Thank you for your reply!

While searching to find why the problem is comming for in the log file "SesmLu.log" i'm finding some rrows tellnig that:
Jun 02 08, 07:20:26 PM ERROR sesmAvClient64en ProductUtil: Unable to read xml file: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\content\LuConfig.xml". at .\ProductUtil.cpp[322]

Jun 02 08, 07:20:26 PM ERROR sesmAvClient64en LuConfig: Unabled to open LuConfig.xml. Default to allowing content at .\LuConfig.cpp[72]

Jun 02 08, 07:20:26 PM ERROR sesmAvClient64en ProductUtil: Unable to read xml file: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\content\LuDownloadedContentArray.xml". at .\ProductUtil.cpp[322]

Jun 02 08, 07:20:26 PM INFO(Med) sesmAvClient64en DownloadedContentArray: Unabled to open LuDownloadedContentArray.xml.

Jun 02 08, 07:20:26 PM INFO(Med) sesmAvClient64en SesmLu: WelcomeText callback...

Jun 02 08, 07:20:26 PM INFO(Med) sesmAvClient64en SesmLu: WelcomeText callback... finished. Result: 0

Jun 02 08, 07:20:26 PM INFO(Med)  SesmContentCatalog: Entered Init().

----------------------------------------
On how i understand this error it seems that the update process is searching for a file named LuConfig.xml and osome other file with the extension .xml hosted in the "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\content\"


Also i've upgraded my clients to the MR2 version and the proactive threat protection is turned off and waiting for updates. But even the rapid release of the xxxx.jdb file is not updating my server any more.
Also if theres any problem with the database I have 5 days trying to download the ludbfix.zip but the Ftp ling isn't working.

I don't know what else to do with this program. Every moment giving a new problem or and when trying to fix one comes out another.


Please Help me.

Regars
LSDLSD

Hi DDPatil,

The folders you've deleted are important. The one ending with 33 contains the 32bit virus def for the client PC's. So even if you delete them they will recreate but it's not recomneded. If you want to delete then delet the contents inside those folders.
Apart from that the Live update successfull but no conents seems to be a big issue for me. First thing I found is the envirometn I'm working having proxy server and we assume it can be due to proxy caching SEPM will never get the updates but only the contents reterived from teh cahce and tha is no good. Even I face the simmiliar problem when I ran the LUALL.exe from the comand promt it download the contents but not from the SEPM. This is due to authentication methods use by SEPM and LUALL.exe.

So if you have a proxy tr to avoide the proxy and hav direct connection from the firewall to the SEPM. Ports needs to be open in the firewall is 80, 443 and optinally 21. Apart fromt that if you can try to create a rule to allow liveupdate.symantecliveupdate.com & liveupdate.symantec.com to come to your AV server IP address.

Those are the things I can think of. Mnday I'll be visting the client side to test the by passing of proxy method. Wish me good luck guys /gals :smileyhappy:

Hi Dattatray,

Recommend that you open a support incident for the same. You'll get a faster resolution that way.

@DDPatil
If ur manager is updating correctly then please check logs on the clients not on the server.
Go through this file for errors:
\Documents and Settings\All Users\Application Data\Symatec\LiveUpdate\Log.LiveUpdate
(that's the path I remeber I'm to lazy to check it now ;) but file name is 100% correct and path is at least very similar)

That's really strange because LU is creating this file automatically on every run. Is Lu installed on the clients (it should - it's part of the client installation process)?

Message Edited by DDPatil on 06-19-2008 03:58 AM

Message Edited by DDPatil on 06-19-2008 03:59 AM

Correct me if I am wrong but I believe that the tool is SylinkDrop.

It's available on SEP CD2

CD2\TOOLS\NOSUPPORT\SYLINKDROP

Message Edited by Abhishek Pradhan on 06-22-2008 06:12 PM

Message Edited by DDPatil on 06-26-2008 05:57 PM

Hi Dattatray,

------------------------------------------------------------------------------------------

 As I told earlier Symantec tech support guy has been deployed fresh copy of one client machine (Not contains any symantec related file/applications) and copied that client Syllink.xml file & deployed on every machine using Remote tool.

------------------------------------------------------------------------------------------ 

You said that the Sylink was modified - and you are also saying that you can change the data, i.e. Servername and IP Address in the Sylink.xml file. Sure, go ahead and do that. Then see what havoc the modifications will play with the client. Your client will show the server as offline, and it'll stay that way, since now the Hash value has changed, AND also because not the server cert. on the client has been corrupted.

Please note that there is a BIG difference between a Sylink copied form the relevant SEPM client group, and one that you script. One will be recognized by the Cliene, and one will not.

Again a request to stop posting misleading info about the architecture of the AV.