Endpoint Protection

Were trying to troubleshoot an issue with Live Update that appears to have popped up recently with our corporate proxies. I believe based on the wireshark traces were dealing with caching issues because i see alot of 304 messages in the traces. That being said I see the 304 messages in successful LU updates when looking at the wireshark traces so I need the technical details of how LU works.

i.e. how does the process work with the livetri and minitri to determine what to download...

Basically were having LU 1835 and LU 1814 issues. On brand new installs the full live update doesnt work from the internet inside our corporate network. For whatever reason the auto proxy configured in the browser doesnt send the client internally to get the update which then results in LU 1814. Disable proxies updates work fine internally but nothing we do gets the full update to work from the internet.

Once the full update is completed then the delta updates seem to work from the internet or internally.

I know were dealing with two seperate issues most likely.

1. Why full updates dont work from the internet but deltas do

2. Why isnt autoproxy sending the client to internal LU servers in the first place.

1. Why full updates dont work from the internet but deltas do

Your proxy might deny big downloads, do you have content filtering? what proxy you are using? ISA ? check the logs for denied connections you might find the rule and reason for it.

2. Why isnt autoproxy sending the client to internal LU servers in the first place.

for internal LU , autoproxy has nothing to do, check if clients are communicating with sepm when proxy is set, I have seen cases where improper proxy settings in registry will not allow client communication.

We use several different proxy technologies. The autoproxy is set to a particular vendors proxy server but I've also tried using manual proxy settings with two other different proxy servers. One of the manual proxy servers fails as well but the other works with the Internet or internally without issues.

These are Windows 7 systems were dealing with at this point. Can you provide more details about examples of proxy settings in the registry not working?

One other thing to note. We dont use the automatically detect proxy settings option because we use a proxy.pac file. If I leave the autoproxy setting enabled and then enable automatically detect proxy settings it still fails to the internet because its hitting the same proxy but when I try the internal LU server it works.

this is the setting

http://www.symantec.com/business/support/index?page=content&id=TECH106193

Link takes me to a generic support page

>>

<<

Sometimes you need to reload the page

same link works fine for me, yes as mentioned try reloading it should work.

Yes it works now.

I should mention that we dont use SEPM for client Live Updates. We use internal servers but they are seperate infrastructure utilizing LUA 2.x.

These clients can communicate with the SEPM server even though they have the LU issues.

add the internal liveudpate url in the trusted sites list and check.

Hi Thatdude,

Is there any reason why you don't wish for the SEPMs toupdate the SEP clients?  Generally they can do a great job of keeping the clients up-to-date.  They have the ability to generate delta defs of the correct size- a technology not built into LUA, which needs to download, distribute and store everything that might be useful to a client.

When there are several SEPMs that need to be updated it can be good to have them retrieve their SEPM defs from the LUA, and proces sthose into the client defs that their clients will need.

Hope this helps!

Mick 

I wish we could just use SEPM but we have 40,000 endpoint around the world and this isnt an option due to WAN links.

I will try this today. After meeting with out network engineers and looking at the traces the clients never even attempt to get updates internally via FTP as we see nothing in the traces. We were at least expecting to see some type of failure. This only happens when IE is set to use autoproxy. If I check automatic detect proxy settings everything works.

Hi Rafeeq.

Please speak to your internal team about this reloading of pages. This really is an anoying aspect of the Symantec site. I can't with confidence send a link to a colleague because often enbough they get the generic page & don't know to reload.

Is that because the article link according to the document is http://www.symantec.com/docs/TECH101807 but in the address bar it shows as http://www.symantec.com/business/support/index?page=content&id=TECH101807 which is completely different.

PS Just had the issue while trying the above link. A reload did not work. I had to click the link again.