Video Screencast Help

connection strings for LU servers

Created: 08 May 2013 • Updated: 08 May 2013 | 10 comments

Hi, for a specific site I need to figure out how to configure SEPM to support LU downloads from the SEPM manager, an internal LU server and the Symantec fallback liveupdate servers. I am trying to do this by setting up an entry for each in SEPM/clients/policy/"location-specific lifeupdate policy"/windows settings/server settings

"use a Live Update server"

"use a specified internal LU server"

and then adding 3 entries,

one for the "default" (for the SEPM manager)

one for our Int. LU server

one for a Symantec fallback server.

The problem is that if I use the default mgmt server then the clients cannot run LU manually. Everything runs according to the schedule that I set up in SEPM. If the SEPM server isn't accessible then they can't run LU for new virus definitions. If I select "use a LU server" and then "use the default Symantec server" then we can't cache the updates at all. If I use "use a specified internal LU server" then I need functional links to access at least 2 (if not all 3) types. Really I would like to get SEPM to update direct from Symantec and then cache the updates wtihout running a seperate LU server but that's a topic for another day.

Supposedly all 3 modes will work but I can only get this to work if I use either:

Symantec fallback LU server > Int. LU server > SEPM > SEM clients (meaning no local LU control at the clients)


Symantec fallback LU server > SEM clients. (meaning no local caching of the LU data)

The main problem is that I have yet to see a way to set up a Int. LU server for the SEPM svr or the LU server,

that will actually work.

any advice appreciated.

the logs I see so far seem to show that whatever host string I put in that field is prepended to



http://mySEPMhost:8081/secars/secars.dll?h=(some long hex string)

that's what I'm looking for.

Maybe I should use FTP or UDP links for the LU server?

but SEPM is pulling live updates just fine from the LU server just by pointing it to LU using the usual html:


and it will distribute them to the clients. But on its terms, not on the clients' terms.

I am trying to figure out what string SEPM is sending to IntLA to get updates, and then use that same string, if it will work at the clients.

In the meantime I will try UDP


Operating Systems:

Comments 10 CommentsJump to latest comment

SMLatCST's picture

Hmmmmm, I think this explanation will require some additional information.  What you are trying to accomplish is possible, it's just that there appears to be some confusion in how it all works together.

I apologise beforehand for the length of this post (giant wall of text incoming!)

Update via default management server:
This option tells to client to obtain it's updates from the SEPM.  It checks for updates via the heartbeat schedule defined in the group's/location's "Communicationg Settings", and causes clients to download defs directly from the SEPM as soon as they are aware of new content (within the Randomisation Window).  Updates of this sort cannot be scheduled.

Update via LiveUpdate:
This is an entirely different/separate update mechanism.  Because it's a separate technology, you cannot use LiveUpdate to update from the SEPM.  Only internal LUA Servers or Symantec LiveUpdate can be used.  The address to use is normally something like http://<LUAServer>:7070/clu-prod but is something you can confirm by logging into the LUA Server itself.  The LUA Server provides the full string machines should use to obtain updates within "Config -> Distribution Centres".  If you want SEP Clients to grab updates from the LUA Server, you also must first configure it to download definitions for SEP Clients.  From the sounds of it, it has been configured to Download and Distribute SEPM defs, but not client ones.

All you need to do in the SEP LU Policy, is list the internal LUA Distribution Centre addresses, followed by the Symantec LiveUpdate address(es) like:

As I'm sure you've noticed, the Schedule section within the SEP LU Policy only becomes enabled when the "Update via LiveUpdate" option is enabled.  This is because it only applies to updating via LiveUpdate.  It does not apply to updating via the SEPM as I already mentioned.  The same applies to the Advanced section of the SEP LU Policy, whereby you can "Allow users to run LiveUpdate", only available if "Update via LiveUpdate" is enabled.

What this all means:
When "update via default management server" is used, your clients will checkin with the SEPM in accordance with the configured heartbeat interval.  If new definitions are available, they will download a delta definitions file from the SEPM.

If the "Update via LiveUpdate" option is also enabled (regardless of what LU servsr you have defined in the list), the clients will checkin with LUA/SymantecLU according to the schedule defined in the SEP LU Policy.  If new definitions are available, they will download a much larger definitions file from the LUA/SymantecLU.

Due to the separate schedules, there is no such thing as failover between updating via the SEPM and updating via LiveUpdate.  Both schedules run all the time, and it's down to chance to determine from which source a client uses to obtain its updates.  If lucky, they'll grab updates from the SEPM for the smaller delta defs; if unlucky, the SEP clients will grab the large defs from the LUA/SymantecLU.

In Summary:
You can find out what string to use from the LUA itself, but you also need to make sure its serving the right kind of updates.

I'd recommend you review the requirement for updating via LUA/SymantecLU anyway, as it generates more network load.

Finally, ensure you're running SEP12.1 and later so you can take advantage of the "Options for Skipping LiveUpdate".  This allows you to configure clients to always use the SEPM for updates unless the SEPM becomes unavailable (after which they will go to your LU Server list).

SEPMM's picture

"You can find out what string to use from the LUA itself, but you also need to make sure its serving the right kind of updates."

