Endpoint Protection

after upgrating from sep RU6MP3 to RU7 the antivirus definition don't update on the clients

on the SEPM all is ok, liveupdate works fine and i can see the last antivirus defnition, BUT on ALL client the antivirus definition are old  ... yesterday definition ... the definition that the clients had BEFORE the upgrade .... however all the client have the green dot

help please.

Hi,

Run upgrade.bat file on SEPM & check.

Path would be : C:\program files\Symantec\Symantec Endpoint Protection Manager\bin\upgrade.bat

If possible retart the server because schema changes are done in RU7 if compared to RU6.

i opened the Case 415-068-629 to the support .....

Hi,

Please confirm clients are receiving correct policy from SEPM.

Policy serial number should be the same with SEPM and SEP client.

where do i find the Policy serial number on SEPM ?

SEPM is RU7 and the upgrade was all OK ....

if i download the file of the definition for the client and apply to a client the definition are update

the problem is on the communucation bettewn the sepm and all the client ... but at the moment the problem have not a solution ....

Hi,

Check this screenshot for same.

yes ... sepm and the client have the same policy serial number

attached a log file whit the errors of the communication between sepm and clients

Attachment(s)

Sylink.doc   1.48 MB 1 version

07/26 10:44:46 [2452] 10:44:46=>Send HTTP REQUEST

07/26 10:44:46 [2452] 10:44:46=>HTTP REQUEST sent

07/26 10:44:46 [2452] <SendUrlAndReceiveResponse:>SMS return=500

07/26 10:44:46 [2452] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR

07/26 10:44:46 [2452] <mfn_PrepareLUContent:>Requesting LU Info for :  Moniker: {C25CEA47-63E5-447b-8D95-C79CAE13FF79} Target Seq:80929016

SEP clients do not obtain virus definitions from the SEPM even though communication tests succeed and Sylink Monitor reveals no errors

http://www.symantec.com/business/support/index?page=content&id=TECH105515&locale=en_US

Is the SEPM successfully downloading definitions and are they being populated in the ..\SEPM\Inetpub\Conten\{moniker} directory?

i read the document ... in my IIS all virtual directory are ok ... yesterday i try with the correction of the install ..... all ok ... but i still have the problem ... client communicate with SEPM but don't upgrade the antivirus definition

yes .. in that directory i have many strange named directory with the antivirus definition ... but clients don't upgrade ....

after hours and hours at telephone with the support i still have the problem ... every upgrade i have a big problem it is an impossible situation !

i dont' want "kill" the guy that phone me, he is a good guy but i want the solution of the problem

i know that my sepm is on a workstation XP pro sp3 but BEFORE the upgrade everything works fine and i don't have problem, now i waste my time ! i'm very tired about symantec !!!

Hi,

Try to run liveupdate through SEP client and check are they able to receive updates from Symantec liveupdate server.

If their liveupdate tab is disable, please provide them access from SEPM.

Sylink monitor logs are not giving fruitful information becauase communication is OK.

If possible please provide log.liveupdate

log.liveupdate file will be available at following location
C:\Document and Setting \All users \Application data \Symantec \Liveupdate

attached the log.liveupdate

Attachment(s)

logLiveupdate.doc   3.47 MB 1 version

i proved this

"

Try to run liveupdate through SEP client and check are they able to receive updates from Symantec liveupdate server.

If their liveupdate tab is disable, please provide them access from SEPM.

"

and it works !

but i have many pc that haven't the internet access, so this pc must have the upgrade of the definition from SEPM !

very strange

if i launch the live update within the client on the sepm pc this doesn't work !

on the same pc if i launch live update within sepm it works !

why ???

rectification

if i launch the live update within the client on the sepm pc this works. but it is downloading a very hig number of files ....

Hi,

Thanks for update.

Try to run luall.exe on SEPM in interactive mode.

