Endpoint Protection

Download schedule is failing since 15 days in LiveUpdate Administrator.

Download status of files is showing "Corrupt".

Log shows :

2010-09-28 11:08:09,017 [pool-3-thread-30] INFO  com.symantec.lua.util.rcl.HttpHelper  - Successfully downlowded file (url): http://liveupdate.symantecliveupdate.com:80/1284687882jtun_nav2k8enn04m25.m25
2010-09-28 11:08:09,017 [pool-3-thread-30] INFO  com.symantec.lua.util.rcl.HttpHelper  - Released connection for HTTP Get Method
2010-09-28 11:08:09,095 [pool-3-thread-30] ERROR com.symantec.lua.handler.download.ValidateDownloadHelper  - Package is not trusted, its calculated GRD is not the same as GRD from fileC:\TempDownload\Downloads\1285651627838\1\1284687882jtun_nav2k8enn04m25.m25
 

I have tried following things:

1. Cleaned Downloads folder under Document and Settings
2. Cleared TempDownload
3. Installed and Configured LiveUpdate Administrator on fresh machine. Still same Problem ! 
4. Uninstalled AV on LiveUpdate Server, thinking of that it may be interfering.

This is only affecting Virus Definitions. Rest of the content is getting downloaded and distributed successfully.

What could be the problem ?

Attachment(s)

LUA.docx   25 KB 1 version

Do you have a proxy /firewall between Server and Internet ?If yes bypass it and try...

If not possible do as test as per this KB

How to determine whether your firewall is blocking LiveUpdate

I have a Hardware Firewall but no proxy.

Also there is no update in Firewall. This setup has been working since 2 years.

I had already tried livetri.zip, it comes fine.

I will try to Isolate everything that comes between server and Internet. Let me try with another ISP. I will update accordingly.

But again why only Virus Definition files ? Rest of them download fine.

Sometimes firewall and proxy will cause virus def corruption.All symatec updates are digitally signed.After downloading if the certificate is not matching the product will reject it.In your case you even reinstalled.(You are remove all related folders before installing it again back,Am I right? )

Corrupted files in the LiveUpdate downloads folder

Later versions of LiveUpdate support download resumption. If the download is resumed and the file that was initially downloaded was corrupted, then LiveUpdate will not install the file and may generate the message. To fix this, delete all files in the "...\All Users\ApplicationData\Symantec\LiveUpdate\Downloads" folder. Do not delete the Downloads folder itself.

More Info refer these KB's for corrupt files

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101012361148

http://www.symantec.com/business/support/index?page=content&id=TECH131177&locale=en_US

When I reinstalled on same server, I cleaned those folder. But it didn't work.

That is why I installed on a brand new machine. Still same problem.

One thing - I only added "Virus Definitions" in download schedule. I don't think that should be a problem.

Still some of the files in Virus Definitions get downloaded for the first time.

The GRD settings some issues with GRD file and maximum size

ERROR com.symantec.lua.handler.download.ValidateDownloadHelper  - Package is not trusted, its calculated GRD is not the same as GRD

ftp://ftp.symantec.com/public/english_us_canada/liveupdate/luadmin.pdf

Refer the the guide under that Understanding corporate mode settings( page number 71)

Understanding corporate mode settings

When LiveUpdate 1.6 or later is installed on a computer that meets either of the

following criteria, it activates a condition called corporate mode:

¡ A custom host file (Liveupdt.hst) is detected on the computer in the

LiveUpdate program files location.

71 Working with LiveUpdate clients

Adding or changing LiveUpdate client computers

¡ A LAN HAL (S32luhl1.dll) exists from a version of LiveUpdate earlier than

1.6 in the LiveUpdate program files location.

While in corporate mode, LiveUpdate behavior changes in the following ways:

¡ It does not attempt to use the URL= line in the TRI file to download a file.