And what would "the right kind of updates" be to update SEP 12.1 clients to the latest VDefs, and how would I configure them for downloading in LUA?

funny how this seems to work ok if I use the default server (the SEPM) but not if I use *both* the default server and the default Symantec LU server (not to mention our internal LU server) I can believe that the LU server isn't downloading the client defs to distribute. But I don't see anything obvious that says "12.1 SEP client defs". I do see different sections altogether for the various versions of SEP...11, 12.1, 12.1RU2(beta)...not 12.1.2.MP1 or whatever is current now...maybe I have to download LUA updates also?


Rafeeq's picture

I'm confused too, Can you please be clear about what you want to achieve?

LU admin will download defs and SEPM will pull defs from Luadmin

SEPM will then cache the defs and clients will get from SEPM.

SMLatCST's picture

The below article walks you through how to setup the LUA in general:

As far as what to download goes, if you can make sure you're running the current latest version (I think it's then you can clearly see which Content Update types are client-based and which are for the SEPM.

In older version of LUA, the only difference between the two is that some start off with the name SESM (for Manager) and some start off with SESC (for client).

Essentially, the process for configuring the LUA is to

  1. Add the product to the LUA (i.e. SEP12.1RU2 English)
  2. Add the type of download to the Distribution Centre (i.e. Client - Virus Definitions Win64)
  3. Add the type of download to a Download Schedule
  4. Add the type of download to a Distribution Schedule

Then it's just a matter of pointing the SEP Clients at the Distribution Centre.  As I mentioned before, the DC address can be grabbed from the LUA itself.  Just navigate to Configure -> Distribution Centre and highlight one.

Also, reiterating my earlier comment, I still think it's worthwhile reviewing your reasons for using the LUA.  For most environments, the SEPM alone is sufficient.  The below articles provide further information on when using an LUA might be appropriate:

SEPMM's picture

"then you can clearly see which Content Update types are client-based and which are for the SEPM."

Yes but you can't see anything that is clearly "a virus definition update for SEP clients".

That's half the problem. If you point the Live Update "process" at the Symantec LU servers then everything works fine. Automatically. Without any exposed details. So you can set up an internal LU server that does the same thing. Or a minimal but essential set of updates.

I'm not even sure that it's working right if I just use SEPM and point the SEPM install to an internal LU server without using a reference client that is updating off the Symantec LU server.

It sounds like I would be better off just using a caching proxy server for the Symantec LU server.

but this is all rapidly becoming moot as we now have a site license for MS System Center.

anyway for now that's what I'm doing: using the LU server to update SEPM and enabling both "default" and "internal" LU servers in the policy with the internal server set to a Symantec LU server. I can't get the clients to download AV updates (not to mention SEP updates) off the internal LU server simply because I don't see a way to get the internal LU server to download those updates. The rest of it is pretty clear. It's just not integrated well enough.

SMLatCST's picture

This is part of what we've been asking you to review.... Do you need a LUA?  Does your scenario match any of those described in the articles I posted?  What are your requirements?

In the meantime, back to the whole LUA config for clients thing!  You can see the individual download types by following the setup article I linked.  Please also see attached for an illustration of what can be chosen for download (there are at least 3 places where this list is visible).

SEPMM's picture

that's what I was looking for, which was, of course, one entry past where I stopped looking.

I just didn't see it before...

yes ok that seems to do what I want to do: the default server/SEPM will cache the client updates, but I can still run LU at the client and access the Symantec LU server directly. Which will be necessary if the client is a laptop and is no-longer on site as the SEPM is on an intranet. I can possibly even get them directly off the internal LU server but I can't set up the policy internal LA server list to use that first or else the client  won't go to the Symantec LU server unless the client *is* off-site & can't reach the LA server (which is on the intranet).

thank you very much

assuming that the Int. LA server updates properly now

SEPMM's picture

We need an internal LUA if that is how you get product updates into the SEPM.

If the SEPM can update directly from Symantec and source updates to the SEP clients all without an internal LU server, then no.

but my basic concern is that it is all just caching the Symantec servers.

Technically we can get around all of this except the automatic install & update process just by caching the Symantec servers with say Windows Media Proxy. And if in the process of installing the client virus definition updates the clients can also DL and install client updates, then the only thing the SEPM does is manage the updating of the clients and the policy configurations on a per-group basis. The primary role of the LU server is to hold the updates for testing before distribution. If you don't really need any of that then the SEPM and the LU servers just get in the way. Except to cache the Symantec servers.

You would of course have to still roll-out certain updates (the client packages) to SEP manually but we do that what once every 2 years? The engine updates through the Symantec Live Update server. We can roll out the packages through SEPM, or just through a server script.

99% of the problem is just caching the virus and engine updates and for that no we don't need an internal LUA. Just a proxy server.

SMLatCST's picture

If your primary concern is to distribute SEP definitions to your Clients in an efficient manner, then doing this via the SEPM alone is recommended.  The SEPM is fully capable of connecting directly to Symatec LU if you want it to (rather than to a LUA).  In a SEPM only type environment, content distribution works as below:

  1. SEPM connects to Symantec LU on the Internet and downloads all relevant defs (one big download over the Internet link)
  2. SEP Clients download delta defs from SEPM (lots of little downloads internally)

By contrast, using either an LUA of a web-cache proxy produces lots a large downloads internally, as neither option is able to produce the smaller delta def files (i.e. files that contain only the changes/updates in definitions).

As you have mentioned it, the testing of defs is one of the major functions of the LUA.  Is this a requirement?  I didn't really pick up a question from your last post blush

By the by, it's always appreciated if you could mark any posts you find useful with a "Thumbs Up", or as the Solution if we ever get there!