Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Failed to update Mail security for Exchange from internal LAN

Created: 07 Nov 2012 | 6 comments

I have an Exchange 2010 with Symantec mail Secuirty. I followed the article below:

Distributing virus definitions for Symantec Mail Security for Microsoft Exchange (SMSMSE) via LiveUpdate Administrator 2.x.

due to the fact that I wish my Exchange Anti-Spam anti virus solution to get updates from inside-internal LAN and not the Internet.

I succesfully created the file Settings.Hosts.LiveUpdate   using FTP or UNC several times but I hav got no results. The update is not working.

The results from FTP attempt

//////////////////////////////////////////////////////////////////////////////

////////////////////////////////////////////////////////////////////////////////
// Start LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
7/11/2012, 10:30:00 GMT -> LuComServer version: 3.3.0.78
7/11/2012, 10:30:00 GMT -> LiveUpdate Language: English
7/11/2012, 10:30:00 GMT -> LuComServer Sequence Number: 20081210
7/11/2012, 10:30:00 GMT -> OS: Windows NT, Service Pack: 1, Major: 6, Minor: 1, Build: 7601 (64-bit)
7/11/2012, 10:30:00 GMT -> System Language:[0x0408], User Language:[0x0408]
7/11/2012, 10:30:00 GMT -> IE 7 Support
7/11/2012, 10:30:00 GMT -> ComCtl32 version: 6.16
7/11/2012, 10:30:00 GMT -> IP Addresses: fe80::81e2:6f4:1b7e:eef9%13, 172.22.117.19
7/11/2012, 10:30:00 GMT -> Loading C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
7/11/2012, 10:30:00 GMT -> Opened the product inventory at "C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
7/11/2012, 10:30:00 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
7/11/2012, 10:30:00 GMT -> LiveUpdate flag value for this run is 0
7/11/2012, 10:30:00 GMT -> **** Starting a Silent LiveUpdate Session ****
7/11/2012, 10:30:00 GMT -> ***********************        Start of New LU Session        ***********************
7/11/2012, 10:30:00 GMT -> The command line is -s
7/11/2012, 10:30:00 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Silent Mode.
7/11/2012, 10:30:00 GMT -> Check for updates to:  Product: LiveUpdate, Version: 3.3.0.78, Language: English.  Mini-TRI file name: liveupdate_3.3.0.78_english_livetri.zip
7/11/2012, 10:30:00 GMT -> LiveUpdate is about to launch a new callback proxy process for product SMSMSE Virus Definitions WOW64 with moniker {F92F8A7B-F111-4db7-B145-6C41E7D6AE94}.
7/11/2012, 10:30:00 GMT -> Starting Callback Proxy Worker thread.
7/11/2012, 10:30:00 GMT -> The callback proxy for moniker {F92F8A7B-F111-4db7-B145-6C41E7D6AE94} was successfully registered with LiveUpdate.
7/11/2012, 10:30:00 GMT -> LiveUpdate successfully launched a new callback proxy process for product SMSMSE Virus Definitions WOW64.
7/11/2012, 10:30:00 GMT -> LiveUpdate is about to execute a PreSession callback for product SMSMSE Virus Definitions WOW64.
7/11/2012, 10:30:00 GMT -> The callback proxy finished executing the callback with a result code of 0x0
7/11/2012, 10:30:00 GMT -> The PreSession callback for product SMSMSE Virus Definitions WOW64 completed with a result of 0x0       
7/11/2012, 10:30:00 GMT -> Progress Update: TRYING_HOST: HostName: "Secsrv" URL: "\\172.22.117.11\DCLinux" HostNumber: 0
7/11/2012, 10:30:00 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0 Downloading LiveUpdate catalog file
7/11/2012, 10:30:00 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.78_english_livetri.zip
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "\\172.22.117.11\DCLinux\liveupdate_3.3.0.78_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "\\172.22.117.11\DCLinux\liveupdate_3.3.0.78_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.78_english_livetri.zip" HR: 0x802A0033
