Video Screencast Help

LU1806 and LU1825

Created: 30 Apr 2012 • Updated: 03 May 2012 | 33 comments
This issue has been solved. See solution.

I am not able to run liveupdate from my SEPM console. When I do, I get LU1806 or LU1825 errors from LUALL.exe, or when ran from the console, it gives me return code 4. I have uninstalled and reinstalled Liveupdate, ran a repair on the sep client and repair on the SEPM console as well. All produce the same errors. When it gives me a return code 1 or 0 running liveupdate, which states that all content is up to date, it is false because the content on the manger is still behind from what Symantec has. I also had tried using the jdb file, which does nothing. There are not proxy settings on the server and UAC has been turned off. Any ideas?

 

Comments 33 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Check this Article:

LU1832, LU1825, LU1806 errors when running LiveUpdate on SEPM 12.1 RU1

http://www.symantec.com/docs/TECH185071

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

jcocozzo's picture

Thanks Mithun.

I have come across those same steps in other articles. I have done that countless times and no change.

Mithun Sanghavi's picture

Hello,

It is very important that you perform the steps carefully and 1 after another to meet success.

  • Disable UAC.
  • Reboot the server.
  • Uninstall LiveUpdate.
  • Reinstall LiveUpdate.
  • Reregister LiveUpdate with the SEPM per this article.
  • Either run Luall.exe or run LiveUpdate from SEPM console.

Again, if that does not resolve, please upload the log.liveupdate from the SEPM server machine.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

jcocozzo's picture

I have tried all of those steps, but I will try again. Where can I find the log.liveupdate file. I am having trouble finding it. This is on Server2008.

Mithun Sanghavi's picture

Hello,

Log.liveupdate file is located in:

Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate

Windows 2008: C:\ProgramData\Symantec\LiveUpdate

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

jcocozzo's picture

After following those steps, no change. If I run live update from the client, nothing happens at all. If I go to Admin>servers>download LU content, it tells me error code 1 all are up to date. But there date difference from Symantec and my management console are still off. 

 

Attached is the file you had asked for. I cut it down to 3 pages since it is a 149 page file.

AttachmentSize
log_update.doc 27.5 KB
jcocozzo's picture

What I have just noticed, is that the clients with 12.x installed have the out of date definitions, but I have some clients that are still 11.0.6 that are up to date with today's definitions.

I know there is a known issue where the manager will say that the clients are out of date when they in fact not. Is it possible this could be another glitch where it says definitions on the manager are old versus Symantec which are up to date.

Chetan Savade's picture

Hi jcocozzo,

Check the show liveudpate download status & if possible could you please share screenshot for same ?

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

jcocozzo's picture

Chetan. Here is the screen shot. It states update to date. I just manually downloaded it as well. It gave me error code 1. The date on the manager says 4/19 and from symantec it says 4/30 to be more specific.

show_liveupdate.jpg
Chetan Savade's picture

Hi jcocozzo,

Same way could you please share screenshot for show liveupdate downloads ?

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

jcocozzo's picture

Chetan,

Here is the screenshot.

I have noticed that the 11.x clients I have state that they are updated with the current definitions. Ones that are in the same group and policy as ones with 12.x and state they are out of date. I know there is a known issue with the manager stating how many clients are out of date when in fact they are not. Not sure if this is related since I have done just about everything else.

liveupdatedownloads.jpg
Mithun Sanghavi's picture

Hello,

In your case, I would request you to check this Article:

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

http://www.symantec.com/docs/TECH166923

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi jcocozzo,

Are you talking about SEP 12.1 known issue ?

http://www.symantec.com/docs/TECH164272 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

jcocozzo's picture

Yes. That is the one I had referenced, but the date change did not work either. So I am not sure if these are related or the live update issue I am having is completely different.

Chetan Savade's picture

Hi jcocozzo,

Could you please repair SEPM from add/remove programs ?

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

jcocozzo's picture

Chetan,

I followed the steps in the previous link as well, and a different time also, and just did it again now to be sure. I have attached the downloads after doing so, the virus and spyware defs are still old.

liveupdatedownloads.jpg
SMLatCST's picture

Now that you no longer appear to be getting errors from LiveUpdate, are you able to update the SEPM using the JDB method?

Also, can you confirm you have completed the necessary LiveUpdate reinstall steps?  The log you posted yesterday seemed to indicate it failed to open the product.inventory.liveupdate file.

