Endpoint Protection

I am not able to run liveupdate from my SEPM console. When I do, I get LU1806 or LU1825 errors from LUALL.exe, or when ran from the console, it gives me return code 4. I have uninstalled and reinstalled Liveupdate, ran a repair on the sep client and repair on the SEPM console as well. All produce the same errors. When it gives me a return code 1 or 0 running liveupdate, which states that all content is up to date, it is false because the content on the manger is still behind from what Symantec has. I also had tried using the jdb file, which does nothing. There are not proxy settings on the server and UAC has been turned off. Any ideas?

can you post the log.liveupdate?

Hello,

Check this Article:

LU1832, LU1825, LU1806 errors when running LiveUpdate on SEPM 12.1 RU1

http://www.symantec.com/docs/TECH185071

Hope that helps!!

Thanks Mithun.

I have come across those same steps in other articles. I have done that countless times and no change.

Hello,

It is very important that you perform the steps carefully and 1 after another to meet success.

• Disable UAC.
• Reboot the server.
• Uninstall LiveUpdate.
• Reinstall LiveUpdate.
• Reregister LiveUpdate with the SEPM per this article.
• Either run Luall.exe or run LiveUpdate from SEPM console.

Again, if that does not resolve, please upload the log.liveupdate from the SEPM server machine.

Hope that helps!!

I have tried all of those steps, but I will try again. Where can I find the log.liveupdate file. I am having trouble finding it. This is on Server2008.

Hello,

Log.liveupdate file is located in:

Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate

Windows 2008: C:\ProgramData\Symantec\LiveUpdate

Hope that helps!!

After following those steps, no change. If I run live update from the client, nothing happens at all. If I go to Admin>servers>download LU content, it tells me error code 1 all are up to date. But there date difference from Symantec and my management console are still off. 

Attached is the file you had asked for. I cut it down to 3 pages since it is a 149 page file.

Attachment(s)

log_update.doc   27 KB 1 version

What I have just noticed, is that the clients with 12.x installed have the out of date definitions, but I have some clients that are still 11.0.6 that are up to date with today's definitions.

I know there is a known issue where the manager will say that the clients are out of date when they in fact not. Is it possible this could be another glitch where it says definitions on the manager are old versus Symantec which are up to date.

Hi jcocozzo,

Check the show liveudpate download status & if possible could you please share screenshot for same ?

Chetan. Here is the screen shot. It states update to date. I just manually downloaded it as well. It gave me error code 1. The date on the manager says 4/19 and from symantec it says 4/30 to be more specific.

Hi jcocozzo,

Same way could you please share screenshot for show liveupdate downloads ?

Chetan,

Here is the screenshot.

I have noticed that the 11.x clients I have state that they are updated with the current definitions. Ones that are in the same group and policy as ones with 12.x and state they are out of date. I know there is a known issue with the manager stating how many clients are out of date when in fact they are not. Not sure if this is related since I have done just about everything else.

Hi jcocozzo,

Are you talking about SEP 12.1 known issue ?

http://www.symantec.com/docs/TECH164272 

Hello,

In your case, I would request you to check this Article:

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

http://www.symantec.com/docs/TECH166923

Hope that helps!!

Yes. That is the one I had referenced, but the date change did not work either. So I am not sure if these are related or the live update issue I am having is completely different.

Hi jcocozzo,

Could you please repair SEPM from add/remove programs ?

Chetan,

I followed the steps in the previous link as well, and a different time also, and just did it again now to be sure. I have attached the downloads after doing so, the virus and spyware defs are still old.

I have done the repair as well.

Now that you no longer appear to be getting errors from LiveUpdate, are you able to update the SEPM using the JDB method?

Also, can you confirm you have completed the necessary LiveUpdate reinstall steps?  The log you posted yesterday seemed to indicate it failed to open the product.inventory.liveupdate file.

A new version of the log.liveupdate file would be useful too!

I have not been able to update it either with the JDB. Also, the .liveupdate files seem to not be making the correct file association to Liveupdate and I am not sure which one it should be. This had just changed as I was reinstalling Live update.

...you can guess what I'm going to ask.  And that's for another uninstall/reinstall of LiveUpdate on your SEPM.  Clearly, without a working LiveUpdate, we're not going to get anywhere.  Before doing so, can you confirm what version of 12.1 you're on, as well as the version of LiveUpdate you're installing please?

Regarding the issues with the JDB files, can you review the below articles and post the sesmlu.log file and the log.liveupdate files please?

http://www.symantec.com/docs/TECH91335

http://www.symantec.com/docs/TECH105924

Hi jcocozzo,

Thanks SMLatCST. I will do a repair, uninstall/reinstall of all parts and check everything. and see what comes with the links you had provided. After just doing all of that, and following instructions provided by the first link, I now get return code 4 when Live update is ran.

Chetan,

Both the console and clients that have 12.x are showing out of date. The clients that still have 11.x installed show they are up to date.

Hi jcocozzo,

I hope you have sufficient disk space on SEPM installed drive

If possible reboot the server.e

If did not help you will should try to remove SEPM definitions manually.

Chetan,

There is plenty of space on the drive. I have rebooted, and removed the definitions manually in the past. After the reboot, now I am getting return code 4 again.

I have also attached the log.liveupdate file

Attachment(s)

liveupdatelog.doc   95 KB 1 version

...did you revert to an earlier set of installation files?

The version of Liveupdate in teh latest log is 3.3.1.19, whereas is should be 3.3.1.23 with SEP12.1RTM and SEP12.1RU1 (SEP12.1RU1MP1 uses v3.3.2.2).

Also, this latest log has loads of entries similar to those below:

These suggest LU is looking for definitions for the Pre-Release version of SEP?  Can you confirm your SEPM version please?

I have v12.1.601 installed on the manager.

What I had done, was downloaded the newest version of LU to see if it was an issue or not. But there has been no change, so I went back to the version that came with the install of this version to keep it all in the same scope of things. Being that the newer version made no change. So as of right now, it is at the current versions from what came with the SEPM install.

...upgrading to a production version of SEP as it sounds like you're using the beta.

It's entirely possible that Symantec are no longer producing defs for the beta version of SEP as it was never meant to see production use.

That was suggested earlier, but I wasn't looking to do so in the meantime. Looks like I don't have much of a choice. Once I do that I will let you know. Thanks for the help.

Hi jcocozzo,

Do you have recent DB backup?

If yes, please restore it & check.

One of our clients is having this exact issue - all the above tried to no avail.

It's not an isolated case it seems... This seemed to work in our case, give it a shot:

Navigate to :

C:\Program Files(x86)\Symantec\Live Update\

and right click on the LUALL.exe application, select "Run As Administrator".

This seems to have worked here, and the updates downloaded and installed...

M.

Upgrading to 12.1.11 resolved the issue and is currently, and slowly, pushing out all updates to the clients.

Thanks for all the help!