This prevents LiveUpdate from attempting to go through the firewall when

it is downloading. You can modify this setting by changing the

CORPORATE_ALLOWED_URL_HOSTS setting in the Settings.LiveUpdate

file. For example:

CORPORATE_ALLOWED_URL_HOSTS=HTTP

¡ LiveUpdate does not continue trying to connect to Symantec hosts if the

internal entries fail. To change this behavior and allow access to all hosts

(for example, during server failure), you may add the following setting to the

Settings.LiveUpdate file:

ALL TRANSPORTS AVAILABLE=YES

With this value in place, LiveUpdate continues to attempt a connection to

the first host entries, but if the connection fails, it uses an Internet

connection to connect to Symantec servers. This is useful for environments

in which the corporate LiveUpdate server is not always available.

Clients are able to connect to liveupdate server and download other updates except AntiVirus Definitions.

Let of the modules are getting perfectly downloaded and updated.

The problem is with LiveUpdate server corrupting Antivirus definitions files.

Something is wrong with LiveUpdate Server.

Which is the version of LUA?

Which is the version of java you installed?

LiveUpdate Administrator 2.2.2.9

Java Version JRE 6 Update 21 (Latest)

I also tried with JRE 6 Update 15.

Any other version I can try ?

The version looks ok.

Can you install the LUA by using another copy of the software and try..

You can download it from here.

I installed LUA from two different sources.

On fresh machine I installed LUA from the DVD (ISO) of SEPM Release 6 MP1 itself. Still it behaves same.

I have now installed LiveUpdate Server 2.2.2.9 on a different laptop.

Temporarily, Using a direct ISP connection on server I am now able to download AntiVirus Definition updates.

But what is wrong with my original ISP line, i need to debug that in more details. Currently log does not give enough info.

Nothing has changed in our internet setup. And why only Antivirus definition updates are failing. Rest of the updates are working fine.

Can you check whether any new rule has been places in your firewall or done any configuration changes recently?

@dsharma.tech , Do you use a Corporate Proxy Server Or you Access ISP Proxy Server directly . Also in your download updates task ,there is an option to select test type .It can be must test Or Skip test . I am using skip test and it works fine for me .What is your setting .

Another simple way is  to remove Symantec Endpoint Protection Product from the Configure Tab .Update Product catalog and than Add the Product again .

Even on different ISP and setup it gave "Corrupt" error for one file.

Although on retry all updates got downloaded successfully. I didn't even clean any folders.

I have direct static ip assigned. No proxy is involved. Test type is skip test. I added symantec endpoint protection after updating catalog.

I did see one corrupt file on different ISP line also. Although only a single file, which got downloaded on retry.

I need to enable more debug info.

LiveUpdate Administrator 2.2 Performance Tuning

LiveUpdate Administrator 2.2: What product selections are needed for specific versions of Symantec Endpoint Protection

Hi Dsharma,

Are all of the files ".m25" files?  Are any other files also showing up as corrupt?

Was thsi a brand-new installation of LUA 2.2?  (That is, di dthe downlaods ever succeed?  Or have the .m25's always failed since the LUA server was installed?)

I have seen a similar issue in the past- answering those 2 questions will let me know if this is the same situation.

>Although on retry all updates got downloaded successfully. I didn't even clean any folders.
 

So, the .m25's were later able to successfully download and be processed?  How often do these errors occur-?  And is it always for the exact same file-?

Thanks and best regards,

Mick

Even with Brand new installation on fresh machine lot of .m25 files fail.

On another LiveUpdate Administrator installation when connected on a different ISP line all updates download successfully. Even on this installation 1 file failed to download out of 2 GB of downloads ("Corrupt"). But on retry it came fine.

So I can say that on different ISP line it is a lot stable. But that "Corrupt" problem can come anytime. I need a way to better troubleshoot it or to know reason why exactly it got corrupted.

Even on my regular ISP line the same server was working fine since 2 years and there is no change in ISP lines or firewalls or routers.

I've got the same problem with LUA 2.2.2.9.

Also, when I try to Update Symantec Product Catalog, it shown "Failed to refresh Symantec Product Catalog"

After Remove and Re-install LUA, it work again.