7/11/2012, 10:30:00 GMT -> HR 0x802A0033 DECODE: E_CANT_CREATE_FILE
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/11/2012, 10:30:00 GMT -> LiveUpdate will check for Mini-TRI file support on the server since the first Mini-TRI file was not available (liveupdate_3.3.0.78_english_livetri.zip).
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "\\172.22.117.11\DCLinux\minitri.flg", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "\\172.22.117.11\DCLinux\minitri.flg", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\minitri.flg" HR: 0x802A0032
7/11/2012, 10:30:00 GMT -> HR 0x802A0032 DECODE: E_CANT_CREATE_FILE_ACCESS_DENIED
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/11/2012, 10:30:00 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
7/11/2012, 10:30:00 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 1 Downloading LiveUpdate catalog file
7/11/2012, 10:30:00 GMT -> LiveUpdate could not find the MiniTri.flg file on the server.  LiveUpdate is entering legacy mode and will attempt to download the full LiveUpdate Catalog file.
7/11/2012, 10:30:00 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/11/2012, 10:30:01 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "\\172.22.117.11\DCLinux\livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/11/2012, 10:30:01 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "\\172.22.117.11\DCLinux\livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\livetri.zip" HR: 0x802A0032
7/11/2012, 10:30:01 GMT -> HR 0x802A0032 DECODE: E_CANT_CREATE_FILE_ACCESS_DENIED
7/11/2012, 10:30:01 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/11/2012, 10:30:01 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "1"
7/11/2012, 10:30:01 GMT -> EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server \\172.22.117.11 at path \\172.22.117.11\DCLinux via a LAN connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
7/11/2012, 10:30:01 GMT -> Progress Update: HOST_SELECTION_ERROR: Error: 0x802A0027
7/11/2012, 10:30:01 GMT -> LiveUpdate did not find any new updates for the given products.
7/11/2012, 10:30:01 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install.  The LiveUpdate session exited with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
7/11/2012, 10:30:01 GMT -> LiveUpdate is about to execute a PostSession callback for product SMSMSE Virus Definitions WOW64.
7/11/2012, 10:30:01 GMT -> ProductRegCom/luProductReg(PID=5128/TID=10868): Successfully created an instance of an luProductReg object!
7/11/2012, 10:30:01 GMT -> ProductRegCom/luProductReg(PID=5128/TID=10868): Path for calling process executable is C:\Program Files (x86)\Symantec\LiveUpdate\LuCallbackProxy.exe.
7/11/2012, 10:30:01 GMT -> ProductRegCom/luProductReg(PID=5128/TID=10868): Destroyed luProductReg object.
7/11/2012, 10:30:01 GMT -> The callback proxy finished executing the callback with a result code of 0x0
7/11/2012, 10:30:01 GMT -> The PostSession callback for product SMSMSE Virus Definitions WOW64 completed with a result of 0x0       
7/11/2012, 10:30:01 GMT -> Successfully released callback {0D7E9ED3-A063-4BB1-B3E6-E826F5D68306}
7/11/2012, 10:30:01 GMT -> LiveUpdate has called the last callback for product SMSMSE Virus Definitions WOW64, so LiveUpdate is informing the callback proxy that it can exit.
7/11/2012, 10:30:01 GMT -> The callback proxy executable for product {F92F8A7B-F111-4db7-B145-6C41E7D6AE94} is exiting with no errors
7/11/2012, 10:30:01 GMT -> ***********************           End of LU Session           ***********************
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
// End LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
 
