SAV Client Rescue

Last week I did an upgrade to our SAV server that failed. This failure resulted in the SAV server being unable to talk to the clients. The new server install laid down a new PKI folder, which is the public key for the server. Once I recovered the old PKI file, the old clients were able to talk to the new server. However, a few boxes were built during that time, and expected the temporary PKI folder that had been replaced. This is how to fix the issue. This procedure should also help you migrate from an old server to a new server (other things being equal.)

From your server, copy c:\program files\Symantec AntiVirus\grc.dat to C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\ on your client. Within 20 seconds, that file will disappear (Magic!!) You Now need to copy over the correct root certificate. On the server, it lives in c:\Program Files\Symantec AntiVirus\pki\roots, and the name is a long string of numbers, followed by .servergroupca.cer. Note that this file may live underneath \SAV instead of \Symantec AntiVirus. Copy the file from the server to the same folder in the client (be is SAV or Symantec Antivirus)

Stop and restart the Symantec Anti-Virus service on the client. This forces the client to talk to the System Center Console (SSC). Your may not see the client immediately on your SSC, but should within a few minutes. You can check the last time a server talked to the client by using the Default Console View (under View -> Default Console View.)

The only variation I’ve had from these steps is that I have needed to stop and start the services to get the grc.dat file to disappear.