Hello everyone, I have SEPM 14 with SQL database which is unable to download the definations. Whenever we try run an luall.exe it connects to live update downoad few KBs and then the connection fails. Attached is the screenshot.

Tried couple of fixes for it. Uninstall and reinstalled back Live Update component. Also if we try to use jdb files for update it works and updates fine. SEPM is already whitelisted on the proxy server and the firewall.

Increased the time out values

PREFERENCES\INTERNET_CONNECT_TIMEOUT=144
PREFERENCES\INTERNET_READ_DATA_TIMEOUT=1400

as per https://support.symantec.com/en_US/article.TECH188847.html

 

Also ran wireshark and find out the below many 404 erros dont know what exactly is happening

GET http://liveupdate.symantecliveupdate.com/liveupdate_3.3.100.15_english_livetri.zip HTTP/1.1

Accept: */*

Cache-Control: max-age=0

User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA

Host: liveupdate.symantecliveupdate.com

Proxy-Connection: Keep-Alive

Pragma: no-cache

 

HTTP/1.1 404 Not Found

Cache-Control: max-age=600

Content-Type: text/html

Date: Tue, 03 Oct 2017 08:55:33 GMT

Expires: Tue, 03 Oct 2017 09:05:33 GMT

Server: ATS/5.3.1

Content-Length: 345

Age: 1

Connection: keep-alive

 

<?xml version="1.0" encoding="iso-8859-1"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<title>404 - Not Found</title>

</head>

<body>

<h1>404 - Not Found</h1>

</body>

</html>

GET http://liveupdate.symantecliveupdate.com/minitri.flg HTTP/1.1

Accept: */*

If-Modified-Since: Mon, 24 Jun 2013 23:51:06 GMT

Cache-Control: max-age=0

User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA

Host: liveupdate.symantecliveupdate.com

Proxy-Connection: Keep-Alive

Pragma: no-cache

 

HTTP/1.1 304 Not Modified

Date: Tue, 03 Oct 2017 08:55:33 GMT

Etag: "1813808236"

Expires: Tue, 03 Oct 2017 09:25:33 GMT

Cache-Control: max-age=1800

Connection: keep-alive

Server: ATS/5.3.1

 

GET http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.100.15_english_livetri.zip HTTP/1.1

Accept: */*

Cache-Control: max-age=0

User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA

Host: liveupdate.symantecliveupdate.com

Proxy-Connection: Keep-Alive

Pragma: no-cache

 

HTTP/1.1 404 Not Found

Cache-Control: max-age=600

Content-Type: text/html

Date: Tue, 03 Oct 2017 08:55:39 GMT

Expires: Tue, 03 Oct 2017 09:05:39 GMT

Server: ATS/5.3.1

Content-Length: 345

Age: 2

Connection: keep-alive

 

<?xml version="1.0" encoding="iso-8859-1"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<title>404 - Not Found</title>

</head>

<body>

<h1>404 - Not Found</h1>

</body>

</html>

GET http://liveupdate.symantecliveupdate.com/sepm$20content$20catalog_14.0_symalllanguages_livetri.zip HTTP/1.1

Accept: */*

If-Modified-Since: Mon, 04 Sep 2017 15:38:53 GMT

Cache-Control: max-age=0

User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA

Host: liveupdate.symantecliveupdate.com

Proxy-Connection: Keep-Alive

Pragma: no-cache

 

HTTP/1.1 304 Not Modified

Date: Tue, 03 Oct 2017 08:55:39 GMT

Etag: "3589382957"

Expires: Tue, 03 Oct 2017 09:05:39 GMT

Cache-Control: max-age=600

Connection: keep-alive

Server: ATS/5.3.1

 

GET http://liveupdate.symantecliveupdate.com/sepm$20liveupdate$20database_14.0_symalllanguages_livetri.zip HTTP/1.1

Accept: */*

Cache-Control: max-age=0

User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA

Host: liveupdate.symantecliveupdate.com

Proxy-Connection: Keep-Alive

Pragma: no-cache

 

HTTP/1.1 404 Not Found

Cache-Control: max-age=600

Content-Type: text/html

Date: Tue, 03 Oct 2017 08:55:39 GMT

Expires: Tue, 03 Oct 2017 09:05:39 GMT

Server: ATS/5.3.1

Content-Length: 345

Age: 0

Connection: keep-alive

 

Any help would be appreciated.

 

What does SymDiag show? Any additional error entries in the lue.log file?

Hi Brian SymDiag does not show any errors or anything, everything is green. Please find attached the liveupdate log file.

Any help would be appreciated.

Here is the packet capure log attached. Any help would be appreciated.

When did this start and how long has it been going on?

The errors you see are similar to what is noted here:

http://www.symantec.com/docs/TECH237144

Hi Brians this issue is happening for so many weeks now.

It does not appears to be an issue with SEPM ifself as if you try to update it offline via jdb it is done quickly.

problem should be on your firewall, from the SEPM server check if you are able to download this

How to determine whether your firewall is blocking LiveUpdate

https://support.symantec.com/en_US/article.TECH102059.html

I am able to download it fine Rafeeq, followed the above KB article.

 

All the basics are in place but still this issue is very strange.

when I try the lInk, i get 404,  that may not be the issue,

however 

 

10/1/2017, 4:06:30 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/sepm$20content$20catalog_14.0_symalllanguages_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
10/1/2017, 4:06:31 GMT -> HttpSendRequest (status 304): Request succeeded - File up to date so download is not required

did you try these steps?

 

• Register SEPM with LiveUpdate after re-installation of LiveUpdate:

1. Click Start, then Run.
2. Type cmd, then click OK. This will bring up a command prompt.
3. At the command prompt type cd and the path to lucatalog.exe. By default the command would be: 
   
   cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
4. Type lucatalog.exe -update

 

• Register the SEP Client with LiveUpdate after re-installation of LiveUpdate:

1. Click Start > Settings > Control Panel.
2. Click Add or Remove Programs.
3. Click Symantec Endpoint Protection.
4. Click Change.
5. Click Next, select Repair, and click Next again.
6. Click Install.
7. Click Finish

https://support.symantec.com/en_US/article.TECH95597.html

 

If this were an issue on the Symantec side it wouldn't last for weeks and other customers would be affected. What does your external firewall logs show? Do you have a host firewall installed on the SEPM itself?

Hi Rafeeq. LU was uninstalled, then installed again and registered with SEPM.

open control pannel

select liveupdate

make it as interactive

start - run - luall.exe

select only few updates to install, check if that downloads successfully ( If you do not see SEPM as product listed, then it might be catalog issue) if it says all are up to date then it could be the DB issue.

Thanks for the reply rafeeq. Even if I select few update I get the same error, after it download few KBs.

Had same issue, it was firewall blocking.

Hi Daluga_Simmons . What exact setting was preventing it on your firewall and which firewall are you running?

third party firewall and bandwidth throttling