Are talking about a client only? it maybe getting policies from a sepm, do you use sepm?

Are you using proxy? Because when you run LU manually it will use proxy settings from the user. When run in background as scheduled it will use proxy settings configured in Live Update Settings (in Control Panel) and for SEPM you need to configure proxy in Servers (Admin tab).

We do not use a proxy, and the clients are fine.  I'm talking about the server end.  Once I manually download the definitions on the server they push out to the clients just fine.  It just doesn't seem to automatically download on the server.

"C:\documents and Settings\all Users\application Data\symantec\liveUpdate\log.liveupdate" has the logging for the all the sessions that are run.

OK, I see the log... it says either the download succeeded or that the file is up to date... but the only way I get the definitions to actually update in the Virus Definitions Distribution is to manually launch live update.  Otherwise, it never changes there.  I've let it go for over a week and it never changes unless I do the live update manually.

In the SEP Manager

Is the live update policy enabled?

Is the live update policy assigned to the correct groups (where the clients are)?

For every LU session there is an entry logged and the one's that typically fail have "
failed with a return code of" followed by the return code. Start searching from the bottom of the file somewhere, So that it's more recent.

So the problem is scheduling? What do u mean by launching liveupdate manually? downloading the defs manually or by clicking liveupdate?

Sorry it took so long to reply... had to wade through all the posts.

Here's what my symantec endpoint says....

When I go to edit properties on Local Site, Liveupdate is set to run every 4 hours.  I haven't changed anything here, so it's all default.

When I look at the server log, there is absolutely nothing about Liveupdate ever running except when I do it myself.  I do that by clicking on Download Liveupdate Content from the Admin tab of the Symantec Endpoint Protection Manager Console.  When I do that, it show's that LUALL.EXE was executed and completed successfully.

Only when I do this does the Virus Definition Distribution on the Home page change to the newest files.  If I don't do that, the files never change to the newer one and the clients never update with newer definition files.

Like I said, I've left it for a week without doing anything and it never downloaded newer definitions, but when I tell it to download the content, it does.

Are you using a proxy?

1. Go to Admin tab -> Server Properties -> Proxy Server

Add the correct setting for using a proxy. 

2. Another thing you can test is to change Liveupdate to run continously.

3. You can change the policy for liveupdate for the clients to allow definition downloads directly for Symantec as well as the Management Server

We do not have a proxy.  I can try setting it to run continuously and see if that helps.  I don't exactly want to set the clients to get their updates from Symantec as I have about 1200 clients and don't want them all hitting my internet.

but will be about 2500 when all clients are migrated to SEP.

We currently have option 3 that I suggested to you enabled.

We do not see any impact in the Network traffic on the other hand our SEP server seems to be distributing the defs just fine.

I'm sure the clients would work if I set them to get their own updates, but I'd really like to use SEP to distribute the updates.

When I checked the log, I see this repeatedly....

2009, 15:55:06 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/sesm$20antivirus$20client$20win32_11.0.3001_portuguese_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\sesm$20antivirus$20client$20win32_11.0.3001_portuguese_livetri.zip" HR: 0x802A0026

4/6/2009, 15:55:06 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND

4/6/2009, 15:55:06 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0

4/6/2009, 15:55:06 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0

4/6/2009, 15:55:06 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/sesm$20antivirus$20client$20win32_11.0.3001_french_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"

4/6/2009, 15:55:06 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.

Not sure what that means.

Edit:  Nevermind... now that I look I see that it's for the other languages.

There is an entry for the english version that says the same thing....

4/5/2009, 8:11:40 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.69_english_livetri.zip

4/5/2009, 8:11:40 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0

4/5/2009, 8:11:40 GMT -> Progress Update: PRE_CONNECT: Proxy: "(null)" Agent: "Symantec LiveUpdate" AccessType: 0x1

4/5/2009, 8:11:40 GMT -> Progress Update: CONNECTED: Proxy: "(null)" Agent: "EwU5jJa+zBGQljhyU0nEKFAUWTYu2fYSQAAAAA" AccessType: 0x1

4/5/2009, 8:11:40 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.69_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"

4/5/2009, 8:11:40 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.

4/5/2009, 8:11:40 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.69_english_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.69_english_livetri.zip" HR: 0x802A0026

4/5/2009, 8:11:40 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND

4

I tried going to the link posted above and the file is not found. What version of LU and SEP are you using?

This is exactly what I am experiencing.  Please let me know if you find resolution.  Thanks

SAME ISSUE FACE HERE ANY UPDATE ON THIS.

Well, glad to know I'm not the only one having this issue.  Hopefully we can get an answer soon.

