Clients not pulling definitions
Hello,
I'm currently running SEP 11.0003_MR3. I have approximately 280 clients which all pull definitions from 1 server SEPM. All of the sudden on March 29th, all pc's quit pulling definitions. SEPM is reporting the most up to date definitions in the console, but the clients aren't pulling them. I have it set to pull every 4 hours. I changed it to continuous, and no luck.
SyLink monitor is running now and I'll post those results when they come. I did run the SyLinkreplacer on one subnet of 5 pc's and those pc's are not pulling the newest definitions.
The only thing that has changed on this server in the last couple weeks is a new Sharepoint Site has been installed. I checked IIS and SEPM is on port 80 and Sharepoint is on a different port.
Any help would be appreciated. Thank you, -Mike
Comments
04/13 15:00:31 [1844]
04/13 15:00:31 [1844] <mfn_MakeGetPushUrl:>Request is: action=128&hostid=73EEDD58C0A8021D01057305611966BB&chk=16A02B59843A8C478F2596BAAD01DC93&ck=4AE446DF0F12439FFA313927A7D530C6&uchk=A2FA50A3EB2F93AF8EF70B71E88D60BD&uck=DBEAD4018FD29FC7B033F5E95DECA615&groupid=0E06482BC0A8021D003F348AB35C95FD&mode=0&as=42259
04/13 15:00:31 [1844] <MaintainPushConnection:>http://192.168.2.29:80/secars/secars.dll?h=727790D4A4DA15D18E6CBC9BB81F5B40612140AD07CC1B7DB35DD6914EF9AD6B434838A5663540B60879B07898239E115057514068133F5040491BB3BC93F3CE4DD798A59E8BB6DDB80C41E7DA6C677C451638AA8A248CB3E85E6903A187A542DB16FE4823E4D265670CA162BFE7D7F7453B3E9E3D588D37F404C2E755037EFFFFA480951EDFEE01DA4BC8FB504F50BDAFEEA18AADCE3F81201A2BF5BB9533119E066CCA61824164E534E7913916A402FDFF91421E1997FA7AFC09EA25715AE129FBB36B78DF3228B69417D98ED90CA048641ADF0D666C5D5A7BD0C34BBA3C4EBA9DAD7017CAB4F11BBCD876B805A1F87374D4543A85E0FB1FF72D7778764E7355FE0962F1626C1AB2A2F00DEC94C346
04/13 15:01:21 [2112] SyLinkCreateConfig => Created instance: 01B5E6E8
04/13 15:01:21 [2112] Importing ConfigObject: 01BC4448 into: 01B5E6E8
04/13 15:01:21 [2112] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 01B5E6E8
04/13 15:01:21 [2112] <CRandomDelay::CRandomDelay()>
04/13 15:01:21 [2112] Random delay window: 0hour 5min 0sec
04/13 15:01:21 [2112] Computed random delay:0hour 2min 16sec 0millisec
04/13 15:01:21 [2112] </CRandomDelay::CRandomDelay()>
04/13 15:01:21 [2112] <LUThreadProc>Waiting for: 136000 milliseconds to start downloading LU contents
04/13 15:01:23 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:01:23 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:02:26 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:02:26 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:03:29 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:03:29 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:03:37 [2112] <LUThreadProc>Starting LU download.
04/13 15:03:37 [2112] <LUThreadProc>Got a valid context from GetCurrentServerEx
04/13 15:03:37 [2112] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
04/13 15:03:37 [2112] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90413003/Full.zip
04/13 15:03:37 [2112] <GetLUFileRequest:>IIS URL: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90413003/Full.zip
04/13 15:03:37 [2112] <GetLUFileRequest:>http://192.168.2.29:80/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90413003/Full.zip
04/13 15:03:37 [2112] <GetLUFileRequest:>NEW download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF6F.tmp
04/13 15:03:37 [2112] <UpdateLUFileList:>Updating existing Download File List with : {C60DC234-65F9-4674-94AE-62158EFCA433}90413003
04/13 15:03:37 [2112] <UpdateLUFileList:>Updating existing Download File List Temp file name from: to C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF6F.tmp
04/13 15:03:37 [2112] 15:3:37=>Sending HTTP REQUEST to download LU file
04/13 15:03:37 [2112] 15:3:37=>HTTP REQUEST sent
04/13 15:03:37 [2112] <GetLUFileRequest:>IIS return=404
04/13 15:03:37 [2112] IIS HTTP returns status code=404
04/13 15:03:37 [2112] Content:
04/13 15:03:37 [2112] Removing LU download from queue since SEPM (IIS) can't find the LU item .. Moniker: {C60DC234-65F9-4674-94AE-62158EFCA433} Target Seq:90413003
04/13 15:03:37 [2112] <GetLUFileRequest:>RECEIVE STAGE COMPLETED
04/13 15:03:37 [2112] <GetLUFileRequest:>COMPLETED
04/13 15:03:37 [2112] <LUThreadProc> - GETLUFILE_SERVER_STATUSCODE_ERROR getting content moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}; revision: 90413003 from server: 192.168.2.29
04/13 15:03:37 [2112] LU file download failed.
04/13 15:03:37 [2112] SyLinkDeleteConfig => Deleting instance: 01B5E6E8
04/13 15:03:37 [2112] <IsLUTempFileValid:> File: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF6F.tmp is currently not used
04/13 15:04:31 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:04:31 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:05:33 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:05:33 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:06:35 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:06:35 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:07:37 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:07:37 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:08:39 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:08:39 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:09:42 [3776] <CSyLink::mfn_DownloadNow()>
04/13 15:09:42 [3776] </CSyLink::mfn_DownloadNow()>
04/13 15:10:44 [3776] <CSyLink::mfn_DownloadNow()>
HI, Please upgrade your SEPM
HI,
Please upgrade your SEPM to MR4MP1a and then deploy the lastest version on say 2-3 machines.
MOst of the issues are resolved in this new build.
Check whether they are getting update or not.
Rgrds,
SAM
404 is your guide here
The 404 error you are getting is a sure sign the clients aren't able to pull down any content. Try browsing to the following to see if you can manullay pull down the content file:
http://192.168.2.29:80/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90413003/Full.zip
My guess, based on the logs, is that you won't be able to. If you can't then there is an issue here with IIS and I'd be troubleshooting that as a first step.
You should see this file on your server at:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\90413003\Full.zip
Hi, Are you using Proxy on
Hi,
Are you using Proxy on SEPM Server?
Have you try to update manually by using luall.exe?
Have you Rx4DefsSEPM_1.02.exe on SEPM Server?
Please revert.
Regards, M.R
check the IIS or push a new package
Hi Mike
Since you have just installed a Sharepoint site and taking the symptoms into account, I guess that the problem goes back to a matter with the Symantec port in IIS. Check it out and see if it is the same as before, and compare it to the port in the sylink.xml in clients. These should be the same.
An other thing is that (may be) the port of the shatepoint site is the same as the symantec's.
Check the clients that they can see the link below in their internet explorer:
http://SEPM-IP:9090
If a page is opened it says that the connectivity with SEPM via http port is up and active.
By the way, since your clients have a stabel connectivty with the server, if it is practica for you and is not a very resource consuming, try to push a new package on all of them. I had an exactly the same problem and solved it in a glance using this method. it is primitive, but functional!
Symantec Certified Specialist \ MCSE +Security \ CCNSP
Would you like to reply?
Login or Register to post your comment.