Help with vacine update on SEP 12.1 multiple GUPs
Hello All,
I need help with vacine update from GUP.
Im using GUP in multiple mode.
I made a policy that contains all GUPs on my network.
I have a lot of branch. I have a group with the Name "Bloqueados" and I have this clients inside this Group
For this group, I use the update policy with multiple GUPs OK.
For each branch, I put 2 or 3 machines with multiple GUP, in case of one of them stay offline.
In the branch with the name 0101*(this clientes are inside of the group Bloqueados), I have 3 GUPs. 2 windows XP 32 bits and 1 Server 2008 64bits. (look the image attached)
My problem is... This server 2008 goes to get update from the both windows xp machines, and I get error.. This server 2008 is a GUP, ok! He must get update from the managar, right?
I have the same situation with the clients with the name 0301* and it works..
If I move the server 2008 to another group that has the update policy like Update From manager, it works.
So, why this server 2008 goes to get update from another GUP if it is a GUP?
Thanks anyway.
Diego
Comments
GUP inside group.
Anyone, please confirm or correct me on this:
I am thinking that you provide a separate group for the Update Provider PCs. A GUP should be the one getting the updates from the server. But when putting them in a group with an assigned GUP, do they also inherit those settings and also search for GUP for updates?
Although GUPs do check in to the SEPM server when a request is called for an update and they do not contain the latest version requested.
“Your most unhappy customers are your greatest source of learning.”
Hey mon_raralio, Thanks for
Hey mon_raralio,
Thanks for your answer. I created a group with just GUPs and applyed the update policy to use from Manager.. So, the GUPs went to update from the manager and it worked alright, but, the clients in the group "Bloqueados" had problem with update, so I had to change the GUPs from the new group (GUPs) to the last group, Bloqueados, and my problem returned.
I would request you to chech
I would request you to chech the registry entry for these values, check out the IP/hostname listed there.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate]
"MasterClientHost"=
"MasterClientPort"=
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hey pete, thanks too. So,
Hey pete, thanks too.
So, about this values:
"MasterClientHost"=
"MasterClientPort"= 2967
The first is empty
it should have been GUP it
it should have been GUP it should be connecting to get the updates.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
It should work, right?
It should work, right?
Not necessarily
Not necessarily. If there are multiple GUPs, every client pulls the GUP list, filters the GUPs being in its own subnet, sorts the remaining GUPs in ascending order, and then uses the GUP with the smallest IP address. If that doesn't work, the clients takes the next GUP, and so on.
Therefore, it's definitely possibly that a client with GUP functionality (e.g., your server 2008) pulls its content from another GUP. The client functionality and the GUP functionality have nothing to do with each other.
However, it is NOT possible that a GUP is filling its GUP cache from another GUP. This content always comes from SEPM. Don't forget that a GUP is not a standalone server but just a SEP client with an additional functionality, which is independant from the client functionality.
Are all 0101* clients in the same subnet?
Here are two excellent videos about GUPs:
https://www-secure.symantec.com/connect/videos/group-update-providers-part-1
https://www-secure.symantec.com/connect/videos/group-update-providers-part-2
hey greg12, thanks :) So, I
hey greg12, thanks :)
So, I understood that a GUP can do update from another GUP, OK?
In 0101*, I have some clients, and these below are GUPs, look:
0101rodc01 - 172.20.108.158/22 - Server 2008
0101_cash_1 - 172.20.109.4/22 - XP
0101_cash_4 - 172.20.109.5/22 - XP
They are in the same subnet, with the same network config.
So, Why my server 2008 can not update from another GUPs?
Follow a attached file with the log of my server 2008
Strange
If you mean "A SEP client (with activated GUP) can update from a different GUP on another computer" -- yes.
Are the log entries in the above picture all referring to the GUP with the address 172.20.109.5, as in the first row, or are the downloads from all GUPs failing? Normally, a client tries to use the next GUP if the current GUP doesn't answer.
Have a look in this file. Here are all GUPs your SEPM know:
C:\Programs\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\gup\globallist.xml
A great tool particularly for GUP troubleshooting is the SEP content distribution monitor:
https://www-secure.symantec.com/connect/downloads/sep-content-distribution-monitor
hey greg, So, This server
hey greg,
So, This server 2008 tries to download from this GUPs clients:
0101_cash_1 - 172.20.109.4/22 - XP
0101_cash_4 - 172.20.109.5/22 - XP
The same clients that are in the same subnet.
This server 2008 is a 64bits, and this GUPs clients are 32 bits. Maybe he can not update from their because this?
In this list I have the Server 2008 inside.
Would you like to reply?
Login or Register to post your comment.