Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Client LiveUpdate log file

Updated: 12 Sep 2011 | 6 comments
Jamit's picture
Jamit
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hi All,

We have been experiencing some problems with LiveUpdate that Tech Support have not been able to resolve for us. I am looking at client LiveUpdate log files 

(C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate) and I am looking for some resources that would be able to help me interperate the contents of the log file. I have had a look at the LiveUpdate Administrator Getting Started Guide.pdf and that has no information on what I seek. Does anyone know if there are any guides around for trouble shooting the LU logs?

LU Server is 2.2

LU Client 3.3

SEPM 11 RU6 MP3

SEP Clients RU4 --> RU6 MP2

Client OS WinXP SP3

 

Thanks 

Discussion Filed Under:
, ,

Comments

Rafeeq's picture
07
Sep
2011
0 Votes 0
Login to vote
Rafeeq

hi

this has all the steps

 

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

 

http://www.symantec.com/business/support/index?page=content&id=TECH95790

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

Mick2009's picture
08
Sep
2011
2 Votes +2
Login to vote
Mick2009
Symantec Employee

LUA 2.x Issue-?

Hi Jamit,

Are you having trouble getting the SEPM to update its definitions from the LUA 2.x server?  Or the SEP clients?  (Or both?)

> LU Server is 2.2

The very first thing that I recommend is to get that server uopgraded to LUA 2.3!

LiveUpdate Administrator 2.3: What's New
 
 

New features and enhancements in LUA 2.3:

  • Rapid configuration export and restore.
  • LUA’s download tasks can now automatically resume and retry file downloads.
  • Event driven email notification (with SMTP authentication support) to notify user(s) in case of download/distribution failures.
  • Ability to auto-start a distribution task after a specified download task.
  • Automatic LUA database maintenance, to ensure reliable and responsive operations.
  • Partially completed download and distribution tasks now show an accurate percentage of completion via the activity monitor.
  • Fast access to Symantec’s LUA best practice recommendations provided via the install wizard and program menu.
  • Optimized load times for the LUA console home page and event log (from several minutes to few seconds)

Release notes:                 http://www.symantec.com/docs/TECH155523

If you do have an open case with Technical Support, please do PM me the number - I will have a quick look at the logs there.

Hope this helps---- 

With thanks and best regards,

Mick

Jamit's picture
09
Sep
2011
1 Vote +1
Login to vote
Jamit

  Thanks for the offer to

 

Thanks for the offer to Mick I will get the reference numbers from my colleague and send them through. We   will also upgrade to 2.3 as current version is 2.2.2.9. 
 
The problems we are experiencing are with Clients not SEPM. 
 
One of the problems I am trying to trouble shooting is on some not all clients is they are not downloading the definitions updates. These clients are in the same group as others that LU is functioning fine. 
When I run LU (Interactive or Express mode) on the client if detects 2 updates one ~40Mb the other ~130Mb both defined as Virus Definition Updates. The ~40Mb update downloads and appears to install the ~130Mb fails. When I look at the Log.LiveUpdate I see the entires in the log extract below.
 
The part that worries me is the 404 file not found. When I browse the LiveUpdate server folder for the files that are returning 404 they are not on the server so to me this is not a communications problem but a content problem. It seems as though these workstations are being told to look for a file that does not exist and hence the failure to update. 
 
Things I have tried to do is uninstall SEP from add remove programs and also using CleanWipe and then reinstalling a fresh install the problem still persists. I am currently rebuilding one of my test rigs to see what behaviour that shows. We are installing SEP via an MSI installation and not via the console. Also for about 1 ½ weeks we had to disable LU during business hours as we were getting some clients pulling down full +150Mb updates and not the Delta updates. We still have not found the root cause for this problem but have worked around it by QOS’ing the LiveUpdate traffic on the network devices. 
 
Is is only occuing on some clients not all and some in the same group as clients that are working. 
 
