Video Screencast Help

12.1.4 - Push content doesn't seem to effect the number out of date

Created: 13 Mar 2014 • Updated: 02 Apr 2014 | 12 comments
This issue has been solved. See solution.

We've been a couple of weeks on 12.1.4, upgraded from SEP 11.0.6, and we have a couple hundred clients out of date.  (total of 13k)  We're running 2 SEPMs on win 2003 r2 boxes and from monitor>Logs I run a report on Computer Status filtering for clients online in the past 24 hours whose defs are more than 30 days old.  For those results that post I push content to all.  I do the same filtering on those clients online that have defs within 30 days pushing content to all those whose defs are over a week old.  By the end of the day we have maybe 10% rejection of the content and I anticipate that it will take time to see the numbers drop until all those clients check in.  However two days later the numbers are still about the same.  Am I missing something?  Has anyone had any issues with the push content feature?

Operating Systems:

Comments 12 CommentsJump to latest comment

Rafeeq's picture

are these clients suppose to take the update from SEPM or gup?

Enable Sylink log and post them in here

http://www.symantec.com/business/support/index?pag...

.Brian's picture

How are these clients getting their updates? Are they in the same group as other clients that are updating?

As mentioned, sylink debugging will give us the full picture on what's happening.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Will it be possible for you to restart those affected machines prior to send updated definitions?

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Ariphaneus's picture

It is not feasable to restart these machines which are scattered about NYC including servers.  Attached is the sylink monitor from the SEPM while pushing out content to machines online with definitions out of date by more than 30 days.  All have accept content enabled and are scattered over various groups by location, by purpose, by workstation or server.  All are set to take updates from SEPM. 

AttachmentSize
Sylink_Monitor_SDCSSAVAPPPDW01.txt 56.39 KB
Rafeeq's picture

Well the Sylink ran for more than 1 hour, but I do not see any Error messages, 

Can you run it bit longer? 

All I could see was request was sent by SEP, was trying to download but no timout or error messages.

Can you try to update the policy on client and try to capture that log , rather than cmd sent from SEPM?

Chetan Savade's picture

Can you use/push intelligent updater file on those machine?

How to Update Definitions for Symantec Endpoint Protection using the Intelligent Updater

http://www.symantec.com/docs/TECH102606

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SameerU's picture

Hi

Can you please run Management Wizard and check

Regards

 

Ariphaneus's picture

My intention is to push these updates so that we don't have to go to each one individually.  Trying to find one in the list that I can get access to so that I can run the sylink.  I know in advance that there are some that are going to need repairs but I seem to only be getting 20 of them at a shot when I push to them all.  As I've been trying to push to the ones that are out of date but within 30 days but only getting 10 - 20 at a clip there are clients rolling out of the 30 day window.

Rafeeq's picture

Is there any restriction on the bandwidth for the clients?

there was a simillar case where client was not getting updated.

Do you use any GuP in your network?

If clients are outdated more than XX days ( when sepm does not have enough defs to create delta) it would send out the full packages

 

Ariphaneus's picture

I understand that these clients would require a full update and that is going to take a while.  I am going by the command status complete to determine when I should check on the clients out of date.  Is it not really complete when the montior says it is?

With the exception of one off site (a small doctor's office) all clients get their updates directly from the SEPMs.

Rafeeq's picture

By sending out the command it will instruct the clients to update the content.

The clients are getting the update command ( command status) but not able to download the content, Sylink log will help to figure that out.

Ariphaneus's picture

Going to finish pushing 12.1.4 before returning to this as we also have an issue with duplicate hardware IDs in our environment that may be causing the issue.

SOLUTION