Video Screencast Help

LIVEUPDATE

Created: 23 Jan 2014 • Updated: 23 Jan 2014 | 19 comments

 I am running SEPM 12.1 version on a Server 2008 R2 platform. We have both XP and Windows 7 platforms clients.  

Recently, the SEPM has stopped updating.  The client machines have also stopped receiving updates from the SEPM.  Proxy setting are correct and there is connection to the sePM Server.  

I have tried all the solutions placed on these forums and your website. I have reinstalled the Liveupate, run the Lucatalog -cleanup and -update, but thus far nothing has worked.  I keep getting the error - Liveupdate encountered one or more errors. Return code = 4.

Please helps as we have nearly 170 machines, and we have to update them manually as this is the only way to do right now.

Operating Systems:

Comments 19 CommentsJump to latest comment

James007's picture

Are you using proxy ?

"Error: LiveUpdate encountered one or more errors. Return code = 4" in LiveUpdate status in Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH103112

see this thread also

https://www-secure.symantec.com/connect/forums/sepm-not-able-download-latest-definition-symantec-site

.Brian's picture

Post the log.liveupdate file from the SEPM here for review.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Sumit G's picture

try to run the live update manually if any error display then post it

Restart the live update service from services.msc

Run the live update manually.

also check the attach symantec article step to to sort the problem

http://service1.symantec.com/SUPPORT/ent-security....

Thread for similar errorcode 

https://www-secure.symantec.com/connect/forums/err...

 

Regards

Sumit G.

SameerU's picture

Hi

What is the database you are using ?

Regards

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

No need to update 170 clients manually.

A *.jdb file can be used to update the virus definitions for SEPM. The updated SEPM will then begin to supply the updated definitions to the managed Symantec Endpoint Protection (SEP) clients that are configured to receive content from that SEPM

Refer this article: How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file

http://www.symantec.com/docs/TECH102607

To fix issue permanantly try the following steps:

1) SesmLu.log can provide fruitful information.The SesmLu.log contains data that is recorded when LiveUpdate runs on the SEPM for any reason.

File Location:  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\Logs\SesmLu.log

Every time Liveupdate runs it outputs what it is doing to the Log.Liveupdate.

File Location: C:\Documents and Settings\All Users\Application Data\Symantec\Liveupdate\Log.Liveupdate

2) Repair the SEPM using downloaded setup files.

3) What's the error message while initiating manual downoad. Start --> Run --> Luall.exe

Liveupdate log can provide fruitful information.

4) Clear the SEPM definitions and download it agian.

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

http://www.symantec.com/docs/TECH166923

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

tjoyeux's picture

Thanks Chetan.  This solution worked to update the SEPM remarkably...but I do not want to run this every single day.

 

IS there any other solution to the problem of the SEPM not updating via Live update or LUALL.EXE???

 

 

Chetan Savade's picture

Hi,

Thanks for the update.

It might have happened SEPM definitions were corrupted  & those are fixed by applying manual.JDB files.

Now monitor next liveupdate schedule, liveupdate should complete successfully.

 

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

tjoyeux's picture

HI Cheetan,

 

Liveupdate is still not completing successfully.  I am at my wits end.   Any other suggestions???

 

.Brian's picture

Have you tried re-installing and re-registering LU on the SEPM?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Thanks for the udpate.

Make sure firewall allows the LiveUpdate executable to connect to the Internet through the correct ports and that the firewall allows connections to the correct domain

Refer the following article to verify it:

How to determine whether your firewall is blocking LiveUpdate

http://www.symantec.com/docs/TECH139451

This article also can be helpful to verify the settings:

https://www-secure.symantec.com/connect/articles/how-configure-proxy-settings-symantec-endpoint-protection-manager-sepm-121

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

James007's picture

Can you reinstall Live update

How to Uninstall and Reinstall LiveUpdate on SEPM 12.1 (Enterprise Edition or Small Business Edition)

 

Article:TECH171060 | Created: 2011-10-04 | Updated: 2013-01-02 | Article URL http://www.symantec.com/docs/TECH171060

 

http://www.symantec.com/business/support/index?page=content&id=TECH171060

See this thread

http://www.symantec.com/connect/forums/liveupdate-encountered-one-or-more-errors-return-code-4-2

tjoyeux's picture

When I run Liveupdate these are the results of the log

 

anuary 28, 2014 12:55:26 PM BOT:  System client-server activity logs have been swept.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 12:52:41 PM BOT:  LiveUpdate failed.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 12:52:41 PM BOT:  LUALL.EXE finished running.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 12:52:41 PM BOT:  LiveUpdate encountered one or more errors. Return code = 4.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 12:52:40 PM BOT:  LUALL.EXE has been launched.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 12:52:30 PM BOT:  Download started.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 12:18:50 PM BOT:  Unexpected server error.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 11:52:47 AM BOT:  Transaction log truncation succeeded and finished.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 11:52:46 AM BOT:  Transaction log truncation started.  [Site: Site Server5]  [Server: Server5]
January 28, 2014 10:57:47 AM BOT:  Retry timestamp is over the maximum retry window, switching to regular schedule run.  [Site: Site Server5]  [Server: Server5]
tjoyeux's picture

I have tried registering and reinstalling LU.  Still same errors!

 

 

Rafeeq's picture

Error 4 is most of the times proxy issues. Have you set the right proxy info under sepm-admin- local site, expand it , you will find your server name, right click and edit, fill in the right info.

If it still fails then check what proxy settings are in registry

on win 2008,

cmd> netsh winhttp show proxy

on win 2003

cmd> proxycfg

please verify if these are correct

tjoyeux's picture

Hey I'm back on this again.

My work collegue uninstalled and reinstalled Liveupdate and it work that time.  

Now, the same problem is back once again.  My last update on the client machines are Feb 21, 2014.  And I noticed that only the XP machines are not updating.

Also now the manager is giving the same error and not updating the latest virus definitions.

 

HELPPPPP!!

.Brian's picture

Can you enable sylink logging on an affected client and let it run for a bit. Post the log here:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

What Database are you using ?

Open all firewall Ports between SEPM to Symantec server.

Chetan Savade's picture

Did you repair the SEPM? If possible reboot the SEPM installed machine as well.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<