Endpoint Protection

 View Only
  • 1.  Liveupdate no longer running on clients

    Posted May 25, 2016 07:58 AM

    We have a number of clients (~1-2% of total clients) which are no longer running Liveupdate.

    The lue.log file shows no recent activity, and attempting to run (via psexec) a LU session using sepliveupdate.exe results in the following error:

    C:\Program Files\Symantec\Symantec Endpoint Protection>sepliveupdate
    The SepLiveUpdate session encountered an error: failure initializing IPC TIM impl, the error code is: 80040300.

    This does not generate any new log entries in lue.log, so the issue appears to be invoking Liveupdate itself, rather than any issue with connectivity or definitions.

    Is there a known solution to this issue?



  • 2.  RE: Liveupdate no longer running on clients

    Posted May 25, 2016 11:16 AM

    What's the SEP version?

    Run the symdia tool o one of the affected clients to see what it shows:

    Download SymDiag to detect Symantec product issues



  • 3.  RE: Liveupdate no longer running on clients

    Posted May 25, 2016 11:32 AM

    did you check the system log of that particular SEP client ? are there any visible errors ? did you try to re install as its just 2 clients which is affected.



  • 4.  RE: Liveupdate no longer running on clients

    Posted May 26, 2016 05:02 AM

    SEP version is 12.1 RU4.

    Will run symdiag.

    Praveen - it's 1-2% of clients, which means several hundred clients for us.



  • 5.  RE: Liveupdate no longer running on clients

    Posted May 26, 2016 05:11 AM

    opps my bad. what is your client system log is telling ?



  • 6.  RE: Liveupdate no longer running on clients

    Posted May 26, 2016 08:04 AM

    The only thing I see in the system log which is not normal is an occasional SONAR definitions error - but no errors logged for failed LU attempts.

     

    Symhelp shows nothing scary - just a couple of warnings about not being on the latest version, and pending reboot, and the fact that we don't have some of the AV subcomponents installed (e.g. Outlook plugin), etc.

    There's certainly nothing being reported in the main symhelp diagnosis which differs from any healthy systems we have.

     

    It seems to me that there's a corruption of sorts in the LiveUpdate engine, and it can't run, but it's not being captured in logs (bar the failure to create log entries which might indicate the source of the problem).

     

    Are there any files or registry keys which can be 'reset' to cause LU to go back to defaults?



  • 7.  RE: Liveupdate no longer running on clients

    Posted May 26, 2016 08:45 AM

    for SEP 11 there was tool Rx4defs that is not longer available for SEP 12.1. Symantec says the intelligent updater is intelligent enough to fix the registry & dlls. but I  have never has a success with intelligent updater in fixing the corrupt clients. I simply cleanwipe them and re install a new client.

     

    you can also try running a repair install from MSI file locally which can sometimes fix the corrupt client/definitions in a client.