Adding link to this thread for the benefit of any other community members who encounter this issue:

Intermittent "Package is not trusted" errors for various product update files during LUA download phase (http://www.symantec.com/docs/TECH141217)

Thanks and best regards,

Mick

I've got a similar problem as well.  We're getting "Corrupt" downloads, and every download attempt fails.

For a work-around, I schedule 5 downloads at 1 hour intravals leading up to the distribution.  At least we usually get our virus pattern updates.

I've got a case open with Symantec, and have taken LOTS of Wireshark traces.  Something I've found have been frequent "404 Not Found" errors while using http downloads, and when using ftp, getting repeated "421 - ftp service not available errors."

No proxy, have tried going through our PIX, which we've found is NOT blocking any packets, as well as going around the PIX, using a Cisco 831 and NAT with no filtering.  Have tried a completely new system, as well as using completely different hardware (a VM not running on identical HW as the physical systems.)

Mark

Hi Mark

Can you let me know the case number by Private Message, please?  I will have a quick look at the logs submitted.

Here is an important tuning change that you can make- it has been successful in several otehr servers:

The parameters in the file C:\Program Files\Symantec\LiveUpdate Administrator\tomcat\webapps\lua\WEB-INF\classes\lua_static.properties be changed in order to, for instance, resolve timeout issues that arise from slow connections.

The "max.segmented.pool.size" line controls the thread pool that is used to download updates.  If it is set to 40, then LUA will attempt to download 40 files simultaneously.  Given that our average update size is in MBs, this results in most of the download threads running for over a span of several minutes (15-20 minutes) even on a good bandwidth connection.  Reducing that value to a lower value like 3, 5, or 10 may improve performance (intact files downloaded completely before LUA attempts to begins another).

Please restart Tomcat after making any change to lua_static.properties. 

Thanks for the help!

I set the "lua_static.properties" "max.segmented.pool.size" to 3 from the default 40, and while the download still failed, it used to fail at about 20%-25%.  Now it's failing at 83%, so it seems to be getting farther.

So my guess is that this fixes a part of the problem, though not the whole problem.

Thanks again!

Mark

Cheers Mark - I am examining the logs from your server now. 

Thanks again,

Mick

Hi Mark,

I've been working with the case owner on this issue and on your case.  there should be improvement in the forthcoming new release of LUA which will be out soon.

In the meantime: the logs show that most of the files which failed to download were SEP for Mac files.  You might currently be downlaoding twice as many of these as you need to: I recommend that you cut the burden that is being placed on the network (and on LUA) in half.  That, along with the tuning, should go a long way.

At present the server is downloading both "Symantec Endpoint Protection for Mac Virus Defs" (the version used by RU6 and RU6 MP1 SEP for Mac clients) and "Symantec Endpoint Protection for Mac Virus Defs V2" (the new release that RU6 MP2 needs.)  If all the SEP for Mac clients in your organization are using the new, recommended RU6 MP2 release, configure LUA to stop downloading the older "Symantec Endpoint Protection for Mac Virus Defs."  

More info on the change can be found in Symantec Endpoint Protection for Macintosh Fails to Update from LUA 2.x Server after Upgrade to RU6 MP2 (http://www.symantec.com/docs/TECH147469 )

I have passed some additional observations and recommendations on to the case owner: they should be in touch soon!

With best regards,

Mick

Thanks again for all your help.

The last I heard from the case-worker, he had me remove the 2.2.2.9 version of LUA and install an older version (1.5.7) which, wouldn't download updates for SEP.  I haven't heard anything since then, so I reinstalled 2.2.2.9, making the Tomcat change that you suggested.

I tried making the changes that you suggested, removing all download and distribution of the MAC product (we don't use it anyway), but I must have been doing something wrong.  I was getting errors on the home page regarding the coverage, even though I carefully matched the product and option selections in the download, distribution, and original selection configurations.

Anyway, I guess I'll just wait for the new version of LUA.

Thanks again!

Mark