Running SEP 11.0.6 (0162) and am having difficuties with updates, infact the do not work at all.  I have a internal LUA server (2k8) lua 2.2 and it is correctly publishing and sharing the defs.  On all macs if Live update is launched this is what show up in the log Jan 12, 2011 9:45:00 AM Java LiveUpdate launched with the command line = -c /Library/Application Support/Symantec/LiveUpdate/liveupdate.conf --abort-on-file-exists /private/tmp/liveupdate.0.illIdh --available-list /private/tmp/liveupdate.1.58yhcl [ -p Symantec Endpoint Protection for Mac Virus Defs -v MicroDefsB.Full -l SymAllLanguages -z 0 -t IntelVirusDef ] [ -p Symantec Endpoint Protection for Mac Virus Defs -v MicroDefsB.Dec -l SymAllLanguages -z 2010121732 -t IntelVirusDef ] [ -p Symantec Endpoint Protection for Mac Virus Defs -v MicroDefsB.CurDefs -l SymAllLanguages -z 2010031832 -t IntelVirusDef ]
Jan 12, 2011 9:45:00 AM   Symantec Endpoint Protection for Mac Virus Defs, MicroDefsB.Full, SymAllLanguages, IntelVirusDef, 0
Jan 12, 2011 9:45:00 AM   Symantec Endpoint Protection for Mac Virus Defs, MicroDefsB.Dec, SymAllLanguages, IntelVirusDef, 2010121732
Jan 12, 2011 9:45:00 AM   Symantec Endpoint Protection for Mac Virus Defs, MicroDefsB.CurDefs, SymAllLanguages, IntelVirusDef, 2010031832
Jan 12, 2011 9:45:00 AM Using character set UTF-8
Jan 12, 2011 9:45:00 AM Command-line Product Selections to update:
Jan 12, 2011 9:45:00 AM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Jan 12, 2011 9:45:00 AM Adding JLU to the current command line
Jan 12, 2011 9:45:00 AM   JLU Macintosh, 3.6, English, LiveUpdateSeq, 20
Jan 12, 2011 9:45:00 AM Java Version 1.6.0_22.
Jan 12, 2011 9:45:00 AM Mac OS X 10.6.6
Jan 12, 2011 9:45:00 AM Java LiveUpdate version 3.6 Build 20.
Jan 12, 2011 9:45:00 AM ProductInventory: parsed default inventory file: /etc/Product.Catalog.JavaLiveUpdate
Jan 12, 2011 9:45:00 AM Inventory File Product Selections to update:
Jan 12, 2011 9:45:00 AM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Jan 12, 2011 9:45:01 AM The property maxZipFileSize in config file is 614,400
Jan 12, 2011 9:45:01 AM The property maxTriFileSize in config file is 10,485,760
Jan 12, 2011 9:45:01 AM The property maxPackageSize in config file is 734,003,200
Jan 12, 2011 9:45:01 AM The property maxPackageContentSize in config file is 734,003,200
Jan 12, 2011 9:45:01 AM Cache is disabled.
Jan 12, 2011 9:45:01 AM Checking to see if JLU can connect to its own listener thread.
Jan 12, 2011 9:45:01 AM Checking to see if a session of JLU is running at port 49261.
Jan 12, 2011 9:45:01 AM An active JLU session has been detected.
Jan 12, 2011 9:45:01 AM JLU was able to successfully connect to its own listener thread.
Jan 12, 2011 9:45:01 AM Checking to see if a session of JLU is running at port 49180.
Jan 12, 2011 9:45:01 AM An active JLU session has been detected.
Jan 12, 2011 9:45:01 AM Checking to see if a session of JLU is running at port 49181.
Jan 12, 2011 9:45:01 AM An active JLU session has been detected.
Jan 12, 2011 9:45:01 AM Checking to see if a session of JLU is running at port 49182.
Jan 12, 2011 9:45:01 AM An active JLU session has been detected.
Jan 12, 2011 9:45:01 AM
Jan 12, 2011 9:45:01 AM The Java LiveUpdate session did not complete successfully.
Jan 12, 2011 9:45:01 AM Return code = -1
Jan 12, 2011 9:45:01 AM

The Live update session hangs and nothing happens. 

If I remove SEP and reinstalll in a unmanaged state updates work fine. 

follow this document

Symantec Endpoint Protection for Macintosh Fails to Update from LUA 2.x Server after Upgrade to RU6 MP2

Been there done that, that is not the problem.  In fact the error doe not even match. I get a error -1 not 0.

If this is SEP for Mac 11.0.6000, Rafeeq's document will not apply.

"Return code = -1" means "Java LiveUpdate failed to run successfully."  This is, I admit, not very helpful. :-/  In the LiveUpdate policy, what is the URL given to the clients to connect, and can you connect if you try to browse to that address in a web browser window?

Is LiveUpdate running via a schedule, being launched manually, or are you sending commands from the SEPM?

Edit: Check this out and see if it applies.

