Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

live update failing in small enterprise 2012

Created: 11 Dec 2012 | 45 comments

I use win 7/64 pro. I installed 12.1.1000.157.RU1 on my desktop and laptop. When I run Live update laptop works fie  but desktop gives me "Failed to connect to the LiveUpdate server".

I tried reinstalling 3 times having used Windows uninstaller, Symantec uninstaller and Revo uninstaller but to no avail. I've looked at previous messages regarding this and none seem to give me a satisfactory answer. At present I am updating my definitions manually.

Some guidance would be appreciated.

Comments 45 CommentsJump to latest comment

pete_4u2002's picture

what OS ? is it 2012 , i suggest you to use SEP 12.1 RU2

can you look into the logs? is it connecting to internal liveuopdate server or internet?

keithinoz's picture

The os is win 7/64bit. I use 12.1 RU1 under a university program to give students access (without support) to antivirus so RU2 is not really an option.

pete_4u2002's picture

ok, SEP 12.1 ru1 support windows 7 64 bit.

did you check the logs?

which server is it trying to connect (internet or liveupdate administrator)?

keithinoz's picture

which logs should I be looking at? I have absolutely no problems conecting to the net. My laptop which is on the same wifi has no issue with Liveupdate.

pete_4u2002's picture

Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Lue\Logs\lue.log from the machine.

search for lue.log

keithinoz's picture

Symantec LiveUpdate Engine 2.0.2.5   (Release)
OS: Windows 7 Professional     64-bit  VerInfo: 6.1  ServicePack: 1.0
LanguageID: 00000c09
WinHttp.dll Version: 6.1.7601.17514
----------------------------------------------------------------------------------------------------
Session started at: 2012/12/11 11:56:08.710    (UTC +09:00)
ProcessId: 1208, ThreadId: 6536, SessionId: 1
Machine ID: E552B0C5-D5F2-19CC-A1E3-831A09393EC5
Agent Field: SEP/12.1.1000.157 MID/{E552B0C5-D5F2-19CC-A1E3-831A09393EC5} SID/1
----------------------------------------------------------------------------------------------------
  Component: Moniker: {07B590B3-9282-482f-BBAA-6D515D385869}, P: SEPC Virus Definitions Win64 (x64) v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {263395A0-D3D8-4be4-80B5-202C94EF4AA0}, P: SEPC Iron Settings v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {31D8C93E-8DB2-4eeb-8D75-87FD92F1C62C}, P: SEPC CIDS Signatures v12.1, V: MicroDefsB.Hub, L: SymAllLanguages.
  Component: Moniker: {55DE35DC-862A-44c9-8A2B-3EF451665D0A}, P: SEPC CIDS Signatures v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {810D5A61-809F-49c2-BD75-177F0647D2BA}, P: SEPC Iron Revocation List v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {A8BA6A8E-8DB4-4575-8C7B-13CAF85B70AB}, P: SESC AntiVirus Client Win64, V: 12.1, L: English.
  Component: Moniker: {B6DC6C8F-46FA-40c7-A806-B669BE1D2D19}, P: SEPC Submission Control Data, V: 12.1, L: SymAllLanguages.
  Component: Moniker: {D6AEBC07-D833-485f-9723-6C908D37F806}, P: SEPC Behavior And Security Heuristics v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}, P: SEPC Iron Whitelist v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {FC1DE9A6-0007-4f4a-9CDB-BB89A857F51D}, P: SEPC Virus Definitions Win64 (x64) v12.1, V: Hub, L: SymAllLanguages.
  OnNotify() method for callback {73D8F7DB-5990-4EDF-945E-53047F1A8230} returned 0x0
  OnNotify() method for callback {EDBD3BD0-BEEF-4d4d-BAC9-19DD32EF4758} returned 0x0
  OnNotify() method for callback {2F090208-20DC-42f0-BBD8-B68B472F7215} returned 0x0
  OnNotify() method for callback {810D5A61-BEEF-49c2-BD75-177F0647D2BA} returned 0x0
  OnNotify() method for callback {B6DC6C8F-BEEF-40c7-A806-B669BE1D2D19} returned 0x0
  OnNotify() method for callback {263395A0-BEEF-4be4-80B5-202C94EF4AA0} returned 0x0
  OnNotify() method for callback {511C2222-DEFD-22EE-B154-4A6A546B9793} returned 0x0
* ExtractServerInfo()-Proxy Server Name(http://proxy.iprimus.com.au) is not valid.
  Server selection failed for server HTTP://liveupdate.symantecliveupdate.com/ on port 80.
  Proxy (http://proxy.iprimus.com.au:8080) is configured for server (liveupdate.symantecliveupdate.com). Won't go for explicit DNS query.
* ExtractServerInfo()- proxy server Name(http://proxy.iprimus.com.au) is not valid.
  Server selection failed for server FTP://update.symantec.com/opt/content/onramp on port 21.
  Proxy (http://proxy.iprimus.com.au:8080) is configured for server (update.symantec.com). Won't go for explicit DNS query.
* Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue.
* Unable to select server.
* Server Selection Failed.
* Error downloading files. Error Code: 0x85058002
  OnNotify() method for callback {73D8F7DB-5990-4EDF-945E-53047F1A8230} returned 0x0
  OnNotify() method for callback {EDBD3BD0-BEEF-4d4d-BAC9-19DD32EF4758} returned 0x0
  OnNotify() method for callback {2F090208-20DC-42f0-BBD8-B68B472F7215} returned 0x0
  OnNotify() method for callback {810D5A61-BEEF-49c2-BD75-177F0647D2BA} returned 0x0
  OnNotify() method for callback {B6DC6C8F-BEEF-40c7-A806-B669BE1D2D19} returned 0x0
  OnNotify() method for callback {263395A0-BEEF-4be4-80B5-202C94EF4AA0} returned 0x0
  OnNotify() method for callback {511C2222-DEFD-22EE-B154-4A6A546B9793} returned 0x0
  ***** Session Results *****
  Total Updates Available: 0
  Total Updates Succeeded: 0
  Total Updates Succeeded - Reboot Req: 0
  Total Updates Skipped: 0
  Total Updates Failed: 0
  RunLiveUpdate result code: 0xA1000002
  Session max recursion count = -1
* Reporting error: 0xA1000002 Session failed
  Error report submitted
----------------------------------------------------------------------------------------------------
Session ended at: 2012/12/11 11:56:08.886    (UTC +09:00)
****************************************************************************************************