The results from UNC attempt are below:
 
 
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
// Start LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
7/11/2012, 12:54:00 GMT -> LuComServer version: 3.3.0.78
7/11/2012, 12:54:00 GMT -> LiveUpdate Language: English
7/11/2012, 12:54:00 GMT -> LuComServer Sequence Number: 20081210
7/11/2012, 12:54:00 GMT -> OS: Windows NT, Service Pack: 1, Major: 6, Minor: 1, Build: 7601 (64-bit)
7/11/2012, 12:54:00 GMT -> System Language:[0x0408], User Language:[0x0408]
7/11/2012, 12:54:00 GMT -> IE 7 Support
7/11/2012, 12:54:00 GMT -> ComCtl32 version: 6.16
7/11/2012, 12:54:00 GMT -> IP Addresses: fe80::81e2:6f4:1b7e:eef9%13, 172.22.117.19
7/11/2012, 12:54:00 GMT -> Loading C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
7/11/2012, 12:54:00 GMT -> Opened the product inventory at "C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
7/11/2012, 12:54:00 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
7/11/2012, 12:54:00 GMT -> LiveUpdate flag value for this run is 0
7/11/2012, 12:54:00 GMT -> **** Starting a Silent LiveUpdate Session ****
7/11/2012, 12:54:00 GMT -> ***********************        Start of New LU Session        ***********************
7/11/2012, 12:54:00 GMT -> The command line is -s
7/11/2012, 12:54:00 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Silent Mode.
7/11/2012, 12:54:00 GMT -> Check for updates to:  Product: LiveUpdate, Version: 3.3.0.78, Language: English.  Mini-TRI file name: liveupdate_3.3.0.78_english_livetri.zip
7/11/2012, 12:54:00 GMT -> LiveUpdate is about to launch a new callback proxy process for product SMSMSE Virus Definitions WOW64 with moniker {F92F8A7B-F111-4db7-B145-6C41E7D6AE94}.
7/11/2012, 12:54:00 GMT -> Starting Callback Proxy Worker thread.
7/11/2012, 12:54:00 GMT -> The callback proxy for moniker {F92F8A7B-F111-4db7-B145-6C41E7D6AE94} was successfully registered with LiveUpdate.
7/11/2012, 12:54:00 GMT -> LiveUpdate successfully launched a new callback proxy process for product SMSMSE Virus Definitions WOW64.
7/11/2012, 12:54:00 GMT -> LiveUpdate is about to execute a PreSession callback for product SMSMSE Virus Definitions WOW64.
7/11/2012, 12:54:00 GMT -> The callback proxy finished executing the callback with a result code of 0x0
7/11/2012, 12:54:00 GMT -> The PreSession callback for product SMSMSE Virus Definitions WOW64 completed with a result of 0x0       
7/11/2012, 12:54:00 GMT -> Progress Update: TRYING_HOST: HostName: "secexch" URL: "\\172.22.117.11\dclinux" HostNumber: 0
7/11/2012, 12:54:00 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0 Downloading LiveUpdate catalog file
7/11/2012, 12:54:00 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.78_english_livetri.zip
7/11/2012, 12:54:00 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/11/2012, 12:54:00 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "\\172.22.117.11\dclinux\liveupdate_3.3.0.78_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/11/2012, 12:54:00 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "\\172.22.117.11\dclinux\liveupdate_3.3.0.78_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.78_english_livetri.zip" HR: 0x802A0033
7/11/2012, 12:54:00 GMT -> HR 0x802A0033 DECODE: E_CANT_CREATE_FILE
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/11/2012, 12:54:01 GMT -> LiveUpdate will check for Mini-TRI file support on the server since the first Mini-TRI file was not available (liveupdate_3.3.0.78_english_livetri.zip).
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "\\172.22.117.11\dclinux\minitri.flg", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "\\172.22.117.11\dclinux\minitri.flg", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\minitri.flg" HR: 0x802A0032
7/11/2012, 12:54:01 GMT -> HR 0x802A0032 DECODE: E_CANT_CREATE_FILE_ACCESS_DENIED
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/11/2012, 12:54:01 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
7/11/2012, 12:54:01 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 1 Downloading LiveUpdate catalog file
7/11/2012, 12:54:01 GMT -> LiveUpdate could not find the MiniTri.flg file on the server.  LiveUpdate is entering legacy mode and will attempt to download the full LiveUpdate Catalog file.
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "\\172.22.117.11\dclinux\livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "\\172.22.117.11\dclinux\livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\livetri.zip" HR: 0x802A0032
7/11/2012, 12:54:01 GMT -> HR 0x802A0032 DECODE: E_CANT_CREATE_FILE_ACCESS_DENIED
7/11/2012, 12:54:01 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/11/2012, 12:54:01 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "1"
7/11/2012, 12:54:01 GMT -> EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server \\172.22.117.11 at path \\172.22.117.11\dclinux via a LAN connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
7/11/2012, 12:54:01 GMT -> Progress Update: HOST_SELECTION_ERROR: Error: 0x802A0027
7/11/2012, 12:54:01 GMT -> LiveUpdate did not find any new updates for the given products.
7/11/2012, 12:54:01 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install.  The LiveUpdate session exited with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
7/11/2012, 12:54:01 GMT -> LiveUpdate is about to execute a PostSession callback for product SMSMSE Virus Definitions WOW64.
7/11/2012, 12:54:01 GMT -> ProductRegCom/luProductReg(PID=5232/TID=184): Successfully created an instance of an luProductReg object!
7/11/2012, 12:54:01 GMT -> ProductRegCom/luProductReg(PID=5232/TID=184): Path for calling process executable is C:\Program Files (x86)\Symantec\LiveUpdate\LuCallbackProxy.exe.
7/11/2012, 12:54:01 GMT -> ProductRegCom/luProductReg(PID=5232/TID=184): Destroyed luProductReg object.
7/11/2012, 12:54:01 GMT -> The callback proxy finished executing the callback with a result code of 0x0
7/11/2012, 12:54:01 GMT -> The PostSession callback for product SMSMSE Virus Definitions WOW64 completed with a result of 0x0       
7/11/2012, 12:54:01 GMT -> Successfully released callback {0D7E9ED3-A063-4BB1-B3E6-E826F5D68306}
7/11/2012, 12:54:01 GMT -> LiveUpdate has called the last callback for product SMSMSE Virus Definitions WOW64, so LiveUpdate is informing the callback proxy that it can exit.
7/11/2012, 12:54:01 GMT -> The callback proxy executable for product {F92F8A7B-F111-4db7-B145-6C41E7D6AE94} is exiting with no errors
7/11/2012, 12:54:01 GMT -> ***********************           End of LU Session           ***********************
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
// End LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
 