Just a follow-up, I tried going to the link posted above and the file is not found. What version of LU and SEP are you using?

The links posted were from the log on my server... I don't try to go to those links myself.

I'm running SEP 11.04, and whatever version on LU comes with it.  Looks like LU 3.3

Can you try liveupdate administrator Version: 2.2.1.13?

I've downloaded it, but it won't install.  I get an error:

1607: Unable to install InstallShield Scripting Runtime.

Please remove the old one, this version  works perfectly, have tried versio 3 though.

There is no old version to remove.

I mean remove remove v3 and instal 2.2.1.13.

ver 2.2.1.13 works fine for me.

Try the link below to reinstall runtime
http://consumerdocs.installshield.com/selfservice/...

Now I've really got a problem... that link didn't fix the runtime error, and I don't have any liveupdate on the server now because I uninstalled the 3.3 first.

Hi

Increase the Internet Time out

Still issue not resolve?

Hi michelle, have you installed 2.2.1.13 now?

It's installed... still not doing the updates automatically.  Checked the schedule and it's still set to run continuously.

http://i726.photobucket.com/albums/ww265/mmiller_photos/Liveupdate.gif

But if you manual update, it receives/installs the update?

Have tried installing liveupdate administrator?

You can also schedule updates using liveupdate administrator  or by using Windows Task Scheduler

http://service1.symantec.com/SUPPORT/ent-security....

I did install Live Update administrator because you told me to.

I can't run the liveupdate though because there is no executable... it's web interface so I can't do it in the Windows Task scheduler.

I've set the live update administrator to run every 15 minutes... so now I wait.

It ran, but is still not updating.

http://i726.photobucket.com/albums/ww265/mmiller_photos/schedule1.gif

http://i726.photobucket.com/albums/ww265/mmiller_photos/schedule2.gif

http://i726.photobucket.com/albums/ww265/mmiller_photos/Liveupdate.gif

Cant see the pictures mam, how about manual update? is it successful when you run manual update?

No, now liveupdate fails.  I used to be able to do them manually before I ininstalled the liveupdate that came with the SEP program, now I can't do an update at all.

Ok, please install liveupdate v3 again.. Can you check download and distribute of Liveupdate administrator activity monitor? You should have liveupdate v3 and liveupdate administrator installed.

Reinstalled it, manually ran the update through SEP, and it updates fine.  It's updating the clients now.

Good for you mam, is it receiving the updates automatically? I think we have to wait for tomorrow, right?

Yes, I'll check it tomorrow.

Looks like I'm back to square one.... there are new revisions to the definitions, but they are not being downloaded automatically.  Manually works fine.

That's bad, can you check and post full logs, the one run automatically and manual. Btw, what symantec products are installed in this computer? How about your windows is it updated?

Lets take a step back here:

1. LiveUpdate works fine and updates SEPM when run manually or if you click "Run LiveUpdate" in the console?
2. LiveUpdate fails to work when its scheduled via the SEPM

A couple of things to try:

1. Can you watch task manager and see if the LU processes launch at all at the right time (they are easy to spot)
2. Take a look in SesmLU.log and see if there are any errors relating to the scheduling
3. Does LU work if you click Start, Run and type "LUALL" then hit OK?
4. The missing files are normal, the first is a client update, the second is LiveUpdate checking for updates to itself - if there aren't any then it will respond in that way, the files you are interested in should have "sesm" in their description

I have same problem.

3. Start-Run-LUALL - updates OK.
2. when update from shedule in SesmLU.log exist error:
17 09, 05:18:25 INFO(Med) sesmVirDef32 SesmLu: http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ClientMoniker={C60DC234-65F9-4674-94AE-62158EFCA433}&FilePath=C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SESMVI~1\20090416.006&Language=SymAllLanguages&Product=SESM%20Virus%20Definitions%20Win32%20v11&SequenceNum=90416006&SequenceTag=CurDefs&ServerMoniker={7916E109-F6A1-4d5a-8F10-5D8CEFA18FDE}&SrcSequenceNum=&Version=MicroDefsB.CurDefs&action=UploadLuContent
17 09, 05:18:56 ERROR sesmVirDef32 SesmLu: InternetOpenUrl failed at .\SesmLu.cpp[1261]
17 09, 05:18:56 ERROR sesmVirDef32 SesmLu: Failed to notify SESM servlet of new LiveUpdate package. at .\SesmLu.cpp[1059]

and in Admin->Local Site->Show LiveUpdate Status exist message:
The process ConfigServerHandler.processLUContent can not lock the process status table. The process status has been locked by the server 799920C3C0A82AC800970551501025F1 (ConfigServerHandler.processLUContent)

I seem to have the exact same thing going on as DNikolay.  I ran luall and it ran fine.  I suppose I could just schedule that to run through the windows scheduler, but I'd like to find out why it's not working through sepm.