pete_4u2002's picture

ExtractServerInfo()- proxy server Name(http://proxy.iprimus.com.au) is not valid.
  Server selection failed for server FTP://update.symantec.com/opt/content/onramp on port 21.
  Proxy (http://proxy.iprimus.com.au:8080) is configured for server (update.symantec.com). Won't go for explicit DNS query.
* Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue.
* Unable to select server.
* Server Selection Failed.
 

its going thru proxy, are you in the network?

Mithun Sanghavi's picture

Hello,

Upon checking the logs, we see as below:

* ExtractServerInfo()-Proxy Server Name(http://proxy.iprimus.com.au) is not valid.
  Server selection failed for server HTTP://liveupdate.symantecliveupdate.com/ on port 80.
  Proxy (http://proxy.iprimus.com.au:8080) is configured for server (liveupdate.symantecliveupdate.com). Won't go for explicit DNS query.
* ExtractServerInfo()- proxy server Name(http://proxy.iprimus.com.au) is not valid.
  Server selection failed for server FTP://update.symantec.com/opt/content/onramp on port 21.
  Proxy (http://proxy.iprimus.com.au:8080) is configured for server (update.symantec.com). Won't go for explicit DNS query.
* Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue.
* Unable to select server.
* Server Selection Failed.
* Error downloading files. Error Code: 0x85058002

