A we take the control of GUP server we found share update folder in that which shows that GUP is downloading updates for clients.

Que-

1) How we will check that for which client it downlod updates?

2) How we check which client is communicating with this GUP at that time? i.e. from GUP server can we take any option to know which clients are communicating with him.

3) We found one issue... GUP is online, communicating with SEPM, downloading updates for clients, clients communicating with that GUP are updated and got update from mentioned GUP, Space is availble. BUT GUP ITSELF IS NOT UPDATED. As we check the system log we found Error statement as - "Failed to download update from GUP".

the only easy option for you is to set up Content Distribution Monitor tool.

refer to below links

SEP Content Distribution Monitor - Introduction

Endpoint Protection Content Distribution Monitor tool for Group Update Providers

1. If you check the system log on the clients it will tell you which GUP it downloads from.

2. You would need to run packet traces. You can also enable sylink logging on the GUP.

3. What is the exact SEP version on the GUP? Enable sylink logging to determine what is going on.

Thanks brian

I need to know the content distribution of GUP towards specific client.

que 3) SEP version is 12.1.5 running on that GUP.

Brain, if I am not not Sylink logging will not provide the details of the client which is downloading defintions from the GUP

The System log on the client or checking the client activity log on the SEPM will show this.

Use the article I wrote to help assist in advanced filtering of these logs:

SEPM 12.1 - Advanced Settings filter options for Client Activity logs

Brian,

If 60 clients are communicating with one GUP then we are not able to take control of each client and see the system log.

But from GUP is that possible to know to which client it distribute the definition.

It is possible if you view the clients System log on the SEPM. All of those logs are kept centrally there.

The main point here is that there is no tool to easily monitor GUP --> client traffic.

You'll need to use packet traces, logging, etc. This is something you'll need to decide and what you feel comfortable with.

if you are just looking for one client and just as an one time activity. please look into to below link

SEPM 12.1 - Advanced Settings filter options for Client Activity logs

Hi,

It seems GUP definitions are corrupted. GUP can not update himself with the definitions requested by GUP clients.

GUP downloads separate definitions from the SEPM to update himself like normal SEP client. 

Update GUP machine using intelligent updater. If possible repair the SEP client also.

• http://www.symantec.com/docs/TECH102606

The SEP client software on a GUP system can be updated using the Intelligent Updaters available from Security Response however these do not apply to the GUP process itself nor does any information get cached for other clients to use for updating by this methodology

The GUP process is essentially a file serving proxy component of a SEP client, it does not build deltas but only requests and caches files that clients are requesting to use in their update process from the SEPM itself
 

How can we check symantec GUP server communicate with client system or not

GUP communicates over tcp port 2967. You can enable logging to see this or monitor with a packet sniffer.

Can you give me the link and could you expplain me how to monitor

Do you know how to use wireshark? This will be a good tool to install on your GUP and watch the traffic.

Brian,

How to use this application? How to tally results?

SEP clients stay connected with the SEPM to receive latest policy updates, if GUP is configured then SEPM will redirect clients to contact their GUP to receive definition updates.

So it's like a three way communication, SEP clients will contact SEPM to receive policy update, SEPM will point them to GUP machine, GUP will provide definition updates.

This article can be a quick check.

Article: How to quickly test SEP client to GUP and GUP to SEPM communication

http://www.symantec.com/docs/TECH153328

For troubleshooting if you think any particular client is not receiving updates from GUP, need to collect sylink logs from the affected computer. Logs will reveal what's the soruces for updates.

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/docs/TECH97190

If the GUP is the source of the update, you will see the following line in the Sylink log:
<GetLUFileRequest:>http://192.x.x.x:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/80324005/delta80323019.dax

Hi Bharat,

Generally when we configure GUP we do not allow clients to contact the SEPM to receive definition updates.

See the below screen-shot, mostly 'Never' option is selected.

In such cases, if all the clients are not updating you can assume issue might be at GUP machine

If specific client is not updating issue might be with that particular client.

Real time monitoring is really not required unless there is a big concern.

Here is an article : Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

http://www.symantec.com/docs/TECH104539