A new version of the log.liveupdate file would be useful too!

jcocozzo's picture

I have not been able to update it either with the JDB. Also, the .liveupdate files seem to not be making the correct file association to Liveupdate and I am not sure which one it should be. This had just changed as I was reinstalling Live update.

SMLatCST's picture

...you can guess what I'm going to ask.  And that's for another uninstall/reinstall of LiveUpdate on your SEPM.  Clearly, without a working LiveUpdate, we're not going to get anywhere.  Before doing so, can you confirm what version of 12.1 you're on, as well as the version of LiveUpdate you're installing please?

Regarding the issues with the JDB files, can you review the below articles and post the sesmlu.log file and the log.liveupdate files please?

http://www.symantec.com/docs/TECH91335

http://www.symantec.com/docs/TECH105924

Chetan Savade's picture

Hi jcocozzo,

Could you please share Home page screenshot? 
 
I have read entire thread again & I would like to clear my doubts 
 
Your comment " I have noticed that the 11.x clients I have state that they are updated with the current definitions. Ones that are in the same group and policy as ones with 12.x and state they are out of date"
 
1. Only console is showing false information or clients are also not updated?
 
2. Where do you see this information, Under clients tab or at home tab --> Preferences?
 
As per show liveudpate downloads screenshot, Virus and Spyware definitinos are not updated.
 
 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

jcocozzo's picture

Thanks SMLatCST. I will do a repair, uninstall/reinstall of all parts and check everything. and see what comes with the links you had provided. After just doing all of that, and following instructions provided by the first link, I now get return code 4 when Live update is ran.

 

Chetan,

Both the console and clients that have 12.x are showing out of date. The clients that still have 11.x installed show they are up to date.

 

 

Chetan Savade's picture

Hi jcocozzo,

I hope you have sufficient disk space on SEPM installed drive

If possible reboot the server.e

If did not help you will should try to remove SEPM definitions manually.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

jcocozzo's picture

Chetan,

There is plenty of space on the drive. I have rebooted, and removed the definitions manually in the past. After the reboot, now I am getting return code 4 again.

jcocozzo's picture

I have also attached the log.liveupdate file

AttachmentSize
liveupdatelog.doc 95.5 KB
SMLatCST's picture

...did you revert to an earlier set of installation files?

The version of Liveupdate in teh latest log is 3.3.1.19, whereas is should be 3.3.1.23 with SEP12.1RTM and SEP12.1RU1 (SEP12.1RU1MP1 uses v3.3.2.2).

Also, this latest log has loads of entries similar to those below:

 

5/2/2012, 14:43:41 GMT -> ProductRegCom/luProductReg(PID=7896/TID=3012): Registering Product -- SEPM Virus Definitions Win32 v12.1 (Pre-Release) - Hub - SymAllLanguages
5/2/2012, 14:43:41 GMT -> ProductRegCom/luGroup(PID=7896/TID=3012): Adding product to Group {298349E5-0AB4-F6D4-01DD-B0AF43C58285} - Product = SEPM Virus Definitions Win32 v12.1 (Pre-Release), Version = Hub, Language = SymAllLanguages, Type = 

These suggest LU is looking for definitions for the Pre-Release version of SEP?  Can you confirm your SEPM version please?

jcocozzo's picture

I have v12.1.601 installed on the manager.

 

What I had done, was downloaded the newest version of LU to see if it was an issue or not. But there has been no change, so I went back to the version that came with the install of this version to keep it all in the same scope of things. Being that the newer version made no change. So as of right now, it is at the current versions from what came with the SEPM install.

SMLatCST's picture

...upgrading to a production version of SEP as it sounds like you're using the beta.

It's entirely possible that Symantec are no longer producing defs for the beta version of SEP as it was never meant to see production use.

SOLUTION
jcocozzo's picture

That was suggested earlier, but I wasn't looking to do so in the meantime. Looks like I don't have much of a choice. Once I do that I will let you know. Thanks for the help.

Chetan Savade's picture

Hi jcocozzo,

Do you have recent DB backup?

If yes, please restore it & check.

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Spinal's picture

One of our clients is having this exact issue - all the above tried to no avail.

 

It's not an isolated case it seems... This seemed to work in our case, give it a shot:

 

Navigate to :

C:\Program Files(x86)\Symantec\Live Update\

and right click on the LUALL.exe application, select "Run As Administrator".

This seems to have worked here, and the updates downloaded and installed...

 

M.

 

jcocozzo's picture

Upgrading to 12.1.11 resolved the issue and is currently, and slowly, pushing out all updates to the clients.

Thanks for all the help!