Video Screencast Help

Group Update Provider policy settings

Created: 13 May 2013 • Updated: 13 May 2013 | 5 comments
Roog's picture

Hi,

 

We use SEPM 12.1 RU1 and all clients are having SEP12.1 RU1 client software installed.
For downloading new definitions we have configured the live update policy to use multiple GUP servers.

This seems to work fine except for the option "Maximum time that clients try to download updates from a Group Update Provider before trying the default management server" this is ignored or not working like it suppose to do.

We have set this option to "Never" because we don't want clients to download new definitions from the default management server.
Despite the fact that we have set it to never download from..... it still happens that clients are downloading from the default management server. 

The client is in the same subnet as the GUP server and happens most of the time after a client failed to download from the GUP for more than 10 times. Which is strange because the GUP server is online and up to date.
Nevertheless whether or not the GUP server is online or up to date we don't want clients to download from the default management server.

So the question is how can we make sure that clients Never download updates from the default management server but always use their GUP server?

BTW Clients that are connected over the VPN and thus in a different subnet also downloads from the default management server. This is not what we want either but we can live with this.

 

kind regards,

Rogier

 

 

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

You mentioned there is an entry in the logs for the client not able to contact the GUP. When this happens, does the client go "offline" from the SEPM and switch it's location to an "off network" location? Is there anything else in the log regarding this? If so, do you have a different policy configured if the location changes to something else?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

Methinks this was resolved in RU2:

http://www.symantec.com/docs/TECH199676

 

Client bypasses the newly promoted Group Update Provider despite policy that states it should never bypass the Group Update Provider
Fix ID: 2757957
Symptom: Clients bypass newly promoted Group Update Provider and contact Symantec Endpoint Protection Manager directly for content, even though policy states it should never bypass the Group Update Provider.
Solution: Client does not bypass the Group Update Provider if policy is set to "never bypass," even if the new Group Update Provider's guplist.xml is still empty.
Roog's picture

HI,

 

Thanks for your comments.

If RU2 will solve this than we will consider to upgrade to RU2.

 

thanks,

 

 

Rogier

 

.Brian's picture

I would test first but looks to be the case.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Roog's picture

Hi Brian

Yes we might test first.

To come back to your question it is not going offline and it uses the same policy for every location.

 

Thanks, I really appreciate your comments.