Endpoint Protection

Hello..

A newly installed SEP 12.1 client installed via a Setup "package" wont live update whilst connecting to successfully to live update server.

Attached screenshot showing the failed messages relating to each type of File.

For example "encountered an error while downloading file sepc$20cids$20signatures..........."

Any ideas ?

Thanks

I'd recommend reviewing, or even posting, the Log.lue file on the client.

By default, the LUE log for SEP clients is located here:

• Windows Vista and above: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Lue\Logs\Log.Lue

Please download and run SymDiag for additional error checking:

Download SymDiag to detect Symantec product issues

Here is thre latest log/lue entry when you try and do manual live update

For information the SEPM management server where the package was originally created is in Germany.

The laptop is in the USA So not sure if location comes into it.

****************************************************************************************************
Symantec LiveUpdate Engine 2.3.2.7   (Release)
OS: Windows NT 64-bit, VerInfo: 10.0, ServicePack: 0.0
LanguageID: 00000409
WinHttp.dll Version: 10.0.14393.0
----------------------------------------------------------------------------------------------------
Session started at: 2016/09/14 07:56:25.814    (UTC -05:00)
ProcessId: 2876, ThreadId: 11292, SessionId: 7, Machine ID: D65A74EF-02C6-BC96-9EC1-0FF6A6734CD6, Agent Field: SEP/12.1.7004.6500, MID/{D65A74EF-02C6-BC96-9EC1-0FF6A6734CD6}, SID/7
----------------------------------------------------------------------------------------------------
  Component: Moniker: {C1D5327B-2BA6-43FA-AFE7-8E6C8360EE2D}, P: SEPC CIDS Signatures 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {51C81AF7-5A45-4BEF-9CA4-38AF3C891F46}, P: SEPC SRTSP Settings, V: 12.1 RU6, L: SymAllLanguages.
  Component: Moniker: {5A7367E1-D1F6-43b5-BD94-4AFFA896D724}, P: SEPC SMR Definitions 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {0F3370CC-CB7C-4976-9315-22E436B26137}, P: SEPC Iron Whitelist 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {7ADF5254-6017-4769-89B1-9F9CD03FA8C5}, P: SEPC Iron Settings 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {07B590B3-9282-482f-BBAA-6D515D385869}, P: SEPC Virus Definitions Win64 (x64) 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {74BC74C3-493B-46DA-B3B6-6C9C86F29B89}, P: SEPC Submission Control Data, V: 12.1 RU6, L: SymAllLanguages.
  Component: Moniker: {8020CBD2-0BA5-4FFD-BB3E-57CB42C6513C}, P: SEPC Extended File Attributes and Signatures 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {FE0C7385-92CD-4877-B26F-EE9FFB3C34E0}, P: SEPC Iron Revocation List 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {FC1DE9A6-0007-4f4a-9CDB-BB89A857F51D}, P: SEPC Virus Definitions Win64 (x64) 12.1 RU6, V: MicroDefsB.Error, L: SymAllLanguages.
  Component: Moniker: {BA569190-E525-4101-A87A-775EF73FDD26}, P: SEPC Behavior And Security Heuristics 12.1 RU6, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  OnNotify() method for callback {E8827B4A-BEEF-4dea-8C93-07B32A63D1C5} returned 0x0
  OnNotify() method for callback {2F090208-20DC-42f0-BBD8-B68B472F7215} returned 0x0
  OnNotify() method for callback {EDBD3BD0-BEEF-4d4d-BAC9-19DD32EF4758} returned 0x0
  OnNotify() method for callback {263395A0-BEEF-4be4-80B5-202C94EF4AA0} returned 0x0
  OnNotify() method for callback {810D5A61-BEEF-49c2-BD75-177F0647D2BA} returned 0x0
  OnNotify() method for callback {B6DC6C8F-BEEF-40c7-A806-B669BE1D2D19} returned 0x0
  OnNotify() method for callback {511C2222-DEFD-22EE-B154-4A6A546B9793} returned 0x0
  OnNotify() method for callback {73D8F7DB-5990-4EDF-945E-53047F1A8230} returned 0x0
  OnNotify() method for callback {57CD7B31-861B-46be-8EBD-AED7EDF28F76} returned 0x0
  OnNotify() method for callback {F845E8D8-25D9-4cbb-A20F-1350B8120133} returned 0x0
  Proxy auto-detect is enabled
  Proxy auto-detect is enabled
  Server selection complete. Server is HTTP://liveupdate.symantecliveupdate.com/ on port 80.