On a side note, I'm on vacation for a week so I will be continuing to work on this when I get back.

Has anyone tried this? http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1c20d369605a3d248825736f004fb402?OpenDocument

Especially the part about registering SEPM with Live Update.

You can use the Windows Schedule task for the shedule live update

I have  faced a same problem few months ago. i just reinstall the LU setup send by the tech guys of Symantec and the problem resolved.

anjan, michelle already reinstalled LU many times and still the problem occurs. Which goes back to my earlier post that symantec is having problems scheduling the updates, it looks like the system account is having problems.

Can you add a task on task scheduler to run the file

LUAdmin.exe /s   <---?

Check whether the Policy assigning is properly done or not??

or else you can try continuous liveupdate.

Hi michelle, did you try my earlier post? what is the update?

just increase your timeout setting in settings.liveupdate file & rerun liveupdate.

You can also increase the timeout value as discussed earlier.

Michelle has already increased the Timeout and she does not want to do schedule task as she wants to know the root cause.So no use suggesting the same thing again and again.

Steps to try

'Symantec Endpoint Protection Manager 11.x is not updating 32 or 64 bit virus definitions.' 
http://service1.symantec.com/SUPPORT/ent-security....

Add http://liveupdate.symantecliveupdate.com to trusted sites
Re-register LU with Lucatalog.
cmd

program files \SEPM\binn\lucatalog -update

Wait for the liveupdate to run per schedule and let us know the status.

Diag: When liveupdate ran manually it is running with Logged in user level priviledge and when ran as per schedule it will run via System account priviledge.
So liveupdate is failing on system account the psooible reason are System account not configured for proxy to pass or System account does not have enough priviledge to connect to internet
"InternetOpenUrl failed at .\SesmLu.cpp[1261]"

Using scheduled task in quite mode (/q)is a workaround for liveupdate to run quietly in logged in user's credentials than running on system account by default.

I no where see a logical approach why increasing timout period should the issue.

Though I would like you to open a symantec case for a timely resolution.

SAV, I am trying your suggestions now.

As I've said before, I could schedule it through the OS scheduler, but I'd prefer to use the product the way it was intended. 

Also, extending the time out will not work because it never even runs.

My account has full Administrative priveledges to the network, so I don't think it's a priveledge issue.

Hi michelle, I think what SAV is referring to is that SEP is using SYSTEM account to run a schedule of the live update. This scenario is the one having problems because the System Account  is having priviledge issues. That's why I was also suggesting from my last post to run update via scheduled task. I remember I encountered this problem before with SAV and the workaround is to really to run liveupdate via task scheduler. But if you insist not to use it, please create a Symantec Case Support.

Hi - I also want to know the solution without resorting to other Windows applications.

Michelle: Have you done what SAV-SEP said about the System account to be allowed connection to the internet?

This link describes that account:
http://support.microsoft.com/kb/120929

I've unblocked the website, or at least made sure it was unblocked.

My 'system' account is the domain administrator, so I don't think that would be a problem, would it?

I would prefer to not use the Windows applications because I'm just asking for the product to work correctly... is that unreasonable?  But I suppose if I have to, although I paid for the 'entire' product, I could resort to using something else to make it work.

By the way... it still doesn't work.

You are exactly right you shouldn't have to resort to anything else to have your product work like it is suppose to. You really should call in and make a case of this though. Most of standard things we could tell you over these forumns have already been tried so calling in and making a case seems like the next logical step. And if it isn't too much trouble it would be great if you could keep us updated since other people seem to have a similar problem. Thanks.

Grant-

Hi michelle, in my case before with SAV, I have proper permissions with the SYSTEM account, but still update doesn't work. The workaround is to really use task scheduler for the update this based from the Symantec Support site.

@Paul, did Symantec Technical Support tell you to do this? I did see one in the help pages to have a script if all else fails.

Thank you Grant.. I will give that a try and if I get a solution I will post it back here.

Hi mon, I didnt not open a case when I had this problem, I just searched the Symantec Support Website.

Paul

So you found a solution here without resorting to using the windows scheduler?

I've seen the website before. And all it says has been discussed/posted in this thread. One of the recommendations was to have a batch file to manually download the file into the folder. Paul's suggestion on using the windows scheduler was an improvement.

Hi michelle, I did not create a case since the workaround from Symantec Using Task Scheduler works. I created the task using my admin account.

