Endpoint Protection

I have remote sites so am trying to update the clients using GUP's locally, when I have the clients connecting to the SEPM they update virus DEF's ok, as soon as I turn on GUP's at site they do not get the latest definitions.

I have tried entering the GUP's using FQDN's and IP addresses with no results.

The remote GUP's are also my WSUS servers are there any known conflicts? The firewalls are all switched off and the wsus servers use a different port number to communicate.

Is there an error log I can check on the clients that will give me more detailed information other than the basic logs in SEP, view logs, client management, system log on the clients?

Please help
KR
Jamie

Hi Jimmy,

 
                    Please check the following links which would assist you in further narrowing down the reason for the clients not updating from the Group Update Provider.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008081810593048

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092720522748

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040113243148

I hope this will be help for your problem. first you should check client talk GUP server you can see that "view logs" " client management" system log. you will see like this: start using Group Update Provider (proxy server) @ xxx.xxx.xxx.xxx  can you see this in client system log?

https://www-secure.symantec.com/connect/articles/sep11-frequently-asked-questions-file

Best Regards
Fatih.

Be aware that the WSUS servers must also have the same liveupdate policy that your clients have that points them to the GUP.
(or another one that specifies themself as the GUP)

Unless the WSUS server also gets this policy, it will not turn itself into a GUP.

Also, check the logs as mentioned above.

Hi All,

fatihteke
Yes I do see that in the client log, "start using group update proivder (proxy server) @ hqfile.xxxxxx.com:2967.

bjohn
I thought that specifying the server in the groups (HQ Clients) live update settings policy was all you need to do? I have ticked use group update provider as the default liveupdate server and added the above server info in for the clients at site HQ Clients.
 
The server is in a seperate group (HQ servers), do I also have to add this into the policy for the group the server is in?

Thanks all for your help
Jamie

JimmyR,

Yes to your question.
Seethe bottom posts of this thread also.

https://www-secure.symantec.com/connect/forums/question-upgrade-path

i have realy no idea now. can you see green point on symantec logo on rigth? when my clients dont download updates from GUP. first i look GUP is online. and second client is online. it is very interesting. did you try sandip_sali's answer?

bjohn is right.

The way GUPs work means all machines including the actual GUP need to have the same shared LU policy applied to them.

the best practice is to separate your GUPs into their own groups.  1 GUP per group, apply the same shared poliy there as you do to the clients which will be using this GUP.  It is a little bit of management overhead, but that's how the code was written.  The GUP itself will not know it is a GUP until it 'sees' itself defined in its own LU Policy.

You could always assign the server to the same client group as the workstations it is proxying for in theory, but in practice this never really works out because of the other policies (server vs workstation, etc)

Im pulling my groups from Active directory, they are setup like this

My company/
default group/
computrers/
domain controllers/
GXP validated computers/
SUS clients (Sub OU's below)

/desktop_Laptop/
(subgroup OU's for desktop laptop are) ELY/ KSP/ LON/ POR (these groups contain user PC's are not inheriting policys and are set to have own non shared liveupdate policy which has there own GUP) The GUPs for these clients are in the following sub server OU's

/Servers/
ELY/KSP/POR/LON these are OU's with site servers in them.

In the "desktop_laptop" "POR" OU group I have set one of the servers in the "Server POR" OU as the GUP in liveupdate policy. I have now added the same server as the GUP to the "Server POR" OU liveupdate policy, will this suffice to allow the clients and the selected GUP server to enable it and them to get virus def updates?

Hope this makes sense!!

Thanks once again
Jamie

yes, if your Server/POR + desktop_laptop/POR share the same LU Policy with the same GUP defined, this will work.

(this assumes of course that your WSUS 'POR' server in fact lives in Server/POR OU, I'm assuming it does based on the names of the OUs)

As a result of adding the above to the server OU liveupdate policy, the server in question has added the sharedupdates folder but it is in a different location?

"C:\Program files\SAV\SharedUpdates.

Instead of the location that is listed in this article
C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates
https://www-secure.symantec.com/connect/articles/sep11-frequently-asked-questions-file


FYI the server was updated from version 10.2 symantec anti virus corporate edition

It has addded a GUP.dat and #content#{xxxxx-xxxxx-xxxx-xxxx-xxxxFull!.zip

Is this correct and will the clients still be able to update even though it has created them in the SAV folder?

Thanks
Jamie

You can check the log on the GUP "server" to see that it will start to become a GUP provider.

Also, you can check the thread that I listed above to use "localhost" as the GUP server, instead of having multiple liveupdate policies for your WSUS servers.

If you can make your domain controllers a GUP, see this post for a simple solution.
https://www-secure.symantec.com/connect/forums/ad-integration-sep-groups-computers-moving-themselves-around

bjohn, thanks I looked at that and was just in the process of adding it, am I right in thinking that the servers will then check themselves as localhost GUP's for the update and when unable to will then go to the SEPM manager.

One of the the servers in these server groups is the SEPM is it ok for the liveupdate policy for this server to have GUP on it as local host?

Im new to SEPM and these forums, is there a way on here to give some sort of points to you both for all you help, also do I need to mark as solution etc??

Kind Regards
Jamie

you can hit the "thumbs-up sign" to vote or mark as solution to give credit.

I dont know if you can define a GUP for the SEPM, never tried that.....I'm thinking it won't matter, the client install on the SEPM will get updates from the GUP, but the server install should still run LUALL on schedule like normal.

Didn't see your previous question till now, but yes, I believe the directory change is because it was an upgrade.

>>bjohn, thanks I looked at that and was just in the process of adding it, am I right in thinking that the servers will then check themselves as localhost GUP's for the update and when unable to will then go to the SEPM manager.

Consider this: you have multiple locations with workstations and maybe 1 server that you can use as your GUP.
You want to leave all your servers (WSUS or F&P) in one group in SEPM. Give them all the same liveupdate policy that has "localhost" as the GUP.
If you don't use localhost, then you would have to create a separate group in SEPM for each of these locations.
On your clients, depending on the location, give the server name as the GUP.

Looking at your AD configuration, it's proably not necessary to use localgroups.
(hope this makes sense, I know it's confusing)


>>One of the the servers in these server groups is the SEPM is it ok for the liveupdate policy for this server to have GUP on it as local host?

My understanding is that SEPM uses it's own settings as described in the console:
Admin > Servers > local site > edit site properties > liveupdate tab

If your problem is solved, then yes, mark it solved.
I think the vote button gives points (not sure)

Please help...

I have configured GUP to distribute definition file to XP clients but clients are not getting update its still showing old definition date. The strange thing is SEP Clients are showing green button and in clients system log i can see "Start using Group Update Provider (proxy server) @ *****:2967. There is a folder named "SharedUpdates" is created on the machine which i configured GUP but its empty. Kindly suggest what is wrong.

Thanks in advance.

Alok

Upgrade to SEP11MR4MP2

Your problem has been solved in the above upgrade release.

Hey Bijay can you give me some reference i have already upgraded to SEP11MR4MP2.