Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Can't get GUP to update clients

Created: 07 Dec 2012 | 18 comments

I am installing GUPs at our branches that will connect to our SEPM at our main office. I did a test in our main office with a test client and a GUP. The test appears to be working properly. Both the GUP and client system logs say “Downloaded content from GUP 10.x.x.x”, and the protection status is the current policy as the SEPM server. With the test working, I am designating a GUP at our smallest branch in the same method as the test. All clients at the branch are in their own branch group in SEPM and they are on the same /24 subnet. The GUP system logs show “Start serving as the Group Update Provider (proxy server). However, neither the clients nor the GUP show they are downloading from the GUP. The clients are not downloading updates unless manually specified from SEPM. When manually forced to update, the logs indicate they are looking to our SEPM.

As far as troubleshooting, I have looked at the following information: The GUP at the branch lists GUP:True under the client properties in SEPM. Both the branch and test GUP are listed under the globalist.xml. Both the branch office client and GUP list the MasterClientHost registry with the correct computer. Both branch computers have firewall exceptions for port 2967.

Thank you in advance for the help!

Comments 18 CommentsJump to latest comment

.Brian's picture

And you assigned the same LiveUpdate policy to the clients that should be receiving content from the GUP?

It may take a little time for the GUP to get all the necessary content updates for all your clients. How long has it been?

On the GUP, check the SharedUpdates folder. This contains all the content updates clients will receive. Should be located in the SEP folder under Program Files.

Here are a couple helpful articles on troubleshooting GUPs:

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

https://www.symantec.com/business/support/index?pa...

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

https://www.symantec.com/business/support/index?pa...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

james.devan's picture

I have the gup in the same group as the clients, and I have one LU policy applied to the group that lists the specific computer as the GUP. The shared folder shows updates are being downloaded. I also checked the branch client and the definitions are up to date. However looking at the system client logs, there is no activity for the past 24 hours. Very strange.

.Brian's picture

A new content update just came out so hopefully something starts to show up.

Do you see anything in the clients logs to the effect of "Cannot download update from GUP.."?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Riya31's picture

Post sylink logs from client also check following link  to determine whether clients are downloading defn from GUP/SEPM

 

http://www.symantec.com/business/support/index?page=content&id=TECH188574

cus000's picture

Check if the GUP assigned have "shared content" folder in SEP install path

 

Also capture Sylink Monitor (debug) log and analyze it

 

Verify 2-3 clients if the policy number matched with the group assigned

 

 

regards

james.devan's picture

I noticed that in the test environment, both clients are running 11.0.7000.975. At our branch, the clients are running 11.0.6005.562. Could this be an issue? I switched the GUP to another workstation at our branch so I am waiting for more logs before I post them.

james.devan's picture

All of the clients at the branch, including the GUP, are on the same 11.0.6005.562 version. I attached the GUP logs from this morning. I moved it out of the branch folder, then back into the folder to verify it is receiving the policy.

AttachmentSize
GUPLogs.txt 3.08 KB
Ian_C.'s picture

SEPM can manage older minor versions of the client. You should never mix major versions.

SO, having 11.0.6.x and 11.0.7.x in the same environment is not a problem. Having 12.x and 11.x in the same environment is problematic.

As to your GUP log file. That is a very short file. Have you got logs that span several hours?

Please mark the post that best solves your problem as the answer to this thread.
Rafeeq's picture

what is the heartbeat you have set between cleints and sepm?

james.devan's picture

We are set to push mode instead of pull. I could change this if needed for the specific branch.

Ian_C.'s picture

I could change this if needed

That is not required.

Have you got SYLINK debug logs for the clients? Can you see in their logs that they are trying to access the GUP via HTTP?

Please mark the post that best solves your problem as the answer to this thread.
james.devan's picture

There are no SYLINK logs for the branch client nor the GUP. Just looking at all client status logs, both say they are connected to our main SEPM server, and they are receiving new policy numbers. But it does not say downloading from GUP, nor is it giving an error. I even have the LU policy set to never bypass the GUP for downloads.

Rafeeq's picture

Sylink log would say where its connectiong to 

as per the first document from Brian, troubleshooting GUP, enable the sylink and post it here please.

james.devan's picture

Here is the debug logs from the GUP, if that is what you are requesting. It seems to be repeating the same instructions over and over.

AttachmentSize
Log.txt 2.3 MB
james.devan's picture

OK here is the sylink log. I only modified information regarding our domain.

AttachmentSize
Sylink.txt 75.33 KB
pete_4u2002's picture

SEPM is updated with the 2012/12/10 Rev 018 and from log the client looks updated with the same definition.