GUP breaks Definition Updates
SEPM 11.0.5002.333 on Server 2008R2
SEP on Windows XP or Server 2008
As long as I select update from Management Server everything works (nearly) as expected. Clients get updates and everythings fine.
If I try to make a Server 2008 machine to a Group Update Provider neither the clients nor the Group Update Provider machine itself gets any definition updates.
In the debug log on the GUP I see an error message
When I turned on Request Tracing on the SEPM IIS I seet that ther is a request that fails with error 500:
http://ip_of_SEPM_Server:8014/secars/secars.dll?h=[longline of numbers and chars]
CALL_ISAPI_EXTENSION DllName="C:\PROGRA~2\Symantec\SYMANT~1\bin\secars.dll"
MODULE_SET_RESPONSE_ERROR_STATUS ModuleName="IsapiModule", Notification="EXECUTE_REQUEST_HANDLER", HttpStatus="500", HttpReason="INTERNAL SERVER ERROR", HttpSubStatus="0", ErrorCode="The operation completed successfully.
Any ideas how to hunt down this problem?
Comments
If you make windows XP as GUP
If you make windows XP as GUP whether the clients are getting updated?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
I made a XP machin the GUP
I made a XP machin the GUP but the clients still say "500 internal server error". So I figure that not the GUP but the the SEPM itself is the problem.
If it is working fine with
If it is working fine with windows xp try by removing IE enhanced security from add/remove windows components.
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Hi
Have you enabled ASP.Net Extension on your IIS server?
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Yes, they are installed.
Yes, they are installed.
Its possible that there
Its possible that there couuld be a port conflict at the server on port 9090 that is also used for log forwarding by the client.
In that case, you may try to run the management server configuration wizard and change the port to 9091.
Refer to the following KB: http://service1.symantec.com/support/ent-security....
Best,
Aniket
On the SEPM Server there is
On the SEPM Server there is nothing running that could claim this port. It's a clean out-of-the box installation of Win 2008R2 and SEPM.
Furthermore the client is perfectly visible in the SEPM management console and even reports back the (outdated) version number of its definition files.
Paste the scm-server-0.log
Paste the scm-server-0.log with is present
in Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\logs here
Without GUP whether any pc is able to update?
Whether your server having latest updates?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Not much in that
Not much in that log...
2009-11-12 17:58:48.365 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-12 18:20:48.576 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 07:47:52.509 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 08:33:52.653 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 08:58:52.772 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 09:01:52.794 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 10:07:53.409 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 10:11:53.473 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 10:16:53.547 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 11:01:53.864 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 13:15:03.824 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-13 13:48:03.882 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-16 09:53:16.608 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-16 10:35:16.679 SEVERE: GupListPublishTask->Sempub publish: errBuf =
2009-11-16 10:49:16.705 SEVERE: GupListPublishTask->Sempub publish: errBuf =
Hi, Looks like there is an
Hi,
Looks like there is an error at SEPM while publishing the GUPLIST.
Could you please check if gup list is being created normally?
Aniket
I have a E:\Symantec Endpoint
I have a E:\Symantec Endpoint Protection Manager\data\outbox\agent\gup\globallist.xml
<?xml version="1.0" encoding="UTF-8" ?>
<GupList NameSpace="rpc">
<GupItem Address="10.157.6.101" Port="2967" />
</GupList>
Check these docs also
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection
Which communication ports does Symantec Endpoint Protection 11.0 use?
2967 is the port used by GUP (it is configurable)
Assure that this port is open
You can do telnet in these ports and you can confirm it is working
Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Also try by removing IE
Also try by removing IE enhances security from add/remove windows components in SEPM
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Update
I had no time to look into this, but now I'm one step further.
I found an exsecars.log which says:
01/13 10:20:58 [3256:2884] 10.157.6.101 GetGlobalIndex 500 Open file error. global index filename=globalindex.dax
When I use the Process Monitor there are 2 entries that refence to this file:
E:\Symantec Endpoint Protection Manager\data\outbox\agent\globalindex.dax.sig NOT FOUND
E:\Symantec Endpoint Protection Manager\data\outbox\agent\globalindex.dax NOT FOUND
These two files don't exist in the above path. Who or what should create this files?