Check this article also

Which communications ports does Symantec Endpoint Protection use?

http://www.symantec.com/business/support/index?page=content&id=TECH163787

the communications ports are the standards default ports of the sepm installation

now i am going to try with luall.exe on sepm pc

"Try to run luall.exe on SEPM in interactive mode."

what do i control while luall.exe (3.3.0.102) run in interactive mode ?

because it run and at the end it tell me that all is updated ....

i'm always in the matter ....

thanks to Chetan Savade, all our tentative don't work,l so the problem is always on ....

i run a netstat -ab|find "8014" commnad on the pc with sepm

this is the result

  TCP    ServerBackUp:8014      ServerBackUp:0         LISTENING       1216
  TCP    ServerBackUp:8014      localhost:3953         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3969         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3952         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3968         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3965         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3949         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3970         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3954         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3966         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3950         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3967         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3948         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3972         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3964         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3947         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3978         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3973         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3977         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3976         TIME_WAIT       0
  TCP    ServerBackUp:8014      localhost:3975         TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4151          TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60671  TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4152          TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2344      TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60670  TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60672  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2345      TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4150          TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60673  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2346      TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2357      TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60674  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2347      TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4139          TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4149          TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60675  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2348      TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60668  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2356      TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60660  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2349      TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4141          TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60663  TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60667  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2351      TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4143          TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60662  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2355      TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60666  TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4142          TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2350      TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60661  TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4144          TIME_WAIT       0
  TCP    ServerBackUp:8014      bilancio:4146          TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60665  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2353      TIME_WAIT       0
  TCP    ServerBackUp:8014      collaudo1.assowerke.it:60664  TIME_WAIT       0
  TCP    ServerBackUp:8014      contabilita4:2354      TIME_WAIT       0

any opinion ???

was there any recent upgrade on the clients; like versions of IE 

is your c:\temp folder encrypted?

ie on the clients is the same of before the upgrade

the c:\tempo folder is not encrypted

one of the document says its IE9; which will cause the issue.

SEPM on Windows XP?

whats the heartbeat you have SET?

In the IIS, what is the SMTP connection set?

sepm is on a win xp sp3 pc

heartbeat is 1 hour with pull method

where do i read the IIS SMTP connection set ?

i runned Sep_SupportTool (1.0.5070) on a client e on the pc with sepm

on the cline all OK

on sepm i have 3 errors and 1 warning

you find them attached ...

Attachment(s)

errors_0.zip   226 KB 1 version

was the server rebooted?

after reboot disappear ONLY the error of LU

Hi, 

I would like to share my findings with Sep support tool.

Exsecars.log shows "Delta Generation FAILED.. (file exists with 0 size) .. Sent 469 reply and the return code: 1.. Admin CAN recover the situation.. Will attempt next sequence on the next query..

Please follow the article 

Also before following article change number of content revision to keep = 1

Admin --> Servers --> Local Site --> Rightclick properties --> liveupdate --> number of content revision to keep

http://www.symantec.com/docs/TECH96332

run all you wrote

but doesn't work ...

i think the problem is in iis .. se the error attached in a precedent post of mine

This worked for me long before

make the heart beat to 12 hours; run update command... I suppose the issue could be with limitations with xP concurrent connections; it need free sessions to download udpates; no harm in clearing all the defs frm SEPM; downloading new onces and running the update command

http://www.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

i had not any problem with " limitations with XP concurrent connections" BEFORE the upgrade ....

i tryed your idea but it didn't work .......

in this moment the only way for me is enable the download of the virus definitions from LU site and not from SEPM .. but it is not the better way .....

i still have the problem ........ is there a problem with sepm 11 RU7 and win xp sp3 ????????

Hi AndrewIT,

Could you please reconfirm which Operating System is used where SEPM is installed ?

What is IE version ?

SEPM is on a PC with Win XP SP 3 and IE 8

all worked fine before the upgrade to RU7

how you can see in the following links, there are a lot of problem like mine with this upgrade on win xp sp3 ....

https://www-secure.symantec.com/connect/forums/sepm-1107-does-not-update-virus-definitions-ru7-clients

https://www-secure.symantec.com/connect/forums/cliente-no-internet-access-fail-update-virus-definitions

can u try resetting password for IUSR account in IIS?

Hi,

Go to IIS server

1) Right click on Symantec Webserver --> Properties --> Home Directory --> Under Home directory there is an option Execute permissions : change it to Scripts and executables. 

2) As you are using windows XP, don't keep all the clients under same group.

Create new groups if not present, move clients to different different groups.

3) Change hear beat interval to 15 minutes, & keep 5 minutes difference in heartbeat interval for every group.

eg. Group A heartbeat interval 15 minutes, Group B heartbeat interval 20 minutes so on.

Hi AnrewIT,

Is there any update on same ?

this solution seems to work, I wait tomorrow to monitor the updates and close the case.
 

I'm trying this

Good to know that your issue is resolved now.

Finally all works fine !!!

case closed