Macintosh LiveUpdate error: "LiveUpdate is automatically updating your Symantec Products. Wait until this process completes before using LiveUpdate again."
http://www.symantec.com/docs/TECH140257

sandra

Manually, to a ftp server that is configured correctly

############################################################
#                                                          #
# livepdate.conf - Symantec LiveUpdate configuration file  #
#                                                          #
# This file is used to configure the settings used by      #
# LiveUpdate                                               #
#                                                          #
############################################################

hosts/0/login:ENC=008bfdf66a47fe062ca93ae7b4d2dbdf
hosts/0/mode=passive
hosts/0/password:ENC=5d7c06b2a23cda983fb66ce86aa253ee
hosts/0/url=ftp://myserver.mycompany.com/
logfile=/Library/Application Support/Norton Solutions Support/LiveUpdate/liveupdt.log
maxPackageContentSize=734003200
maxPackageSize=734003200
maxTriFileSize=10485760
maxZipFileSize=614400
workdir=/tmp

I can FTP to the location using the correct credentials and see and manually retrieve the files.  I have tried this both by running the update manually and by running it via policy, always with the same result. 

Thanks.  Definitions are hosted at the root of ftp:// myserver.mycompany.com/?

Have LiveUpdate commands been sent from the SEPM while the machine was on but no one logged in?  Does the document noted above help at all?

sandra

If I am logged out the update runs but does not update.  I get this towards the end of the session

Jan 12, 2011 1:05:31 PM Error in getting file size of /jlu$20macintosh_3.6_english_livetri.zip from server
Jan 12, 2011 1:05:31 PM
Jan 12, 2011 1:05:31 PM The Java LiveUpdate session has completed successfully.
Jan 12, 2011 1:05:31 PM Return code = 0
Jan 12, 2011 1:05:31 PM

but my virus defs are still 3/18/10

Sorry thought that I replied to the other,

Yes the defs are hosted at the root

The commands have been sent to a idle unlogged in workstation, and No the document does not help.

The commands have been sent to a idle unlogged in workstation

I don't recommend sending commands to an idle, unlogged in workstation because of the issue described in that document.  Security restrictions on the operating system prevent any application that can generate a window (including LiveUpdate) from launching if no one is logged in, and a LiveUpdate command sent to a machine that is on but is not logged in can create a zombie process that prevents LiveUpdate from running again until the root-owned LiveUpdate process is killed.  So you do not see that process in Activity Monitor with all processes showing?

If you try to run LiveUpdate manually, do you get the "LiveUpdate is automatically updating your Symantec Products. Wait until this process completes before using LiveUpdate again." message?

sandra

You asked if I could do that, that is why I tried.

From a freshly booted sepm managed machine I can run live update. The progress bar locks and will sit there all day.  The log file will show a -1 error.

If I quit live update and try to launch again I get the error you reference.  If I check top, Live update is not running.

If I remove sep and reinstall using the same conf file, pointing to my internal LUA server it works without a problem.  I get the virus def updates and everything is fine. 

This appears to me to be a issue with sepm and Macintoshes. 

But the SEPM is not part of the LiveUpdate process directly.  It only provides the policy (if changed) at heartbeat (which gives it the same settings you give the unmanaged client manually), receives log information from the client at heartbeat, and sends commands to the smcdaemon.  The only difference I can think of between the two installations, particularly if you're giving the unmanaged client the internal LUA settings and the liveupdate.conf shows those settings correctly, is that the managed client is listening for commands that you're sending, and the unmanaged client is not.  If there are any pending commands, they could be received during the logout-login period post installation when the first heartbeat takes place.

You're running the first released build for SEP for Mac--we have had 2 maintenance patches since then and the current version is 11.0.6200.  Off the top of my head I can't think of any fixes related to what you're experiencing, but I would recommend bringing it up to the current build and see if the issue persists.

(Of course, if you bring the client up to RU6 MP2, you will want to follow the document linked above by Rafeeq to add the new V2 definitions. )

sandra

In anticipation of that thought I took the liberty of manually updating a workstation to the current, with no change in behavior.

Hm.  To confirm, top is showing even root-owned processes?  I'm really sort of stumped given what I know from this thread.  Definitely open a web case or give Support a call so we can work with you directly.

sandra

Hi Illiterati,

Until you get the SEP for Mac clients updating successfully from the LUA 2.x server, you can keep them up-to-date with the use of an Intelligent Updater file. These are updated daily and contain all the latest definitions.  The file will be named somethign similar to "NavM9_Installer_20110112_US.zip" for PowerPC's.  Download it from here: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=nmc

I definitely recommend using RU6 MP2 for all Mac's.  This latest release has several improvements over that initial 11.0.6000 (0162) version.

In your LUA 2.x server's Distribution Center (ftp://myserver.mycompany.com/ according to the settings above) can you copy the names of all the *.osi and *.osx files present?  Post them to the thread and I will have a quick look to make sure that the  correct materials are there.

Thanks and best regards,

Mick