Sample from Log I will attach the full log file;
09/09/2011, 2:21:29 GMT -> Check for updates to:  Product: Symantec Security Content B1, Version: MicroDefsB.CurDefs, Language: SymAllLanguages.  Mini-TRI file name: symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip
09/09/2011, 2:21:29 GMT -> Check for updates to:  Product: Symantec Security Content A1, Version: MicroDefsB.CurDefs, Language: SymAllLanguages.  Mini-TRI file name: symantec$20security$20content$20a1_microdefsb.curdefs_symalllanguages_livetri.zip
09/09/2011, 2:21:29 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
09/09/2011, 2:21:29 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 14 Downloading Mini-TRI files
09/09/2011, 2:21:29 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
09/09/2011, 2:21:29 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.sep.<Domain>.local:9009/clu-wksprod/automatic$20liveupdate_3.3.0.85_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
09/09/2011, 2:21:29 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
09/09/2011, 2:21:29 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.sep.<Domain>.local:9009/clu-wksprod/automatic$20liveupdate_3.3.0.85_english_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.3.0.85_english_livetri.zip" HR: 0x802A0026
09/09/2011, 2:21:29 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
09/09/2011, 2:21:29 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
09/09/2011, 2:21:29 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
09/09/2011, 2:21:29 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.sep.<Domain>.local:9009/clu-wksprod/decomposer_1.0.0_symalllanguages_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
09/09/2011, 2:21:29 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
 
 
 
 
 
AttachmentSize
Copy of Log.LiveUpdate.txt 61.09 KB
Mick2009's picture
09
Sep
2011
1 Vote +1
Login to vote
Mick2009
Symantec Employee

Some Notes....

Hi Jamit,

You are correct in seeing the root cause of the error: this SEP client goes looking fro the two necessary AV definition files to bring it up to date.

> GetUpdates: SESC Virus Definitions Win32 v11, MicroDefsB.CurDefs, SymAllLanguages ==> 1315435627jtun_nav2k8enncur25.m25
> GetUpdates: SESC Virus Definitions Win32 v11, MicroDefsB.Error, SymAllLanguages ==> 1313715088jtun_nav2k8ennful25.m25

However, only one of them is actually available on your LUA server's Distribution Center. 

> http://liveupdate.sep.<Domain>.local:9009/clu-wksprod/1313715088jtun_nav2k8ennful25.m25

> (status 404): Request failed - File does not exist on the server.
 

Open up the directory "clu-wksprod" on that server and check for a file named "1313715088jtun_nav2k8ennful25.m25."  I expect that it will be missing or corrupted.  Download a new one from http://liveupdate.symantec.com/1313715088jtun_nav2k8ennful25.m25 and save it to that directory.  Run LU agains and the SEP clients' updates will work fine.  
 

Extra note:

>09/09/2011, 3:08:53 GMT -> LuComServer version: 3.3.0.85

That release of LU shipped with SEP 11 Maintenance Release 4 Maintenance Pack 2 (MR4 MP2) - that's very old at this state!  I recommend upgrading to RU7 as a best practice throughout the network, for stability and security.

Please update this thread with your progress!

Thanks and best regards,

Mick 

With thanks and best regards,

Mick

Jamit's picture
12
Sep
2011
1 Vote +1
Login to vote
Jamit

Thanks again Mick, message

Thanks again Mick, message with the link to the LiveUpdate Administration Utility helps explain some of what files are downloaded during the LU process. 

You are righ the file 1313715088jtun_nav2k8ennful25.m25 was missing from our LU server. We have downloaded it and now the systems that wheren't updating are now. We are now looking for the root cause of why this file was missing from our LU server. The LU download logs showed no errors so the expectation was all was ok which it was not. 

We are planning to upgrade to SEP 12 so will be skipping RU7 and going to 12. 

 

Thanks again

Jamit

 

SOLUTION
Mick2009's picture
12
Sep
2011
0 Votes 0
Login to vote
Mick2009
Symantec Employee

Glad to Assist

Please do continue to use the forum for any additional SEP questions, queries and issues!

And do remember that Technical Support is also there for any major or time-sensitive issues for which you need professional assistance.

All the best,

Mick 

With thanks and best regards,

Mick

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,016