Video Screencast Help

Location Awareness Policy

Created: 21 Oct 2013 • Updated: 29 Oct 2013 | 23 comments
This issue has been solved. See solution.

Hi All,

i created locatioon awareness policy for updating liveupdate definitions from internet when system is not in network. During testing we found that system can able to switch to the location defined, but doubt is whether user should manually launch liveupdate or it will automatically update.

i scheduled liveupdate as contnious in that policy. please clarify

Operating Systems:

Comments 23 CommentsJump to latest comment

.Brian's picture

Yes, it will connect automatically than and update. No need to launch manually.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Srikanth_Subra's picture

how much it will take i connected data card in testing laptop and waited for 10 minutes. but not updated..why

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

James007's picture

Check this articles and check your configuration

How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

 

Article:TECH104571 | Created: 2008-01-02 | Updated: 2010-08-13 | Article URL http://www.symantec.com/docs/TECH104571

 

Srikanth_Subra's picture

Hi,

i already read that article, but i cant get what to set the time foe scheduling the live update

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

pete_4u2002's picture

there is setting in case of conflict it will be default location.

can you check if the new location is in plce when moved from network?

 

Srikanth_Subra's picture

Hi Pete,

Yes system can able to change location. but live update only is not happening..i ket the data card for 10 mins ling..but not updated..thats why i changed schedule as continous but not updated..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

SMLatCST's picture

Can you look in or post the log.lue file (assuming a 12.1 client) for evidence of if the machine is trying to run a LU session while in the "outside" location.  The log.lue file location is in the belwo article:

http://www.symantec.com/docs/TECH168602

Srikanth_Subra's picture

Hi,

Please find the log file

AttachmentSize
log.zip 2.64 KB

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

.Brian's picture

What version are you on?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Srikanth_Subra's picture

Iam using 12.1 RU4 beta version for testing. if it worked out fine then i will deploy in my peoduction environment

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

SMLatCST's picture

There are separate forums for discussing issues with products still in beta testing.

In analysis though, the log indicates the first two LU attempts were cancelled:

"Received cancellation request at 2013/10/19 10:54:08.372
 Received cancellation request at 2013/10/19 11:40:52.081"

While the third attempt fails to detect the proxy server: 10.121.2.192:8080 and fails with a "WinHttp error: 12030".  This apparently means:

"The connection with the server has been reset or terminated, or an incompatible SSL protocol was encountered. For example, WinHTTP version 5.1 does not support SSL2 unless the client specifically enables it."

http://msdn.microsoft.com/en-us/library/windows/desktop/aa383770(v=vs.85).aspx

Hopefully, this should point you in the right direction, but I think you're meant to raise this on the beta forums rather than here.  It is generally not recommended that you go into production with a beta version of the software.

Srikanth_Subra's picture

Hi,

Thanks iam not going for beta for production server. im justing doing testing only thats why i asked.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

So one thing is whatever may be the time we scheduled, how symantec will know at which we should update definitions if it is not connected to management server?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

pete_4u2002's picture

its based on heartbeat and the LU policy configured, the SEP client will connect to source to requestthe download.

if SEPM is not avilable and it's the only source, till the client communicate to SEPM the content won't be downloaded.

Srikanth_Subra's picture

Hi,

As i mentioned i want my clients to download content from internet when it is not able to connect to SEPM. Is there any best practice to configure the heart beat interval and live update schedule

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Avkash K's picture

Hi Srikant,

Please check whether you have removed proxy connection setting from liveupdate policy when you are connecting through data card.

Regards,

Avkash K

Avkash K's picture

plz check below setting for location switch.

mng location.jpg

And for this WAN location specific setting check and confirm that you have applied new liveupdate policy with proxy options disabled.

 

Regards,

Avkash K

SMLatCST's picture

To recap then.

The log.lue file you posted appears to indicate your SEP client is connecting to Symantec LiveUpdate for its content and that the "external" location of yours is working correctly.

The frequency or schedule behind this LU session is controlled via the LU policy assigned to the "External" location.  As you have the schedule configured for "Continuous", the client should repeatedly run the LU session over and over again.

As the Location Switching appears to be working and the client is attempting to update from Symantec rather than your SEPM, you should be focussing your investigations on why it is unable to update (because it clearly is trying, according to the logs you posted).

Avkash K's picture

Yes, absolutely agree with SMLatCST.

You should check why your client are not able to connect to Symantec Liveupdate over internet.

and one reason i doubt is the proxy setting you must have mentioned in liveupdate policy for switched location. becoz you are connecting through data card where your LAN proxy settings won't work for you.

Regards,

Avkash K

SOLUTION
Srikanth_Subra's picture

Hi Avkash,

Thanks i will check that..then second doubt is in my case i had disabled both options for liveupdate schedule skipping..is that ok?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Avkash K's picture

Yes, srikant no issue in disabling these two option for "WAN- Liveupdate policy".

 

Regards,

Avkash K

Srikanth_Subra's picture

Hi Guys,

Thanks..SEP update over internet is working for me..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

SMLatCST's picture

Do you mean to say it's now fixed?  If so, that's great news smiley

As always, please mark any useful posts with a "Thumbs Up" or as the Solution to aid others who might be experiencing the same issues.