Endpoint Protection

We recent moved SEPM 12.1.3001.165 from the C drive to the D drive on our Windows Server 2008 R2 Standard. Everything looked fine with the exception of the LiveUpdates not being reflected on the SEPM, and therefore not being pushed out to client workstations.

Our Server is communicating with Symantec and receiving the LiveUpdates:

However, these are not showing up in SEPM:

Any ideas or suggestions as to what the problem may  be? Let me know if there are any further details that can be provided.

Thank you.

it might have tried to update and failed. The screen shot from SEPM shows the last AV download was on September. You can try these two steps

1. Clear all the corrup defs and run Lucatalog cleanup

http://www.symantec.com/business/support/index?page=content&id=TECH166923

2. Uninstall / reinstall LU

http://www.symantec.com/business/support/index?page=content&id=TECH171060

if it fails post the Liveudpate log

http://www.symantec.com/business/support/index?page=content&id=TECH171060

I'd recommend reviewing the below article on troubleshooting LiveUpdates on the SEPM:

http://www.symantec.com/docs/TECH105924

I've always found it very useful in troubleshooting such issues.  I do have a couple of questions though:

• How did you do perform the move?
• The screenie of the folder contents appears to be a LiveUpdate Administrator folder rather than the SEPM's own LiveUpdate Client folder.  Can you confirm if the LUA is installed on this box as well?

IF LUA is on this box, then the first recommendation is to investigate removing it, as Symantec recommend against having them both on the same box:

http://www.symantec.com/docs/TECH93409

Also, just because the LUA is downloading correctly, doesn't necessarily mean that it is distributing correctly, nor that the SEPM is connecting correctly to the LUA's distribution Centre.

My first port of call would be to review the SEPM's source servers (under ADMIN -> Servers -> highlight Local Site -> click Edit Site Properties -> Liveupdate tab -> Source Servers), and point this at the Default Symantec LiveUpdate servers, if not already there.  Then try another update, and have a look at the log.liveupdate and sesmlu.log files for errors shoudl this continue to fail (locations for these files are in first article link).

reposted as reply

Hi SMLatCST,

How did you do perform the move?

https://www-secure.symantec.com/connect/forums/out-disk-space-sepm-move-sepm-another-drive

Steps:

(1)  Use the Symantec Endpoint Protection “Database Back Up and Restore” utility to take a backup of the SEPM environment including the Log Files. This will do a couple of things:

a. Create a backup of the database which will be stored at C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup\*.zip

b. Create 2 backup files that contain the Private Key for the server.  These files will be labeled “keystore_’date & version of backup here’.jks” and “server_’date & version of backup here’.xml”.  These files will be located at C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup\

(2 )  All of these files should be copied to a location that is easily accessible at a later time.

(3)  Uninstall Symantec Endpoint Protection Manager from the Server.

(4)  Restart the server.

(5)  Install the Symantec Endpoint Protection Manager on the desired Drive, using the same installation media version that you just uninstalled from the C: Drive.

(6)  When the Configuration Wizard launches at the end of the Installation, accept most of the standard settings. If your old installation used a SQL DB, make sure that you configure the DB setting to connect to the original database.  This will of course remove your old configuration from the DB, but that’s why we have a back-up.

(7)  Copy the database backup file to <Install Drive>:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\backup\.

(8)  Stop the Service titled “Symantec Endpoint Protection Manager”

(10)  Launch the “Database Back Up and Restore” utility, except this time select “restore” from the main menu; when asked which version to restore, select the one that was just copied to the new SEPM installation path.

(11) Once the restore is complete rename and copy the 2 key backup files to :

“server_’date & version of backup here’.xml” – <Install Drive>:\Program Files\Symantec\ Symantec Endpoint Protection Manager\tomcat\conf\server.xml

“keystore_’date & version of backup here’.jks” – <Install Drive>:\Program Files\Symantec\ Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks

(12)  Run the “Management Server Configuration Wizard” to ‘Reconfigure’ the database, making sure to point it to the same database as was used previously.

(13)  After the reconfiguration is complete, the SEPM Console will launch automatically. You should now be able to log in as you have always done using your security accounts. The Console should indicate that it is communicating and managing the clients that were being managed prior to the SEPM Move.

The screenie of the folder contents appears to be a LiveUpdate Administrator folder rather than the SEPM's own LiveUpdate Client folder.  Can you confirm if the LUA is installed on this box as well?

There are LiveUpdate folders located here:

C:\Users\All Users\Symantec\LiveUpdate

C:\ProgramData\Symantec\LiveUpdate

Thank you Rafeeq!

I will try your suggestions.

Reposted as reply

Hi

What is the database you are using

Regards

lol, just saying DR method would have been fine 

In that case, I'd highly recommend you follow the first link I posted, as this is pretty good for troubleshooting SEPM Updates.

The crucial bits to pay attention to will be reviewing the log.liveupdate and sesmlu.log files for errors.

Embedded

One thing I noticed was on the Local Site, the Creation Time is listed as July 18, 2013. The reinstall was executed on September 18, 2013. Shouldn't the date be September 18, 2013? And if so why would it be pointing to the older date?

Hi

Can you check in Server.xml whether there are two sites mentioned

Regards

Where would the Server XML be located?

Hi,

Agreed with Sameer.

You didn't mention if you're using Embedded or SQL Database which is very important in order to orient you efficiently where you should look at and how to fix it.

If it's SQL Database, have a look on the scm.server-0.log you may find obvious error related to SQL Db (fg_content group file full for example. Very common that one).

Edit: Nvm I wasn't able to see the previous screenshot. Embedded ok ;)

Kind regards,

A. Wesker