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20cids$20signatures$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20srtsp$20settings_12.1$20ru6_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20smr$20definitions$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20iron$20whitelist$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20iron$20settings$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20virus$20definitions$20win64$20$28x64$29$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20submission$20control$20data_12.1$20ru6_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20extended$20file$20attributes$20and$20signatures$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20iron$20revocation$20list$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20virus$20definitions$20win64$20$28x64$29$2012.1$20ru6_microdefsb.error_symalllanguages_livetri.zip
  retrying download 2 times.
  retrying download 2 times.
  retrying download 2 times.
* Failed download for file sepc$20behavior$20and$20security$20heuristics$2012.1$20ru6_microdefsb.curdefs_symalllanguages_livetri.zip
* All updates failed to download. Reason for failure could be found in callback status for individual updates.Exiting with Error Code: 0x85070002
  OnNotify() method for callback {E8827B4A-BEEF-4dea-8C93-07B32A63D1C5} returned 0x0
  OnNotify() method for callback {2F090208-20DC-42f0-BBD8-B68B472F7215} returned 0x0
  OnNotify() method for callback {EDBD3BD0-BEEF-4d4d-BAC9-19DD32EF4758} returned 0x0
  OnNotify() method for callback {263395A0-BEEF-4be4-80B5-202C94EF4AA0} returned 0x0
  OnNotify() method for callback {810D5A61-BEEF-49c2-BD75-177F0647D2BA} returned 0x0
  OnNotify() method for callback {B6DC6C8F-BEEF-40c7-A806-B669BE1D2D19} returned 0x0
  OnNotify() method for callback {511C2222-DEFD-22EE-B154-4A6A546B9793} returned 0x0
  OnNotify() method for callback {73D8F7DB-5990-4EDF-945E-53047F1A8230} returned 0x0
  OnNotify() method for callback {57CD7B31-861B-46be-8EBD-AED7EDF28F76} returned 0x0
  OnNotify() method for callback {F845E8D8-25D9-4cbb-A20F-1350B8120133} returned 0x0
  ***** Session Results *****
  Total Updates Available: 0
  Total Updates Succeeded: 0
  Total Updates Succeeded - Reboot Req: 0
  Total Updates Skipped: 0
  Total Updates Failed: 0
  Session result code: 0xA100000F
* Reporting error: 0xA100000F Session failed
  Error report submitted
----------------------------------------------------------------------------------------------------
Session ended at: 2016/09/14 07:56:35.302    (UTC -05:00)
****************************************************************************************************

Hi.

I ran the diagnostic tool and as far as i can see there were no reported problems that would cause the above errors

The reporting error in the log points at a proxy issue

REF: http://www.symantec.com/docs/TECH186885

NOTE, While this article talks about an internal LUA and you're using the Default LU Servers out on the internet, the focus of your investigation should be on the proxy bit.

Oh, and also be on the lookout for network devices that could be performing packet inspection too

thanks for your response. SML.

As soon as you mentioned proxy I thought oh...... i have seen a  message from the browser sometimes when trying to download files from the internet on computers in their small office. The files cant be downloaded and are refused by some sort of http proxy config on their Watchguard Firewall.

This I passed onto another colleague who logged into their firewall and changed its config to disable this setting. After all is ok and the SEP client updates as expected.

Below is the proxy refusal message seen in the browser when trying to download a file from the internet from dell.

thanks for all your responses

I'm glad that got you sorted!  Just for reference, the bit in the log that pointed at the article I posted, was the below line:

  Session result code: 0xA100000F

It's this that suggested a proxy-related issue.

As always, please mark the relevant post(s) as the Solution, to help others who may be seeing similar issues.