Here are few KB's which you could follow - 

Configuring Symantec Endpoint Protection Manager to connect to a proxy server to access the Internet and download content from Symantec LiveUpdate

http://www.symantec.com/docs/HOWTO81361

Proxy configuration on SBE 12.1 Self managed client

http://www.symantec.com/docs/TECH195795

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

I read HowTO81361 Sorry to be  a little dumb but where do I find the console mentioned in step 1

  1. In the console, click Admin, and then click System.

  2. Under Servers, select the management server to which you want to connect a proxy server.

  3. Under Tasks, click Edit the server properties.

  4. On the Proxy Server tab, under HTTP Proxy Settings, for Proxy usage, select Use custom proxy settings.

  5. Type in the proxy settings.

    For more information on these settings, click Help.

  6. Click OK.

Mithun Sanghavi's picture

Hello,

Check the Screenshot below- 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

From the log it says liveupdate engine 2.2

clients can be installed as managed or in unmanaged mode.

open sep client click on help and support ->troubleshooting

do you see server name or it says Self managed?

if it shows server name then thats your management server.

if you find any older version of liveupdate in add/remove programs remove it.

follow this document to install Lu for the client, you can skip the management part section.

http://www.symantec.com/business/support/index?pag...

keithinoz's picture

Rafeeq.

My system is self managed.

I followed the instructions and uninstalled and reinstalled Liveupdate. However when I try to register SEPM I found the folder program files\symantec is empty. There is no folder c:\program files\symantec\symantec endpoint protection manager\.  I did a global search of c: and can't find a file lucatalog.exe.

I checked my laptop where liveupdate is working and those folders and files are not there either.

Under program files (86)\symantec\symantec endpoint protection\12.1.100.157.105 there are folders bin and bin64. The file lucatalog.exe is not there either

keithinoz's picture

Mithun

I found the Liveupdate proxy settings windows. The HTTP  and FTP are set to "I want to use my Windows Internet Options proxy settings (default)"

Mithun Sanghavi's picture

Hello,

Could you please let us know what version of Liveupdate are you installing?

Check the following Articles:

How to Uninstall and Reinstall LiveUpdate on SEPM 12.1 (Enterprise Edition or Small Business Edition)

http://www.symantec.com/docs/TECH171060

Windows LiveUpdate Client for Use with Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/docs/TECH181305

Secondly, since your client is Self Managed Client, we cannot configure proxy setting on SBE 12.1 self managed client as that option is Grayed out and it's working by design. We need to bypass the proxy on that machine or install managed client.

Check this Article:

Proxy configuration on SBE 12.1 Self managed client

http://www.symantec.com/docs/TECH195795

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

I am using the 3.3.0.96 version of lusetup.exe. I'll check out the TECH notes later.

keithinoz's picture

I have now downloaded 3.3.1.23 which I'll install later today.

keithinoz's picture

Have reinstalled liveupdate but have the same problem I outlined to Rafeeq

I followed the instructions and uninstalled and reinstalled Liveupdate. However when I try to register SEPM I found the folder program files\symantec is empty. There is no folder c:\program files\symantec\symantec endpoint protection manager\.  I did a global search of c: and can't find a file lucatalog.exe.

I checked my laptop where liveupdate is working and those folders and files are not there either.

Under program files (86)\symantec\symantec endpoint protection\12.1.100.157.105 there are folders bin and bin64. The file lucatalog.exe is not there either

Have attached screeenshots from explorer

keithinoz.jpg
Mithun Sanghavi's picture

Hello,

This is what I see in my Computer.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

My files/folders are the same. The problem is following step 8 in  http://www.symantec.com/docs/TECH171060. I don't have the required folder nor can I find lucatalog.exe. Can you locate it in your system?

As a minor issue where do I go to get the screen you posted on 13 Dec Symantec Endpoint Protection ?