But can you check below;

Give Full Control permission to the SYSTEM account

1. Start Windows Explorer, right-click the computer's root hard drive, and then click Properties.
2. Click the Security tab, and then click Add.
3. In the Select Users, Computers, or Groups dialog box, click the SYSTEM account, click Add, and then click OK.
4. Under Allow, click to select the Full Control check box, and then click OK.
5. Click the TEMP folder and then verify that the SYSTEM account has full control.

Verify the registry permissions

1. Click Start, click Run, then type Regedt32.
2. For each of the registry hives, follow these steps:
1. Select the hive.
2. For Windows XP, on the Edit menu, click Permissions.

For Windows 2000 and Windows NT 4, on the Security menu, click Permissions.
3. Verify that the SYSTEM account has been added and that it has Full control. If it does not, add the SYSTEM account with Full control.

Can you also check Liveupdate & And Symantec Event Manager's dependencies.. This would be RPC (Remote Procedure Call)?

try to uninstall and reinstall it
remove it from registry
then reinstall

i m manually updating my antivirus
it doesn't starts automatically
suggest any way

is ur pc on server?

seemed it's problem not with SEP, but with security rights, or default gateway settings.

btw, how you connect to internet?
is anything in your IE connections proxy tab?
do you use any firewall on your machine, and is any firewall server between you and internet?

if its client then it must be deployed reguarly the administrator of the server.

have U checked Ur intenet Explorer Setting ......

I think Internet Explorer has nothing to do with Symantec not updating.

Hi sujay, what version of SAV/SEP are you using?

Hi. Has this been resolved already? I'd like to know which specific procedure worked. :D

I've opened a support ticket with Symantec

Hi, michellemiller
Your problem may be for registration your LU by SEPM Server. So you need to re-register after reinstall it. For doing better, first uninstall you SEPM LU and delete The LU folders located in "c:\documents and settings\All users\Application Data\Symantec\LiveUpdate".

To register SEPM with LiveUpdate:

1. Click Start, then Run.
2. Type cmd, then click OK. This will bring up a command prompt.
3. At the command prompt type cd and the path to lucatalog.exe. By default the command would be:

cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin

4. Type lucatalog.exe -update

If this solution dose not  work I think you need to uninstall your SEPM and Reinstall It then doing Disaster Recovery without using Symantec Backup. I know that it isn't a good solution but in one of my similar cases I had to do this after mounts of symantec technical support trying. May be upgrading to the last SEPM built 11.0.4014.26 solve the problem.

When I go to edit properties on Local Site, Liveupdate is set to run every 4 hours. I haven't changed anything here, so it's all default.

When I look at the server log, there is absolutely nothing about Liveupdate ever running except when I do it myself. I do that by clicking on Download Liveupdate Content from the Admin tab of the Symantec Endpoint Protection Manager Console. When I do that, it show's that LUALL.EXE was executed and completed successfully.

Only when I do this does the Virus Definition Distribution on the Home page change to the newest files. If I don't do that, the files never change to the newer one and the clients never update with newer definition files.

Did anyone else find Paul Mapacpac solutions on this thread useless and irritating. Does Paul even work or has knowledge of Tech support? He asks a user to downgrade SAV because it has worked for him and then suggests using a Task scheduler.

Hi Newuser, I think you misunderstood my posts, I encountered the same problem with SAV. I am not recommending downgrade to SAV. We are using SEP and we are not having problems. Please understand the posts carefully. The workaround I used are from Symantec KB's which worked on my SAV liveupdate problem.

Well hi Newuser. I am sorry you didn't find any of Paul's answers to your liking. However I believe you are the one who is really causing the grief here. The problem is that you brought up a thread that is over 3 months old to comment and add absolutely nothing to the conversation. In the future we ask that you do not do this because it just adds to all the noise in the forums and makes it harder for people to actually seek the answers they need.

One a side note I recently suggested an idea to our ideas section about locking old threads. Newuser has provided the perfect example of exactly why we need to have threads locked after so many months. It has taken time out of both mine and Paul's day (and every person who clicked on this thread to read this). This time would better be spent answering questions. So if you feel the same as me please vote my answer up and also suggest a time limit you would like to see implemented. I originally suggested ~6 months but now I am leaning to an earlier date ; )

Here is the link https://www-secure.symantec.com/connect/idea/locki...

Grant-

ps The task scheduler was a great workaround in my opinion. Maybe not a perminate  solution, but I think it definitely helped michelle stay protected until her problem could looked at further.

Grant

Rather than complaining about my post, i suggest you find permanent fixes for issues that are still outstanding. Any support  technician will tell you this issue is not resolved and needs to stay open. If this is the level of support you provide, god help people buying your product.

quote:

michellemiller