Can't get GUP to update clients
I am installing GUPs at our branches that will connect to our SEPM at our main office. I did a test in our main office with a test client and a GUP. The test appears to be working properly. Both the GUP and client system logs say “Downloaded content from GUP 10.x.x.x”, and the protection status is the current policy as the SEPM server. With the test working, I am designating a GUP at our smallest branch in the same method as the test. All clients at the branch are in their own branch group in SEPM and they are on the same /24 subnet. The GUP system logs show “Start serving as the Group Update Provider (proxy server). However, neither the clients nor the GUP show they are downloading from the GUP. The clients are not downloading updates unless manually specified from SEPM. When manually forced to update, the logs indicate they are looking to our SEPM.
As far as troubleshooting, I have looked at the following information: The GUP at the branch lists GUP:True under the client properties in SEPM. Both the branch and test GUP are listed under the globalist.xml. Both the branch office client and GUP list the MasterClientHost registry with the correct computer. Both branch computers have firewall exceptions for port 2967.
Thank you in advance for the help!
Comments 18 Comments • Jump to latest comment
And you assigned the same LiveUpdate policy to the clients that should be receiving content from the GUP?
It may take a little time for the GUP to get all the necessary content updates for all your clients. How long has it been?
On the GUP, check the SharedUpdates folder. This contains all the content updates clients will receive. Should be located in the SEP folder under Program Files.
Here are a couple helpful articles on troubleshooting GUPs:
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)
https://www.symantec.com/business/support/index?pa...
How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)
https://www.symantec.com/business/support/index?pa...
SEP Knowledge Base
Endpoint SWAT
I have the gup in the same group as the clients, and I have one LU policy applied to the group that lists the specific computer as the GUP. The shared folder shows updates are being downloaded. I also checked the branch client and the definitions are up to date. However looking at the system client logs, there is no activity for the past 24 hours. Very strange.
A new content update just came out so hopefully something starts to show up.
Do you see anything in the clients logs to the effect of "Cannot download update from GUP.."?
SEP Knowledge Base
Endpoint SWAT
Post sylink logs from client also check following link to determine whether clients are downloading defn from GUP/SEPM
http://www.symantec.com/business/support/index?page=content&id=TECH188574
Check if the GUP assigned have "shared content" folder in SEP install path
Also capture Sylink Monitor (debug) log and analyze it
Verify 2-3 clients if the policy number matched with the group assigned
regards
I noticed that in the test environment, both clients are running 11.0.7000.975. At our branch, the clients are running 11.0.6005.562. Could this be an issue? I switched the GUP to another workstation at our branch so I am waiting for more logs before I post them.
GUP and SEPM should be of same version
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
All of the clients at the branch, including the GUP, are on the same 11.0.6005.562 version. I attached the GUP logs from this morning. I moved it out of the branch folder, then back into the folder to verify it is receiving the policy.
SEPM can manage older minor versions of the client. You should never mix major versions.
SO, having 11.0.6.x and 11.0.7.x in the same environment is not a problem. Having 12.x and 11.x in the same environment is problematic.
As to your GUP log file. That is a very short file. Have you got logs that span several hours?
what is the heartbeat you have set between cleints and sepm?
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
We are set to push mode instead of pull. I could change this if needed for the specific branch.
That is not required.
Have you got SYLINK debug logs for the clients? Can you see in their logs that they are trying to access the GUP via HTTP?
There are no SYLINK logs for the branch client nor the GUP. Just looking at all client status logs, both say they are connected to our main SEPM server, and they are receiving new policy numbers. But it does not say downloading from GUP, nor is it giving an error. I even have the LU policy set to never bypass the GUP for downloads.
Sylink log would say where its connectiong to
as per the first document from Brian, troubleshooting GUP, enable the sylink and post it here please.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Here is the debug logs from the GUP, if that is what you are requesting. It seems to be repeating the same instructions over and over.
this is not the sylink log.
to enable the sylink log check this article
http://www.symantec.com/business/support/index?pag...
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
OK here is the sylink log. I only modified information regarding our domain.
SEPM is updated with the 2012/12/10 Rev 018 and from log the client looks updated with the same definition.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Would you like to reply?
Login or Register to post your comment.