8.   Register SEPM with LiveUpdate:
       A. Click Start, then Run.
       B. Type cmd, then click OK. This will bring up a command prompt.
       C.  At the command prompt type cd and the path to lucatalog.exe:
                     cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin       (Enterprise Edition)
                     cd C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin       (Enterprise Edition 64-bit)
                     cd C:\Program Files\Symantec\Symantec Protection Center\bin                 (Small Business Edition)
                     cd C:\Program Files (x86)\Symantec\Symantec Protection Center\bin                 (Small Business Edition 64-bit)
9.   Type lucatalog.exe -cleanup  When the command line path returns, cleanup is done.
10. Type lucatalog.exe -forcedupdate

Mithun Sanghavi's picture

Hello,

Exactly, you would not see the lucatalog.exe as Step 8 is for Symantec Endpoint Protection Manager and not for Symantec Endpoint Protection client.

In your case, since you have SEP SBE 12.1 Unmanaged Client and LiveUpdate is integrated with SEP 12.1 client you would have to uninstall the SEP client and reinstall it back again.

Secondly, since your client is Self Managed Client, we cannot configure proxy setting on SBE 12.1 self managed client as that option is Grayed out and it's working by design. We need to bypass the proxy on that machine or install managed client.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

That explains a lot. I hav ealready unistalled and reinstalled SEP 12.1 clinet a couple of time without success. How do I bypass the proxy?

In the meantime I have manually updated my virus definitions but how do I manually update the network and proactive threat definitions?

Mithun Sanghavi's picture

Hello,

You need to bypass the proxy on that machine or install managed client.

To bypass the proxy on the machine, you may need to contact the Network / Proxy Administrator

and tell them make sure the machine is bypassing proxy.

OR

You could also suggest him to create an Expection in the Proxy for your machine.

Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

http://www.symantec.com/docs/TECH162286

LiveUpdate connects via HTTP to the domains symantec.com, liveupdate.symantecliveupdate.com, and akamai.net

If a connection fails, LiveUpdate tries to connect to one of the other listed domains. The listed domains may change because of server maintenance.

If LiveUpdate cannot make an HTTP connection, LiveUpdate connects via FTP to update.symantec.com/opt/content/onramp.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Steven Kintakas's picture

Mithun,

If LiveUpdate cannot make an HTTP connection, LiveUpdate connects via FTP to update.symantec.com/opt/content/onramp.

Can you confirm this is still an active link? We have installed the most current release of LUA and it comes with this pre-populated as one of the fail-over sources. But LUA reports the testing of this connection as failed.

When I then take that url and place it in a web browser as such:
ftp://update.symantec.com/opt/content/onramp

it reports no such file or directory. Is this still a valid source as all evidence suggests it no longer exists.

“When it comes to enterprise software…you need to work within the product’s ‘strengths’.”

keithinoz's picture

It's good to see that someone else has a similar problem. I can't talk to Symantec directly as you can discover by reading the posts. If you manage to find eithe r a solution or someone to talk to can you keep me in the loupe

keithinoz's picture

I had a look at the tech sheet. It's all a little beyond my talents. I can't install a managed client or get any support from my university. The university extends its licence to all students but does not support any machines that are not university property. I have has their programs and updates for over 6 years

At present I am downloading virus definitions every few days and I have instaled a free anti malware program to handle the rest. It would appear I'll have to wait till the uni gets another version of SEM.

keithinoz's picture

Just as a matter of interest I have Norton Utilities 14.5.0.120 on the computer and smartupdate works fine.

Mithun Sanghavi's picture

Hello,

Norton Utilities 14.5.0. is not an Antivirus. It ...

  • Helps your old PC run like new.
  • Speeds PC startup.
  • Fixes common PC problems.
  • Repairs hard drive problems and frees up hard drive space

Secondly, I would not recommend installing any free anti malware (wonder why they are Free??)

Since this is your Personal Computer machine, I wonder why are you using Proxy on your machine?

How are you connected to the Internet?? Is that the University provided wifi internet / VPN?? 

In your case, since the university extends only its licence to all students, you should have a choice to install the correct Symantec Antivirus. Does the University provide Symantec Endpoint Protection Enterprise Edition??

