Endpoint Protection Small Business, Clients cannot get updates from server/console
Updated: 08 Dec 2010 | 27 comments
I installed the management console, and have a test platform of 3 clients (1, Windows 2000, 1 XP, 1 Win 7). Those that have internet access go to the web, those that do not get the error LU1814. None of the pc's are supposed to go to the web as the box "Allow Liveupdate to run on the client" is not checked. The only files I have found so far (#2007110813315548) seems to suggest that the Microsoft service WSUS is required. Can anyone confirm this? As far as I can tell, this service is not on the server, hence the failed updates to the clients.
Thanks.
Craig
discussion Filed Under:
Comments
WSUS is not required for
WSUS is not required for updating virus definitions.
Which is the version of yor software?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
I am using trialware version
I am using trialware version 12.0. Something that may be coming into play is that the program is installed on drive d: as drive c: did not have sufficient space. Looking at document 2009020909412948, "Troubleshooting content update problems", my setup satisfies all the listed factors. The registry entries USELIVEUPDATESERVER and USEMANAGEMENTSERVER both have the value 1. I changed USELIVEUPDATESERVER to 0 but it made no difference in behavior.
This thread is included in the "King for a Week" contest
Hey everybody,
Want to be crowned "King for a week?" Here's your chance by getting involved in our Security Solutions Contest! Try to solve this thread and you could win a prize and be "King for a week!" Find out more here:
https://www-secure.symantec.com/connect/blogs/security-solutions-contest-be-king-week
Good luck everyone!
Eric
Subscribe to the upcoming Security Newsletter - Log in, visit your profile, and click on "Newsletter Subscriptions!"
From the server, can you
From the server, can you please run the SEP support tool? Please report back here any errors that are generated.
http://service1.symantec.com/SUPPORT/ent-security....
Thanks,
Thomas
Under Symantec > tools > I
Under Symantec > tools > I have only migration, database, and server config. No tools in the console. Where is the SEP Support tool located?
Craig
It is provided in the link
It is provided in the link that I posted above.
ftp://ftp.symantec.com/public/english_us_canada/pr...
Dahhhh!! My bad. Sorry.
Dahhhh!! My bad. Sorry. Read the post, missed the link.
Two files are attached, the
Two files are attached, the reports from the SEP Tool. The T100 is the server. The SAVTestXP is the client.
Additional playing with this test platform: in addition to the non-internet enabled clients not receiving updates from the server, commands (i.e. do a scan, send an update) are not being executes by the non-internet enabled pc. The internet enabled pc's I really cannot tell whether the updates are from the server or from internet. Will have to delve into the log files next to see. On the internet enabled XP pc, I sent a command to do a scan, but looking at the client, there is no indication that a scan is being done. Opening task manager, no Symantec applications show up, and under services, I cannot differentiate the norman ones from the command to scan.
Client issue? Server issue? Both? Cannot tell.
Thanks for reading.
Craig
Craig, I am not seeing the
Craig,
I am not seeing the files.
Appears that the report files
Appears that the report files have the extension "SDBZ" which is not a allowed extension. I renamed them with .TXT extensions so you may have to re-rename back to .SDBZ.
Craig
Hi, Please do the secars test
Hi,
Please do the secars test as well to see the response for client communication with SPC Console.
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a6b9dc2d869c89a58825737700642895?OpenDocument
Aniket
The SECARS Test was run on
The SECARS Test was run on the two XP boxes, 1 with internet access enabled, one without internet access. Both responded the same; using IE, entering the http address (198.1.1.8:8014/secars?hello,secars) resulted in a log on screen. After entering the server's user name and password, the 'Reporting-Home' screen opened up. No "OK" message appeared.
Craig
Are you able to see all the
Are you able to see all the Clients in the SEP Console ?
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Yes. The three clients are
Yes. The three clients are visible on the console. Using the add a computer option of the console, I was able to start the client installation from the console- one was pushed, one was emailed, and one used the custom installation. All computers can ping all the others.
on XP machine go to Folder
on XP machine go to Folder options --View
At the bottom --Uncheck--Use Simple File Sharing
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Simple file share is not
Simple file share is not enabled.
Craig
Is there any registry entry
Is there any registry entry on the clients that tell it where to go for the updates?
In the C\Program
In the C\Program files\Symantec\Liveupdate\Settings.liveupdate you can find where it goes for updates..
In SEP 12 however, by default, If the client is not able to download the defs from SEP Console it will go to internet
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
"In SEP 12 however, by
"In SEP 12 however, by default, If the client is not able to download the defs from SEP Console it will go to internet" We removed the internet access from one of the internet enabled computers and it the generated the LU1814 error confiromg that none of the test clients was getting an update from the server even though we have no check mark in the policy box permitting clients from going to the internet.
Craig , Did you reboot the
Craig ,
Did you reboot the server after install? The SEP report came up with errors, reporting a needed reboot to update files.
No one could recall whether
No one could recall whether we did or not, so I just did a full shut down and restart.
Same for the non-internet enabled XP computer.
No change in behavior (Proactive threats still disables (waiting for updates), liveupdate generates LU1814 error message, console commands to update and scan do not cause client to get updates or start a scan (as far as I can tell). All three clients are showing in the management console.
Not sure if the management console is working properly....for the non-internet enables XP client, the client shows proactive threat turned off (waiting for update) but the console shows that the computer status as OK.
Check if your SEP Manager
Check if your SEP Manager Console is downloading the definitions and is up-to-date
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
As of 1529 hrs today, the
As of 1529 hrs today, the console shows Definitions > Lastest from Symantec > Sep 08 2010 R2.
I believe that this is the latest.
Craig
Disable windows firewall and
Disable windows firewall (both in server and in client) and try....
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Client - firewall not
Client - firewall not on
Server - ICS is disabled, firewall not running
Summary (and a kicker)
Issue: Liveupdate from server to client is not working. Commands issued from server are not executed.
Summary: All clients (4 more were added yesterday (9-8-2010), 2 were non internet enabled using push, 2 were internet capable using push.)
Internet enabled goes to the internet for updates (changing ip to a non-internet capable ip generated LU1814 error),
Non-internet pc's generate LU1814. I can manually update with Intelligent Update using a flashdrive.
Server is getting updates as it is R50 now (last check was R2)
Console sees all clients. PING can be done from client to server and visa versa.
Firewalls on the initial clients and the server are off. Status of the firewalls of the 4 new ones unknown.
The management console and a client are on the standalone server d:\ for lack of space on c:\. Server is also hosting Datagentics (a drawing viewer server company wide pc's with out issues. No IIS, No WSUS.
Kicker: The first non-internet client that started this issue showed a red status, as the proactive threat and the antivirus updates were not beinng received. I manually updated the antivirus using the intelligentupdate .EXE file download which caused the AV status to go green. The proactive status was still red. At 1700 hrs yesterday it was still red (waiting for updates). At 0750 hrs this morning, a check of the client showed ALL GREEN. Somehow it received an update for the proactive threat . A check of the proactive system log shows no update info. A manual liveupdate still fails as does a send update command from the server.
Hope I got everything.
Craig
Relegated to "Dead issue"
To everyone, Thank you for trying. I am now considering this a closed issue. Not sure what is going on, but as of late yesterday, the 2 non-internet capable computers show a green status and have updates that are the current versions. Do not know why the sudden update 36 hours after the original installation occurred.
Would you like to reply?
Login or Register to post your comment.