Disable both firewall and
Disable both firewall and windows defender in server and see any difference is present..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
No Firewall, no Windows defender
No Firewall, no Windows Defender active.
Having the same problem after
Having the same problem after upgrading to RU5
I have a liveupdate policy for each location with the DC of the site as single GUP provider. This worked till i upgraded to SEP RU5 (SEPM is als RU5).
Now the DCs and other servers (and i think also the clients) don't get new definition updates. As soon as i uncheck the GUP function it is working and the DCs and Servers get their definitions.
This has nothing to do with the 12-31 issue btw it started right after the upgrade (before chistmas).
In the log of the DCs it says "Start serving as the Group Update Provider (proxy server)."
If i use the new GUP function it is the same :(
Greets
Stephan
Do you have a
Do you have a globalindex.dax file somwhere in your SEPM Data Folder?
No, i only have this file in
No,
i only have this file in the sharedcontentfolder
#content#{C60DC234-65F9-4674-94AE-62158EFCA433}#91231123#xdelta91231122!dax
And it is from today ?!?
Hi, The file he is talking
Hi,
The file he is talking abount is present at the SEPM.
And about the following errors:
01/13 10:20:58 [3256:2884] 10.157.6.101 GetGlobalIndex 500 Open file error. global index filename=globalindex.dax
When I use the Process Monitor there are 2 entries that refence to this file:
E:\Symantec Endpoint Protection Manager\data\outbox\agent\globalindex.dax.sig NOT FOUND
E:\Symantec Endpoint Protection Manager\data\outbox\agent\globalindex.dax NOT FOUND
I strongly suggest you to repair your SEPM from the installation CD. I think that the GUP functionality is not functioning properly at the SEPM. The globalindex.dax is the most one of the most important files in case of GUP implementation. If that file is not present, GUPs cant work in RU5.
Aniket
Did not help!
OK, I tried the repair. Doesn't change anything. There is no globalindex.dax or .sig.
I also did a new clean installation of the SEPM server and SEP on the GUP. Still the same error in exsecars.log and on the GUP.
As the file is not present at a clean installation, something in SEPM must create it later. But what process or application?
I found some other .dax and .sig files on the SEPM. They look like encrypted versions of the corrsponding .xml files to me. Is that true? There is also no globalindex.xml on the SEPM server.
I have the same issue as
I have the same issue as msommer.
Also no globalindex.dax ... Can someone which has a working GUP in RU5 please confirm that there is such a file present ?
It seem i found my problem
It seem i found my problem from another post:
Regarding my issue, I don't know if this helps anyone else, but after a number of hours online with Symantec Support, there is a known "bug" in RU5 where if you have your SEPM data directory installed in a location different than the program default, GUPs do not update the clients. I was told either the next MR (which is currently in development but not scheduled) or to run the SEPM configuration Wizard out of the Program Files directory and change the Data folder back to the default to fix the issue.
http://www.symantec.com/connect/forums/sep-11-mr5-gup-not-updating-clients
I did not yet try it out. Because i'd have to set all infos like sql server etc. And i don't have the passwords for this one.
Greets
Stephan
Goddamit
That really seems to fix it!
If this issue is "known" why is there not the least hint in any document on the Symantec pages or in the readme?
Thanks Symantec, for the countless hours I spent beacause of your crappy QA!
GUP error GetGlobalIndex 500 Open file error
Hi steppe
I run the wizard and i change the data to c: but i have the same bug, in the gup server i run sylinkmonitor and i have the http returns status code 500 and i check in manager server in exsecars.log and i have (GetGlobalIndex 500 Open file error) i search for find globalindex.dax and no success. And now steppe gup run for you?????
Thanks for help
Just a question to the
Just a question to the symantec people.
Is there a list of known bugs for the current release ? Can someone post it in here please ?
Greets
Stephan
One idea is present for this
One idea is present for this you can also vote for that
Known bugs list & status
Till now I am not seen anybody is giving such an information
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Would you like to reply?
Login or Register to post your comment.