Endpoint Protection

SEPM connects to symantec live update server every 4 hours to check if a new definition is available and symantec normally releases 3 sets of definition on a daily basis with approximate time interval of 8 hours.

how are these 4 SEPMs connected ? are they replicating or do all of the connect to single DB ?

troubleshooting depends on at what level the live update fails and also based on the error code.

JDB is used to update the SEPM manually.

SEPM will go out to LU to get updates based on whatever schedule you set. Are they replicating or what's the setup? Jdb js used to manually update SEPM, say if you don't have direct internet access.

All SEPM servers are connected to one database.

Then one SEPM can/Will download definition from symantec live update server and process it and upload it to the database. from the DB all the other three SEPM will download a local copy to itself so that it can serve the clients that are request for updates.

Out of 4 SEPM Servers Which SEPM Server will download the definition.

So setup for failover/load balancing?

If so, one SEPM will download from LU and distribute accordingly.

it is hard to tell, but if you have proxy servers and have it enabled in only one SEPM. then only that SEPM will download the definitions and share it with other SEPM, same case applies if you have only one server which is internet facing. but if all four SEPM has internet connection, any SEPM can go online and download the definition and share it with themselves.

You can set one SEPM to download only and turn LU for the rest. It's all done within the settings.

If proxy unable on all SEPM servers then what happens. If at a time all four SEPM server goes toward LU as per policy then who will take update. Is there chances of communication error due to which live update fails. Or any mechanism available to select priority for SEPM Server communicate with LU.

Then you would need to manually update with the JDB or use a LUA.

Once the first SEPM get its update, the backend DB will also reflect this so the other SEPMs cannot then update the content since there is nothing to update.

There could be a comm error but it will just try again at a later time.

Hello,

The mechanism is simple: each SEPM will try to get the definitions from our LiveUpdate servers, the first which is able to get the new content locks down the database so that the others SEPMs won't run the same task at the same time. When one SEPM completes the update by pushing the new files in the DB, the others will pull the same files from the DB for deployment to their clients.

No priority control as far as I know.

LiveUpdate issues are usually due networking issues, ensure your proxy/firewall allows LiveUpdate traffic:

https://support.symantec.com/en_US/article.TECH102059.html

 

Hi,

Thank you for posting your query on Symantec community.

Q. How SEPM takes update using LIVE UPDATE Mechanism?

--> It uses liveupdate schedule time to trigger liveupdate session.

Q.We having 4 SEPM server and 1 database then what is the process of updating all SEPM servers?

--> When multiple SEPMs exist in the same site any SEPM server can randomly run the LiveUpdate download.  Once the selected SEPM server starts the task, the other SEPM servers will skip the download.

However you can control which SEPM should go to liveupdate server as well.

When the value “scm.server.liveupdate.disabled=1” is added to the file and saved, the LiveUpdate function will be skipped at current SEPM server.  You should add this value to each SEPM server's conf.properties file that you wish to limit or disable running of LiveUpdate process.  This gives you control over which SEPMs will randomly be selected to run LiveUpdate.  To bypass the randomization you should add the value to all but one of the SEPMs in the site that you desire to run the LiveUpdate process

Q. What are the troubleshooting steps if Live update fails?

--> There is a flowchart to follow.

Refer this: Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

http://www.symantec.com/docs/TECH95790

Q. What is .jdb file?

--> When the SEPM cannot access either the internet or a LiveUpdate Administrator (LUA) server it needs to be updated manually. .JDB file does that job. 

Hope it helps.

 

Thanks Chetan,

Your reply clear all the paths which are blocked with question mark...

You are always welcome.