Endpoint Protection Small Business Edition

I installed the management console, and have a test platform of 3 clients (1, Windows 2000, 1 XP, 1  Win 7).  Those that have internet access go to the web, those that do not get the error LU1814.  None of the pc's are supposed to go to the web as the box "Allow Liveupdate to run on the client" is not checked.  The only files I have found so far (#2007110813315548) seems to suggest that the Microsoft service WSUS is required.  Can anyone confirm this?  As far as I can tell, this service is not on the server, hence the failed updates to the clients.

Thanks.
Craig
 

WSUS is not required for updating virus definitions.
Which is the version of yor software?

I am using trialware version 12.0.  Something that may be coming into play is that the program is installed on drive d: as drive c: did not have sufficient space. Looking at document 2009020909412948, "Troubleshooting content update problems", my setup satisfies all the listed factors. The registry entries USELIVEUPDATESERVER and USEMANAGEMENTSERVER both have the value 1. I changed USELIVEUPDATESERVER to 0 but it made no difference in behavior.

Hey everybody,

Want to be crowned "King for a week?"  Here's your chance by getting involved in our Security Solutions Contest!  Try to solve this thread and you could win a prize and be "King for a week!"  Find out more here:

https://www-secure.symantec.com/connect/blogs/security-solutions-contest-be-king-week

Good luck everyone!

Eric

From the server, can you please run the SEP support tool? Please report back here any errors that are generated.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008071709480648

Thanks,
Thomas

Under Symantec > tools > I have only migration, database, and server config.  No tools in the console.  Where is the SEP Support tool located?

Craig

It is provided in the link that I posted above.

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/SEPDIAG/Sep_SupportTool.exe

 
Dahhhh!!  My bad.  Sorry. Read the post, missed the link. 

Hi,

Please do the secars test as well to see the response for client communication with SPC Console.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a6b9dc2d869c89a58825737700642895?OpenDocument

Aniket

Two files are attached, the reports from the SEP Tool.  The T100 is the server.  The SAVTestXP is the client. 

Additional playing with this test platform: in addition to the non-internet enabled clients not receiving updates from the server, commands (i.e. do a scan, send an update) are not being executes by the non-internet enabled pc.   The internet enabled pc's I really cannot tell whether the updates are from the server or from internet.  Will have to delve into the log files next to see.  On the internet enabled XP pc, I sent a command to do a scan, but looking at the client, there is no indication that a scan is being done.  Opening task manager, no Symantec applications show up, and under services, I cannot differentiate the norman ones from the command to scan.

Client issue?  Server issue?  Both?  Cannot tell.

Thanks for reading.
Craig

Craig,

I am not seeing the files.

The SECARS Test was run on the two XP boxes, 1 with internet access enabled, one without internet access.  Both responded the same; using IE, entering the http address (198.1.1.8:8014/secars?hello,secars)  resulted in a log on screen.  After entering the server's user name and password, the 'Reporting-Home' screen opened up.  No "OK" message appeared.

Craig

Are you able to see all the Clients in the SEP Console ?

on XP machine go to Folder options --View
At the bottom --Uncheck--Use Simple File Sharing

Appears that the report files have the extension "SDBZ" which is not a allowed extension.  I renamed them with .TXT extensions so you may have to re-rename back to .SDBZ.

Craig

Yes.  The three clients are visible on the console.  Using the add a computer option of the console, I was able to start the client installation from the console- one was pushed, one was emailed, and one used the custom installation.  All computers can ping all the others. 

Simple file share is not enabled.


Craig

Is there any registry entry on the clients that tell it where to go for the updates?

In the C\Program files\Symantec\Liveupdate\Settings.liveupdate you can find where it goes for updates..

In SEP 12 however, by default, If the client is not able to download the defs from SEP Console it will go to internet

Craig ,

Did you reboot the server after install? The SEP report came up with errors, reporting a needed reboot to update files.

No one could recall whether we did or not, so I just did a full shut down and restart.

Same for the non-internet enabled XP computer.

No change in behavior (Proactive threats still disables (waiting for updates), liveupdate generates LU1814 error message, console commands to update and scan do not cause client to get updates or start a scan (as far as I can tell).  All three clients are showing in the management console.

Not sure if the management console is working properly....for the non-internet enables XP client, the client shows proactive threat turned off (waiting for update) but the console shows that the computer status as OK.

"In SEP 12 however, by default, If the client is not able to download the defs from SEP Console it will go to internet"  We removed the internet access from one of the internet enabled computers and it the generated the LU1814 error confiromg that none of the test clients was getting an update from the server even though we have no check mark in the policy box permitting clients from going to the internet.

Check if your SEP Manager Console is downloading the definitions and is up-to-date

As of 1529 hrs today, the console shows  Definitions >  Lastest from Symantec > Sep 08 2010 R2. 

I believe that this is the latest.

Craig

Disable windows firewall (both in server and in client) and try....

Client - firewall not on
Server - ICS is disabled, firewall not running

Issue: Liveupdate from server to client is not working. Commands issued from server are not executed.

Summary: All clients (4 more were added yesterday (9-8-2010), 2 were non internet enabled using push, 2 were internet capable using push.)
                    Internet enabled goes to the internet for updates (changing ip to a non-internet capable ip generated LU1814 error),
                    Non-internet pc's generate LU1814.  I can manually update with Intelligent Update using a flashdrive.
                    Server is getting updates as it is R50 now (last check was R2)
                    Console sees all clients.  PING can be done from client to server and visa versa.
                    Firewalls on the initial clients and the server are off.  Status of the firewalls of the 4 new ones unknown.
                    The management console and a client are on the standalone server d:\ for lack of space on c:\.  Server is also hosting Datagentics (a drawing viewer server company   wide pc's with out issues.  No IIS, No WSUS.

Kicker: The first non-internet client that started this issue showed a red status, as the proactive threat and the antivirus updates were not beinng received. I manually updated the antivirus using the intelligentupdate .EXE file download which caused the AV status to go green.  The proactive status was still red. At 1700 hrs yesterday it was still red (waiting for updates).  At 0750  hrs this morning, a check of the client showed ALL GREEN.  Somehow it received an update for the proactive threat . A check of the proactive system log shows no update info.  A manual liveupdate still fails as does a send update command from the server.

Hope I got everything.

Craig

To everyone, Thank you for trying.  I am now considering this a closed issue.  Not sure what is going on, but as of late yesterday, the 2 non-internet capable computers show a green status and have updates that are the current versions. Do not know why the sudden update 36 hours after the original installation occurred.