Again, why not go for Norton Internet Security / Norton 360?? http://us.norton.com/downloads/

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

I connect to the net via a cable direct to a modem router which is connect to a phone line. The university supplies me with Symantec Enpoint Protection 12.1 RU! Win64-bit Client En.exe.

Mithun Sanghavi's picture

Hello,

Could you please provide me a screenshot of the SEP client installed on the machine?

Also, could you try opening these below websites from your Internet Explorer (IE)?

liveupdate.symantecliveupdate.com

Liveupdate.symantec.com

symantec.com

akamai.net

and 

Try pinging these websites from your command prompt.. to check the same..

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

I can access symantec.com. I can ping 23.62.63.139. The other 3 sites give me a "no IP address" error message.

No problem connecting to sites on my wireless laptop

keithinoz's picture

I tried the sites again. I can now connect to all except akamai.net using either IE8 or Firefox

I uninstalled SEP completely and still can't access akamai.net. Also, on my laptop where SEP works perfectly I can't access akamai.net.

I have reinstalled the program and updated the definitions manually.

Mithun Sanghavi's picture

Hello,

Could you try stopping and then disabling the "Windows Firewall" services from the services.msc

(Start >> Under "Search programs and files" box >> type - services.msc)

Secondly, could you check if you see any "Liveupdate" Application in the Control panel and Programs and Features??

Awaiting your answer..

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

I have stopped and disabled Windows Firewall. Liveupdate still wont run.

In control panel I have Symantec Liveupdate (32bit). Clicking on it offers me to run V3.3.1.23. When I run it I get the message "Liveupdare could not access its settings error 0x80004002

Mithun Sanghavi's picture

Hello,

Please Uninstall the Liveupdate Application from the Add/Remove Programs. (Do not install it again).

and then

Run a Repair of Symantec Endpoint Protection Client from Add/ Remove Programs.

Check this Article:

About LiveUpdate in Symantec Endpoint Protection version 12.1

http://www.symantec.com/connect/articles/about-liveupdate-symantec-endpoint-protection-version-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

keithinoz's picture

Did as you suggested. Problem remains the same. By the way I still have the Windows firewall turned off. Should I turn it on?

Mithun Sanghavi's picture

Hello,

Since you are using a self managed client and this software is from your university, I am not sure if you would be receiving a Technical Support on this software.

Could you please upload the lue.log again from the machine?

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ashish-Sharma's picture

HI,

I would suggest you can raised the support ticket..

Customer Support Assistance

http://www.symantec.com/support/assistance_care.jsp

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...

Thanks In Advance

Ashish Sharma

keithinoz's picture

Cannot use Symantec support as this is a self managed client from a university licence.

Attached is log.lue

Chetan Savade's picture

## Edit

Hi,

Try the following steps

Copy the the Settings.LiveUpdate file from the working machine & replace it on affected windows 7 machine.

Default location would be: C:\Users\All Users\Application data\Symantec\Liveupdate 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

keithinoz's picture

I don't have that file on either machine (see attachment). Secondly, how do I get permission (I am the sole user of this machine) to copy files to that folder?

Chetan Savade's picture

Hi,

You should create a support case with Symantec.

https://mysymantec.symantec.com

Check this video as well: http://www.symantec.com/tv/solutions/details.jsp?v...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

keithinoz's picture

Have a look at the correspondence with Ashish Sharma on 27 December and my reply. Do I qualify for support?

Chetan Savade's picture

Hi,

You can request university admin to raise a support case on behalf of you.

OR

If he could provide Symantec support id then you can also create a case with Symantec support.

I would suggest to create a web case. Symantec representative will call you at desired team.

Steps to create a web-case are here

https://mysymantec.symantec.com

Check this video as well: http://www.symantec.com/tv/solutions/details.jsp?v...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

keithinoz's picture

JUst an update I installed 12.1.2 but liveupdate still doesn't work.

Also note that there is more correspondence dated 24 or 25 Janaury towards the begiining of this discussion. Someone else has the same problem