11.0 SEPMs using SQL 2005 databases are not properly processing/publishing AV definition updates

Article:TECH211503  |  Created: 2013-10-13  |  Updated: 2014-01-24  |  Article URL http://www.symantec.com/docs/TECH211503
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



Beginning on October 11th the Symantec Endpoint Protection Manager (SEPM), version 11.x, stopped updating 64-bit AV definitions. On the 13th 32-bit AV definitions stopped updating as well. As a result 64-bit AV definitions will be stuck on October 10th and 32-bit AV definitions will be stuck on October 12th. This only occurs if the SEPM is using a SQL 2005 database.

 
 

Error



The SQL error logs show the following error:

Error ID: 4014

A fatal error occurred while reading the input stream from the network. The session will be terminated. 


Cause



On October 11th Symantec's 64-bit AV content definitions reached a size that is beyond a known SQL 2005 database limitation. This same size limit was reached on October 13th for 32-bit definitions. Due to this, the SEPM server is unable to publish the definitions to the database as expected.


Solution



The solution to this limitation is to add a database connection setting (“packetSize”) in server.xml (RU6 and earlier) or root.xml (all of RU7).

 

Change to be implemented on the affected SEPM:

Make the following changes to either the server.xml or the root.xml depending on the SEPM version (see below):

1. Stop the Symantec Endpoint Protection Manager service.

2. Edit the XML file corresponding to the impacted version of the SEPM as outlined below. It is strongly recommended that a backup of the old file be made before editing.

3. Start the Symantec Endpoint Protection Manager Service

4. Rerun LiveUpdate from within the console

 

On SEP 11 RU6-MP3 and earlier, edit the server.xml within C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\

Pre-existing formatting:

<parameter>
   <name>url</name>
              <value>jdbc:jtds:sqlserver://<serverhostname>:1433/sem5;preparesql=2; </value>
</parameter>

Modified with workaround:

<parameter>
   <name>url</name>
              <value>jdbc:jtds:sqlserver://<serverhostname>:1433/sem5;preparesql=2;packetSize=8192;</value>
</parameter>

 

On SEP 11 RU7 or later, edit the ROOT.xml within C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\

Pre-existing formatting:

<Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.sygate.scm.pool.ScmDataSourceFactory" maxActive="150" maxIdle="50" maxWait="30000" name="jdbc/metadatabase" password="<encrypted password>" testOnReturn="true" type="javax.sql.DataSource" url="jdbc:jtds:sqlserver://<serverhostname>:1433/sem5;instance=SQL;preparesql=2;" username="<sql username>" validationQuery="SELECT count(*) FROM CONNECTION_TEST" />

Modified with Workaround:

<Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.sygate.scm.pool.ScmDataSourceFactory" maxActive="150" maxIdle="50" maxWait="30000" name="jdbc/metadatabase" password="<encrypted password>" testOnReturn="true" type="javax.sql.DataSource" url="jdbc:jtds:sqlserver://<serverhostname>:1433/sem5;instance=SQL;preparesql=2;packetSize=8192;" username="<sql username>" validationQuery="SELECT count(*) FROM CONNECTION_TEST"/>

 



Supplemental Materials

SourceETrack
Value3337423


Article URL http://www.symantec.com/docs/TECH211503


Terms of use for this information are found in Legal Notices