11.0.5 client not working well on servers (not updating defs or not communicating)
Recently upgraded the SEPM to 11.0.5. After the upgrade, created new client install packs for the new versions. I've updated the client on a few machines. On laptops and desktops, everything seems to be working pretty well. On servers, I either get the yellow dot/exclamation point, or I get no dot. Either way, none of the servers are getting any definitions updates.
There are three differences that I can see between our typical laptop client and our typical server client:
1) Servers have just antivirus and antispyware, but none of the other features. Clients get the full SEP suite. (Pretty sure this is ruled out below).
2) OS. Clients are mostly XP (some Vista). Servers are mostly Server 2003, with a couple Server 2000 thrown in there.
3) LiveUpdate Policy. Because some of our servers are also GUPs, we applied a policy to the servers folder which sets them all to be their own GUP and to use localhost to collect the updates. This has worked just fine for many months, when using earlier versions of the client 11.0.3 and 11.0.4.
I've done some extensive testing, and this is what I've found.
I'm pretty sure I can rule out #1 as an issue. I installed the server package on a Vista laptop, and while it briefly gave me the yellow dot, after reboot it updated definitions and started scanning, and in general is acting normal.
#3 seems to be part of it, but doesn't seem to be ALL of it. As a test I removed the GUP-friendly LiveUpdate policy, and applied the default "talk to our SEPM" policy. This let definitions go through to most of the servers, but it left the one I was testing with no dot, and saying the server was offline. Also, leaving the policy this way would break all of our GUPs, so it's not really an acceptable solution.
I also decided to backtrack, and test an install pack with the 11.0.4 client, with all other settings identical. This installer works perfectly. SEP gets all updates and knows it's communicating with the server, and the GUP "use localhost" policy is still applied.
Any suggestions?
Hi, A couple of things to
Hi,
A couple of things to check:
1. In the SEP clients on servers, if you go to help & support->Troubleshooting , in front of server, do you see the server name or offline?
2. When you open the SEP client, what error do you see there, is it "File system autoprotect is malfunctioning" or "There are problems detected. AV/AS is running out of definitions" ?
If you see server name present for the first question, then we need to troubleshoot the server environment and search for possible cause of this issue. If the servername is not present, then its the communication issue that we need to look into.
Let us know the above so that we can decide the next course of action.
Aniket
server name
I do see the server name (or the server IP in some cases). None of them are saying it's offline.
Right at the moment I don't get any errors because they all updated yesterday when I temporarily changed the LiveUpdate policy and then changed it back. None of the company clients have gotten a new version yet, so I may have to wait a few days for the 11.0.5 servers to drift back out of date again. I'll let you know as soon as I can see they're out of date or giving errors.
now no clients are updating
Since my last post, it appears that none of my clients have received an update. Not just the new 11.0.5 machines, I mean every SEP client in the company is stuck on the 2009-10-28 rev 50 definitions. I assume new definitions should have come out in the last 5 days, right? The Intelligent Updater lists the last definitions as being from today (11-02).
I upgraded the SEPM from 11.0.4 to 11.0.5 on October 20, so that's a full week before the definitions stopped. How can I tell what definitions the SEPM recognizes? Can I send a command to make it try to update itself?
Since 10-29, when I made the initial post, the only changes I've made was to:
1. assign a different LiveUpdate policy to the servers, and then re-assign the original policy to them. I haven't changed the LiveUpdate policy for any of the other groups.
2. I adjusted the centralized exceptions policy and applied that to all clients in all groups. (all the policy does is exclude certain database files and allow our company VNC software).
I don't see how either change would cause the SEPM to stop collecting and distributing updates.
found a clue
Getting the following application event error:
Detection of product '{EAD22945-6D46-4073-8353-803523E9936B}', feature 'Bin', component '{711CBE62-401D-47AC-8919-4C0029EC66DD}' failed. The resource 'C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\temp\UploadTemp\' does not exist.
Source: MsiInstaller
Event ID: 1004
updating again
Think I got the clients updating again. Not sure if it helped, but based on a recommendation in another thread I unregistered and re-registered Windows Installer as described here:
http://support.microsoft.com/default.aspx?scid=kb;...
I got at least one more of the above errors and didn't wait very long before trying to fix the issue by creating a folder at the path listed above (basically just added the UploadTemp folder with permissions for everyone).
After those two things I restarted, and the system got really slow for a while as a bunch of LU processes kicked off. It's been about 30 minutes, and several dozen clients have started to update.
So now I'm back to where I was before: waiting for the updates to see if the RU5 servers are still stuck, or if they'll start updating. It's the end of the day, so I'll check back in tomorrow with results.
Returning to Aniket's
Returning to Aniket's question 2, there is no error. The stuck client has a green dot and says it's working correctly, but the definitions are out of date.
I repeated my experiment from the first post: I changed the servers from "use localhost as the GUP" to "get definitions from the default server" and they all updated again quickly. I have reverted the LiveUpdated policy back to the "use localhost as the GUP" but I'm pretty convinced that those servers will stop getting updates again.
Has something changed with 11.0.5 that the old technique of using localhost to tell a server it is its own GUP no longer works?
Edited to add: my server LiveUpdate policy is based on the comments in this thread:
https://www-secure.symantec.com/connect/forums/gup...
After 48 hours without a
After 48 hours without a reply, I figured I'd better call tech support. Their answer was that the "trick" I was using to point all servers to localhost isn't valid for version 11.0.5. They said, against the advice I'd been given in the thread I referenced earlier, that I now had to create separate groups under the server category for each of our remote sites, add the relevant servers to each group, and assign the GUP policy telling the servers the specific name of the GUP.
It's frustrating that this very useful feature from 11.0.4 was changed/disabled in 11.0.5. It seems like an inordinate amount of extra work, to have to split the server group into about 15 separate subgroups, all to adjust one little bit of policy that used to work in the previous version. Seems like there ought to be an easier way than that. We've got around 15 remote offices now, could be up to 30 or more in a couple of years. It makes for a huge organizational mess, when otherwise a single group would do.
Edited to add: Also, apparently the GUP system breaks for any server still running 11.0.4. Tech support didn't tell me this, but I figured out from other forums posts that I had to upgrade all GUP clients to 11.0.5 to get that functionality working.
And don't even get me started on the "feature" where sorted results (like a list of policies, or a list of machines) revert to their unsorted nature every time you open or adjust any of the items. Trying to work though a list of policies in alphabetical order, or move servers into subgroups, I had to sort and resort (because it alternates between forward and reverse order) every time I adjusted a policy or moved one server. That's a real pain.
Yeah, yeah, grumble, grumble.
Short version of the solution: 11.0.5 doesn't support the old "localhost tells a server it's a GUP" technique. Fixed by splitting the servers group into multiple subgroups mirroring the client group/folder structure, upgrading each GUP to MR5, and applying a more specific LiveUpdate policy to each group individually.
Would you like to reply?
Login or Register to post your comment.