Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Clients not updating from GUP

Created: 19 Jun 2013 | 14 comments
SameerU's picture

Hi

We have deployed SEP 12.1 and have distributed its clients across various sites. Every site has a designated GUP. I have observed that in spite of having a GUP for that site many computers from some sites are directly contacting SEP server places at the central location to pickup the updates. This is consuming a lot of bandwidth.

Can i know whether there is any mechanism to verify how the computers are getting the updates from GUP or the SEPM. I do not know if they maintain a log file of update mentioning which computer they contact to pick up the update.

Please help on the above ASAP. 

Regards

Operating Systems:

Comments 14 CommentsJump to latest comment

raju123's picture

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

Article:TECH97190  |  Created: 2009-01-03  |  Updated: 2011-08-16  |  Article URL http://www.symantec.com/docs/TECH97190

Check the froum fro verfying

http://www.symantec.com/connect/forums/how-verify-sep-are-updated-gup

How to analyze Debug logs from GUP to determine which clients are taking definitions from GUP

https://www-secure.symantec.com/connect/articles/how-analyze-debug-logs-gup-determine-which-clients-are-taking-definitions-gup

Ambesh_444's picture

Hi,

Please refer the below article, I hope these article will help you.

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/business/support/index?page=content&id=TECH97190

Best Practices and Troubleshooting for Group Update Providers

https://www-secure.symantec.com/connect/blogs/best-practices-and-troubleshooting-group-update-providers

How to analyze Debug logs from GUP to determine which clients are taking definitions from GUP

https://www-secure.symantec.com/connect/articles/how-analyze-debug-logs-gup-determine-which-clients-are-taking-definitions-gup

Check this thread

https://www-secure.symantec.com/connect/forums/how...

https://www-secure.symantec.com/connect/forums/how-verify-sep-are-updated-gup

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Marvin Zhong's picture

monitor from Sylink.log, GUP_IP:2967 port will be found if Clients get VD update from GUP

SameerU's picture

Hi

I want to know whether there is a way to take out any report or logs from SEPM itself to confirm that this client has taken update from the designated GUP

Regards

KNP's picture

Hi Sameer,

First you can check in client weather its getting update from SEPM or Gup server in below tabs

open sep console client side then go in view logs--client management-->Security Logs here you can find source of update.

if you have configured gup server for the location and clients are getting update from sepm inspite of  gup server so there is problem with client group you can check for client group in help-->troubleshooting.

it must be in same group Gup server and clients.

Jwelina's picture

Hey Sameer,

kindly go through the below article.

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/business/support/index?page=content&id=TECH97190

Rafeeq's picture

In sepm monitors - logs-system , client server activity log should give you the info.

Chetan Savade's picture

Hi Sameer,

Thank you for posting in Symantec community.

This article should answer your query.

https://www-secure.symantec.com/connect/articles/how-can-we-check-which-content-sep-121-clients-are-downloading-gup

Being a experienced person in this community you should have searched it against 'Knowledge base search'. In the past number of times this question has been asked.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Sean_Moore's picture

Sameer,

Some obvious points to check here:

  • Is the GUP using the same LiveUpdate policy as the clients it needs to service?In the properties of the GUP is the Group Update Provider field = TRUE?
  • If you have a single GUP in your policy then this will update across subnets otherwise the GUP's may not depending on their location in the network.
  • Disk space on the GUP can also cause this issue.

Sean.

MCTS,MCSA,ACSA,SCS,STS
SME - SEP/SCSP/MS-BITLOCKER
A. Wesker's picture

Hi Sameer,

It's very easy to check if your client is updating from the GUP or your SEPM.

1) Easiest is to check directly on the System.log of one of your managed SEP Client. It will tell from where the definitions have been downloaded (Your SEPM, The GUP or LiveUpdate.Symantec.com).

2) You can enable Sylink.log as well.

3) To ensure the Client got the correct LiveUpdate Policy which is supposed to contact the GUP, you could check as well directly on the registry of one of your SEP Clients.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\

Point your mice on LiveUpdate folder and check the keys below

UseManagementServer should have the value 1.

UseMasterClient should have the value 1.

MasterClientPort should have the value 2967.

MasterClientByPassTime should have the value -1 (if you set on your LU Policy Never by pass the GUP).

MasterClientHost should have the IP address of your IP or the hostname of your GUP.

MasterClientMaxDiskCache should have the value mentioned on the cache you allowed for your GUP on the Live Update policy of your SEPM.

If it's not the case then your issue is coming from the client is not able to retrieve the LU policy or you did'nt create or assign the correct LU policy to your clients.

Ensure on your Live Update Policy you have checked "Use Management Server" + the box Use Single GUP where you have filled the information related to the GUP, the cache, the days of retention, bypass options, etc ...

You can even perform communication tests to see if your clients is able to contact the GUP and if your GUP is able to contact your SEPM.

From one of your client, open an IE Window.

http://hostnameofyourgup:2968/content/contentinfo.txt

Test from your GUP

http://hostnameofyourSEPM:8014/content/contentinfo...

If you're able to reach the destination then it's fine, If it doesn't work then you surely have port block or security settings causing the issue such as Firewall/Proxy or something like that.

Hope that helps.

Kind Regards,

A. Wesker

Chetan Savade's picture

Great explanation by A.Wesker  yes & Sameer could you please update this thread.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

In your case - 

  • From where does the GUP take update (SEPM / LUA)?
  • Is there a proxy on your Network??
  • I hope all the GUP client machines are not Windows XP machines.
  • By default (As per Microsoft), Windows XP has a maximum limit of 10 inbound concurrent connections and for Windows 7 it is 20 inbound concurrent connections.
  • Are the GUP clients are of the same version as of SEPM?
  • Port 2967 needs to be opened.
  • Setting up the environment to permit full communication between the SEP client and the GUP remedied issue. 

Check these Articles:

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/docs/TECH97190

How to determine what content SEP 12.1 clients are downloading from a GUP?

http://www.symantec.com/docs/TECH188574

Group Update Provider is not updating all the clients

http://www.symantec.com/docs/TECH140798

Please test the Connection between SEPM <<>> GUP <<>> Clients.

http://www.symantec.com/docs/TECH153328

SEP Content Distribution Monitor / GUP monitoring tool

http://www.symantec.com/business/support/index?page=content&id=TECH156558

GUP content monitoring tool video

https://www-secure.symantec.com/connect/videos/sep-content-distribution-monitor-introduction

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.