE    : 0  (0x0)

Once the two steps above has been done, try deploying again SEP 14 to the remote computer.

If everything goes well, deployment will be successful.

Once SEP 14 has been deployed successfully, then you need to be fair to the user.

Disable or revert back the status of the remote registry to disable.

C:\>sc \\James_PC_001 config remoteregistry start= disabled

Above command will disable the remoteregistry service.

To verify, type:
C:\>sc \\James_PC_001 stop remoteregistry 

It will show that the service is not started.

The method mentioned above also works for Windows 10 clients.

If everything is set, firewall settings verified okay. Remote registry service is not running, reboot a couple of times but still fail.

Try setting a static IP, of course don't use the IP Address that was auto set  by the DHCP.  What I mean if DHCP gives the machine 192.168.1.10, try setting up a static IP like 192.168.1.111 or any IP Address not the same with the lease IP Address from DHCP.

After setting up the static IP  try deploying again.



Cheers..hope it saves some time trying to figure out why SEP 14 cannot be deployed.




Comments

Popular posts from this blog

Copy a single file using robocopy

Copy a single file using robocopy from a local folder to a shared folder on the network.
A simple rule of thumb before any disaster strike, don't interchange the source and the destination.

If source and destination is mistakenly reverse, files might get overwritten. To avoid any loss of data do a test with a dummy file to ensure things work perfectly.
Robocopy [source][destination]   [file to be copied]
robocopy c:\local_c_folder  \\PC_network\shared_folder   file_to_be_copied_xx.txt
The command will be completed successfully provided the network access right has no issues.

Robocopy works quite good on large files. A simple copy or xcopy command will also work but the speed might vary.

Robocopy is free it can be accessed from command line. No need to install the resource kit tool if the operating system is Windows 7 or newer version.

Copy files with selected file extension using PowerShell and Robocopy:

$extension = ('.pdf', '.jpg', '.txt')
gci d:\WorkFolde…

WMIC get computer name

WMIC get computer model, manufacturer, computer name and  username.
WMIC is a command-line tool and that can generate information about computer model, its manufacturer, its username and other informations depending on the parameters provided.
Why would you need a command line tool if there’s a GUI to check?
If you have 20 or 100 computers, or even more. It’s quite a big task just checking the GUI to check the computer model and username.
If you have remote computers, you need to delegate someone in the remote office or location to check.
Or you can just write a batch file or script to automate the task.
Here’s the code below on how get computer model, manufacturer and the username.
Open an elevated command prompt and type:
wmic computersystem get "Model","Manufacturer", "Name", "UserName"
Just copy and paste the code above, the word “computersystem” does not need to be change to a computer name.
A sample output below will be generated if the co…