Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Can I use LUA to update SEP Clients directly?

Migration User

Migration UserDec 01, 2011 12:29 PM

Mick's pretty much the LUA expert :) sandra

  • 1.  Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 03:32 AM

    Hi all,

    In my SEP environment I have a location with very low bandwidth but lots of Clients. I tried to use GUPs, but those do not work correctly. Seems like the Clients are having Problems connecting to the GUP as it is based in another Subnet (at least that is my assumption why it doesn't work).

    So what I did was setting up a LUA Server onsite and have it download and distribute Virus-Definitions locally. So far, this seems to work great and the Updates are distributed to the Standard-Production Distributioncenter (http://<IP of LUA Server>:7070/clu-prod).

    I then Created a Live-Update Policy on the SEPM, were I disabled "Use Management Server" and Enabled "Use Live-Update Server" and set the above mentioned URL as LiveUpdate Server.

    But it doesn't seem to work. So the question is: Is it even possible to directly connect SEP Cleints to a LUA ?

     

    Regards

    Stephan



  • 2.  RE: Can I use LUA to update SEP Clients directly?

    Broadcom Employee


  • 3.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 03:47 AM

     

    Solution


    Custom LiveUpdate host files are created using the LiveUpdate Administration Utility's Host File Editor. The default location where customized host files are saved on the server is C:\Program Files\LiveUpdate Administration.

    Liveupdt.hst files should be copied to the client computer's C:\Program Files\Symantec\LiveUpdate directory. For LiveUpdate version 1.6x and earlier, Liveupdt.hst remains in this folder. In later versions, the Liveupdt.hst file is read, its contents used to update Settings.LiveUpdate, and then deleted. It is therefore not always present in the C:\Program Files\Symantec\LiveUpdate.

    Liveupdt.hst files should not be placed in the Documents and Settings\All Users\Application Data\Symantec\LiveUpdate directory or in the C:\WINDOWS\system32\drivers\etc directory.

    Settings can be updated from the Symantec System Center for managed Symantec AntiVirus (SAV) clients. It is not generally necessary to manually copy the liveupdt.hst files to managed clients if LiveUpdate has been configured from the SSC.

    For more information, see the Configuring clients to use a Central LiveUpdate server section of the LiveUpdate™ Administrator's Guide.



  • 4.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 04:05 AM

    Thank you both Pete and Ajit,

    I read your suggestions but it seems to me those only apply to unmanaged Clients.

    But my clients are managed through SEPM and I have configured the LiveUpdate tab accordingly (in the LiveUpdate Policy for the Clients, NOT for the whole SEPM of course).

    Do I still have to fiddle around with this Liveupdt.hst-File on every single one of my Clients?

     



  • 5.  RE: Can I use LUA to update SEP Clients directly?

    Broadcom Employee
    Posted Dec 01, 2011 04:20 AM

    yes, even though the artiocle is for unmanaged, you can set the same to managed clients as well. Since you already have updated the LU policy for these managed clients to get the updates from SEPM, the steps will definetly help.



  • 6.  RE: Can I use LUA to update SEP Clients directly?

    Broadcom Employee
    Posted Dec 01, 2011 04:30 AM

    You can managed SEP clients to retrieve their necessary updates from a LUA 2.x server in their network.



  • 7.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 04:42 AM

    Hi Stephan,

    I think I can help. &: )

    First off: if the LiveUpdate policy is correctly created and applied to the client group in the SEPM, all the SEP clients should automatically receive the settings directing them to use the internal LUA address.  There is no need to also use the settings.hosts.liveupdate file.  (Those hosts files will work with managed clients, but it is easier and better to just configure the seeetings in SEPM policies.)

    So: have you 100% confirmed that the LiveUpdate policy is correctly created and applied to the right group-?  Feel free to add screenshots to this forum thread, if you like: admins can probably spot any errors pretty quickly. 

    Are these SEP 11 or SEP 12.1 clients?  If it is SEP 11- check the settings.liveupdate file of the SEP clients in that office.  What is configured there?  Examine the log.liveupdate.  What exact errors are seen when they try to update?  Again, feel free to add the info from those files to this thread.

    LUA 2.x is a fantastic tool.  I know a good bit about it- please add your info to this thread and let's see if we can't get to the bottom of the problem quickly.  &: )



  • 8.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 07:26 AM

    Hi Mick,

    I hope you've got some advice, as I don't want to mess around with every client there is in this location ;-)

     

    Here are some Screenshots of my settings

     



  • 9.  RE: Can I use LUA to update SEP Clients directly?

    Broadcom Employee
    Posted Dec 01, 2011 07:31 AM

    has the client taken the new liveupdate policy?

    can client browse the LUA server and see the definitions?



  • 10.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 07:50 AM

    As long as that IP address (http://<LUA IP>:7070/clu-prod) can be reached by the SEP clients in that office, the settings look OK to me. 

    What's in the settings.hosts.liveupdate on the clients?  Also, the log.liveupdate?

    (Also: what exact version of SEP 11 are you running on those clients-?



  • 11.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 08:16 AM

    Hi Pete,

     

    I will have to look this up on site.

    I will try to do that ASAP, but it will take some time.

     

    Regards Stephan



  • 12.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 08:18 AM

    Hi Mick,

    I'll have to look this up on site, too.

    We are currently using SEP 11.5 on the Server + Clients. LUA Version is 2.2.2.9 (From SEP 11.6A CD)

    Regards Stephan



  • 13.  RE: Can I use LUA to update SEP Clients directly?

    Broadcom Employee
    Posted Dec 01, 2011 08:24 AM

    Thumbs Up to Mick2009's suggestion as well !

    while checking on client you also need to check

    What's in the settings.hosts.liveupdate on the clients?  Also, the log.liveupdate?



  • 14.  RE: Can I use LUA to update SEP Clients directly?

    Posted Dec 01, 2011 12:29 PM

    Mick's pretty much the LUA expert :)

    sandra



  • 15.  RE: Can I use LUA to update SEP Clients directly?

    Posted Feb 13, 2012 07:14 AM

    Hi everybody,

     

    thank you all for your suggestions. We solved the Problem by migrating to SEP 12.1RU1... and suddenly the GUP works as expected :-)

     

    Regards

    Stephan