Endpoint Protection

We have recently migrated a customer from CA to SEPM, but since install SEPM Live Update has been crashing the server.

Win2003 R2 DC running Domino 8.5.1, Backup Exec 12.5.

Last two entries in System Event in all cases show:

Event ID: 7036 14:51:35
The LiveUpdate service entered the running state.

Event ID: 7035 14:51:35
The LiveUpdate server was successfully sent a start control.

Last lines on the LU Log show:

3/20/2010, 14:52:26 GMT -> Progress Update: PATCH_FINISH: Patch File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\1269011453jtun_the_cal100319016.zip.full.zip", Script File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\sesmSyKnCal64.dis", HR: 0x0       
3/20/2010, 14:52:26 GMT -> Progress Update: PATCH_START: Patch File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\1269011453jtun_symantec$20security$20content$20b1$2d64_microdefsb.curdefs_symalllanguages_lumd.zip.full.zip", Script File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\sesmSyKnCal64_lumetadata.dis"
3/20/2010, 14:52:26 GMT -> Progress Update: SECURITY_PACKAGE_TRUSTED: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\1269011453jtun_symantec$20security$20content$20b1$2d64_microdefsb.curdefs_symalllanguages_lumd.zip.full.zip"
3/20/2010, 14:52:26 GMT -> Signer: cn=Symantec Corporation,ou=Usage - Prod02SigningToken,ou=Locality - Arizona,ou=Product Group - LiveUpdate,ou=SymSignature,o=Symantec Corporation
3/20/2010, 14:52:26 GMT -> Progress Update: UNZIP_FILE_START: Zip File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\1269011453jtun_symantec$20security$20content$20b1$2d64_microdefsb.curdefs_symalllanguages_lumd.zip.full.zip", Dest Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205"
3/20/2010, 14:52:26 GMT -> 1269011453jtun_symantec$20security$20content$20b1$2d64_microdefsb.curdefs_symalllanguages_lumd.zip.full.zip is in RAR format.
3/20/2010, 14:52:26 GMT -> Progress Update: UNZIP_FILE_FINISH: Zip File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\1269011453jtun_symantec$20security$20content$20b1$2d64_microdefsb.curdefs_symalllanguages_lumd.zip.full.zip", Dest Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205", HR: 0x0       
3/20/2010, 14:52:26 GMT -> Added package to cache...
3/20/2010, 14:52:26 GMT ->     DIS - UPDATE("C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205", "G:\Symantec Endpoint Protection Manager\data\inbox\content\tmp17f3.tmp") <BEGIN>
3/20/2010, 14:52:26 GMT ->         Updating C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\sesmSyKnCal64_lumetadata.dis at G:\Symantec Endpoint Protection Manager\data\inbox\content\tmp17f3.tmp.
3/20/2010, 14:52:26 GMT ->         Updating C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\symantec$20security$20content$20b1$2d64_microdefsb.curdefs_symalllanguages_livetri.zip at G:\Symantec Endpoint Protection Manager\data\inbox\content\tmp17f3.tmp.
3/20/2010, 14:52:26 GMT ->     DIS - UPDATE(0x0) <END>
3/20/2010, 14:52:26 GMT ->     DIS - DELETE("G:\Symantec Endpoint Protection Manager\data\inbox\content\tmp17f3.tmp\SesmSyKnCal64updateDir-lumetadata.dis") <BEGIN>
3/20/2010, 14:52:26 GMT ->         The file to delete was not found.
3/20/2010, 14:52:26 GMT ->     DIS - DELETE(0x1) <END>
3/20/2010, 14:52:26 GMT -> Progress Update: PATCH_FINISH: Patch File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\1269011453jtun_symantec$20security$20content$20b1$2d64_microdefsb.curdefs_symalllanguages_lumd.zip.full.zip", Script File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt205\sesmSyKnCal64_lumetadata.dis", HR: 0x0       
3/20/2010, 14:52:26 GMT -> LiveUpdate is about to execute a PostSession callback for product SESM Content Catalog.
3/20/2010, 14:52:26 GMT -> ProductRegCom/luProductReg(PID=4144/TID=9392): GetProperty caught generic exception
3/20/2010, 14:52:26 GMT -> ProductRegCom/luProductReg(PID=4144/TID=9392): GetProperty caught generic exception
3/20/2010, 14:52:26 GMT -> ProductRegCom/luProductReg(PID=4144/TID=9392): GetProperty caught generic exception


Not yet tried uninstalling and re-installing Live Update.

can you kindly update the error seen on the SEPM console while updating?

There is no error on the console. If we run the update manually is goes through without error, but if we leave it to run on schedule it locks the server up with the only recourse being to manually power cycle. As far as I can tell the updates are downloaded but its hanging up the server when it tries to process beyond that point.

is that LUALL.exe taking 100 % utilization?

Is it thelatest SEPM version?

Any other logs, like windows dump that can help to know why the resource locks down

My guess would be that that is the issue, however we've not managed to get a useful memory.dmp from it. This is the latest SEPM.

The initial update for the SEPM is huge.last time when I installed SEPM is was taking a long time to get the updates.I left the sever for one day as it is and the problem got solved.Later I found that it took 7-8 hours to get the initial update.So live the server as it is now and observer after one day..

This is a production server and not practical to "just leave it". It has after one of the hangs been in that state for over 5 hours. Manual live updates are fine so the system is up to date, its the automatic updates that hang the box.