Symantec Endpoint Protection Manager Logs Are Huge

Recently a server's OS drive filled up very quickly before I realised that I had not turned on log truncation in Symantec Endpoint Protection Manager (SEPM). As soon as I performed a truncation and set SEPM to do it every four hours, all was well with the server.

To do this complete the following:

1. Log in to the SEP Manager.
2. Click Admin and select Servers.
3. Select the localhost under Servers.
4. Under Tasks, Select Edit Database Properties.
5. In the General tab under Database Maintenance Tasks.
6. Select the checkboxes next to Truncate the database transaction logs and Rebuild Indexes.
7. Click OK to apply the changes.

References:
http://www.symantec.com/connect/forums/symantec-endpoint-protection-db-log-problem

Symantec Endpoint Protection Manager version 11 Recovery

See this link:
http://www.symantec.com/business/support/index?page=content&id=TECH102333



...that is all.

Symantec Endpoint Protection Has Detected Pending Changes

When installing Symantec Endpoint Protection, sometimes you will see an error message that "Symantec Endpoint Protection has detected that there are pending system changes that require a restart", but a restart does not fix the issue.

In that case, do the following:

Delete the registry key: "PendingFileRenameOperations" in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager".

References:
http://www.symantec.com/connect/forums/win7-issue-symantec-endpoint-protection-has-detected-there-are-pending-system-changes-require

Symantec Endpoint Protection Manager 11 - Unable to Communicate with Reporting Component

• If you are on a 32-bit OS, skip the next step.
• If you are on a 64-bit OS, first go to 32-bit ODBC Control Panel. To do this do the following:

Go to %systemroot%\Windows\SysWoW64 folder (Example - Click Start -> Run -> C:\Windows\Syswow64 and click on OK)

Locate Odbcad32.exe & double click on the file

Click on System DSN Tab

You will find the "SymantecEndpointDSN" listed in the window.

Now click on the CONFIGURE button and proceed with the configuration of the DSN for the Symantec Endpoint Protection Manager 

• Open ODBC (using instructions above if on a 64-bit OS), then do the following:

Select Configure on the SymantecEndpointSecurityDSN 

Under the LOGIN tab set it to Supply User ID and password and type:
User ID: dba
Password: Login password to the SEPM 

Under the DATABASE tab configure these options:
Server Name: Name of Server
Database Name: sem5 (if you are using the embedded database) 

Under the NETWORK tab configure these options:
Check TCP/IP and enter: "host=IPAddressofServer" without the quotes. 

Now test connection. You should receive Connection Successful.

References:

http://www.symantec.com/connect/forums/unable-connect-reporting-component-symantec-endpoint-protection-mr2

http://www.symantec.com/business/support/index?page=content&id=TECH103990

Symantec Endpoint Protection Manager Database Will Not Start

If Symantec Endpoint Protection Manager v11 embedded database does not start, try the following:

The below article describes how to recreate the embedded database's log file:
http://www.symantec.com/docs/TECH169664

A SEP11 version of the steps is:

Go to "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\" and rename sem5.log to sem5.log.old
Click Start, click on Run and Type "CMD" then click OK
In the Command Prompt type: "CD C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\" and press Enter this will change directories to the folder containing dbsrv9.exe.
To force the recreation of sem5.log. Type: "dbsrv9 -f "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.db" and press Enter
Click Start, click on Run and Type "services.msc" then click OK and start the Symantec Embedded Database Service
Start the Symantec Endpoint Protection Manager service.

Don't forget to adjust the paths if your SEPM is on a 64bit OS

References:
http://www.symantec.com/connect/forums/embedded-database-will-not-start