Any Ideas what I am doing wrong?
 

Comments 6 CommentsJump to latest comment

TSE-JDavis's picture

The LUA server will only work over http. The default port is 7070. You also need to know that SMSMSE can't get anti-spam ruleset updates through an LUA server, only virus definitions.

stratus's picture

Thanks for your reply. I know that LUA works over http. From LUA I download the virus definitions to internal network and from my exchange I try to download the virus definitions from a shared resource via UNC or FTP path both with no success. But when you say that SMSMSE can'get anti-spam ruleset updates that means that my Exchange server should connect directly to Symantec update server? The LUA server does not provide anti-spam ruleset updates?

TSE-JDavis's picture

The LUA product only downloads virus definitions, which is the same as Liveupdate. Antispam definitions are downloaded with conduit.exe straight from our aztec.brightmail.com server. If you want the server to be able to get premium antispam updates it will need access to our servers as per this document:

http://www.symantec.com/docs/TECH179796

stratus's picture

Hi and thanks for your quick answer.

I have register both the symantec antivirus and antispam licences during the installation process of the Brightmail symantec product in my Exchange Server since duirng the installation my exchange is currently connected to internet. But it will no longer be able connect to internet due to security reasons we all know.

My final question to your answer is that if it is possible to download and install manually, thus updating periodically the Premium Antispam engines?

Thanks a lot in advance.

TSE-JDavis's picture

There is no way to manually update antispam definitions. These are downloaded every 10 minutes by conduit and there is no other way to get updates besides connecting to our servers.

You may want to consider a gateway device, such as the Messaging Gateway, to block your spam. I assume that since your Exchange server won't be allowed to connect to the internet that you have some sort of gateway already accepting the mail and relaying it in to your Exchange server.

stratus's picture

Hi and thanks for your clear answer.

My implementation has both anti spam internally in my Exchange 2010 Server (Symantec Mail Security for Exchange 6.5.8.285)  and in my mail relay in DMZ (Symantec Message Filter 6.30).

My question is that does Symantec Mail Security for Exchange 6.5.8.285) and (Symantec Message Filter 6.30) have the same anti spam engines?.

To conclude if both have the same anti spam engine I am covered from spam attacks at least in front end.

If not, please provide me the address  and port in which my Exchange 2010 should connect to Internet to download anti spam rulesets. I need to do a explicit firewall rule for that.

Thanks for your help in advance.