11.0 SEPMs using SQL 2005 databases are not properly processing/publishing AV definition updates
|Article:TECH211503|||||Created: 2013-10-13|||||Updated: 2014-01-24|||||Article URL http://www.symantec.com/docs/TECH211503|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
Beginning on October 11th the Symantec Endpoint Protection Manager (SEPM), version 11.x, stopped updating 64-bit AV definitions. On the 13th 32-bit AV definitions stopped updating as well. As a result 64-bit AV definitions will be stuck on October 10th and 32-bit AV definitions will be stuck on October 12th. This only occurs if the SEPM is using a SQL 2005 database.
The SQL error logs show the following error:
Error ID: 4014
A fatal error occurred while reading the input stream from the network. The session will be terminated.
On October 11th Symantec's 64-bit AV content definitions reached a size that is beyond a known SQL 2005 database limitation. This same size limit was reached on October 13th for 32-bit definitions. Due to this, the SEPM server is unable to publish the definitions to the database as expected.
The solution to this limitation is to add a database connection setting (“packetSize”) in server.xml (RU6 and earlier) or root.xml (all of RU7).
Change to be implemented on the affected SEPM:
Make the following changes to either the server.xml or the root.xml depending on the SEPM version (see below):
1. Stop the Symantec Endpoint Protection Manager service.
2. Edit the XML file corresponding to the impacted version of the SEPM as outlined below. It is strongly recommended that a backup of the old file be made before editing.
3. Start the Symantec Endpoint Protection Manager Service
4. Rerun LiveUpdate from within the console
On SEP 11 RU6-MP3 and earlier, edit the server.xml within C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\
Modified with workaround:
On SEP 11 RU7 or later, edit the ROOT.xml within C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\
Modified with Workaround:
Article URL http://www.symantec.com/docs/TECH211503