Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Live update definitions not being updated in clients - Small Business Edition

Created: 12 Jun 2012 | 10 comments

Hi,

Just installed SEP Small Business Edition after uninstalling the Enterprise Edition. Clients deployed successfully by the default client packages. However the following observations need solution:

  1. The clients are not being updated by the Live Update definitions automatically as can been seen from the enclosed screen shot. If the LUD is run on the client then the server reports it as updated
  2. Though some client computers are shut but the green button remains on even after more than 12 hours as can be seen in the case of Laptop and V2 computer in the screen shot.

I tried to edit the live update policy but was not able to assign it as nothing happened after pressing the assign button.

I shall be obliged if a solution is provided.

Comments 10 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

What OS are you running on the SEPM server? Any Firewall / Proxy on the server?

Could you upload us the sylink.log from 1 of the client machine, which would help us reach the root caus of the issue.

To Enable the Sylink Debugging - check this Article: http://www.symantec.com/docs/TECH104758

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

rkkhandelwal_54's picture

Dear Mithun,

Thanks for the response. As advised in the link, I followed the following advice:

  1. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  2. Double-click smc_debuglog_on
  3. Change the Value data to 1 and click OK

However the system does not permit the changing of the value data to 1 from 0.

Regards,

Thanks,

Rajiv K Khandelwal

rkkhandelwal_54's picture

Hi,

The technical person from the reseller remotely tweaked a bit on the policies but definitions are not being updated. Waiting for a visit for the technical hand to do the needful.

My experience with Symantec has been that it does not work without a technical hand working on the product. The initial instalment too required the assistance.

Regards,

Thanks,

Rajiv K Khandelwal

rkkhandelwal_54's picture

Hi,

The technical person from the reseller was here two days back and he uninstalled the SEP SBE and re-installed it. Subsequently he updated the clients with the sylink file. The definitions were updated both on the client computers and the server. However, even after 24 hours of the last update the clients are not being provided by the latest defintions from the manager. Relevant screen shots of the definitions on the manager and the defintiions on the client and server at various time intervals are being enclosed for reference.

Shall appreciate if a solution is provided.

Regards,

VH Home Screen.PNG VH Computers 15 Jun 0940 hrs..PNG VH Server 15 Jun 0940 hrs..PNG VH Computers 15 Jun 1015 hrs..PNG

Thanks,

Rajiv K Khandelwal

Mithun Sanghavi's picture

Hello,

Could you please upload the sylink.log, log.liveupdate and log.lue?

Check this Article on How to collect Logs - 

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry http://www.symantec.com/docs/TECH104758

More detailed information about why LiveUpdate is failing can be found in the following log file:

These are found under:

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Lue\Logs

On Windows Vista, Windows 7, and Windows Server 2008:
C:\Program Data\Symantec\Symantec Endpoint Protection\<silo_id>\Data\Lue\Logs

A Quick look on this Article would help you with Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

http://www.symantec.com/docs/TECH95790

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

rkkhandelwal_54's picture

Dear Mithun,

I assume that you missed my earlier post on regedit as the value could not be changed.

Regarding the log files, both the tech help from the reseller and I decided to uninstall and re-install both the SEP Manager and the clients. Hence we are unable to access the log files as the uninstallation had been done and are re-installing the manager and deploying the clients.

Shall revert back once we see the progress over the next 24 hours.

Regards,

Thanks,

Rajiv K Khandelwal

rkkhandelwal_54's picture

Hi,

I uninstalled SEP SBE both from the server and clients and did a fresh install of the SEP Small Business Edition. Waited for 36 hours and the clients were not updated with the latest definitions from the Server. The other thing is that the SEP Manager is not e-mailing the reports to the specific e-mail addresses. Also clients which had shut down are not being updated on the manager despite elapsing of more than 12 hours.

To facilitate a diagnosis, the following snap shots and files are being uploaded:

  1. Snap shot of definitions on server as VH Definitions showing definitions updated till June 16
  2. Snap shot of Server dates showing virus definition date as June 14
  3. Snap shot of Client dates showing virus definition date as June 14 and clients V2 & V4 as online though they are shut down from 8 PM previous night
  4. The log file from Windows 7 which has been renamed to Win 7_Log.txt as lue file cannot be uploaded
  5. The log file from Windows XP which has been renamed to log.txt from log.lue
  6. The Product.Inventory.LiveUpdate file from Windows XP which has been renamed to Product.Inventory.Txt
  7. The Settings.LivUpdate file from Windows XP which has been renamed to Settings.Txt

To summarize the following are the issues that I am facing:

  1. Clients not being updated by the SEPM with the latest definitions
  2. SEPM not showing the correct status of the clients even after 12 hours of shutting down of the client
  3. Reports from SEPM are not being e-mailed.

Kindly let me know if any other information is required.

Thanks for your assistance and regards,

VH Definitions.PNG VH Server dates.PNG VH Client dates.PNG
AttachmentSize
Win 7_Log.txt 40.3 KB
Log.txt 22.5 KB
Product.Inventory.Txt 464 bytes
Settings.Txt 101.02 KB

Thanks,

Rajiv K Khandelwal

rkkhandelwal_54's picture

Hi,

I have created the following two reports after downloading a tool but am unable to upload them:

  1. Server report: Vardaan: VARDAAN__2012_06_18__13_05_37_LP_Full.sdbz
  2. Client report: V6: V6__2012_06_18__12_53_51_Full.sdbz

Kindly advise.

Regards,

Thanks,

Rajiv K Khandelwal

Mithun Sanghavi's picture

Hello,

I would request you to create a case with the Symantec Technical Support on the same and upload all the Logs.

QuickStart Guide - Create and Manage Support Cases in SymWISE

http://www.symantec.com/docs/HOWTO31132

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023

OR

To Call Symantec Technical Support :

http://www.symantec.com/business/support/assistance_care.jsp

http://www.symantec.com/enterprise/support/contact_techsupp_static.jsp

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

rkkhandelwal_54's picture

Hi Mithun,

As I did not hear from you I have already created a case with Tech Support and waiting to hear from them. Unfortunately the online support system does not seem to work and a call was made to register it.

Thanks for your support.

Thanks,

Rajiv K Khandelwal