Endpoint Protection

 View Only

  • 1.  Network Bogs down, SPM clients loss of network connectivity.

    Posted Feb 18, 2010 11:44 AM
    SEPM 11.0.5002.333
    When this situation occurrs, devices with SEP installed exhibit a loss of or very decreased network connectivity. Has happened twice now. Appears to be policy related as making a small chenge in the policty on the SEPM causes the clients to start acting normally. What seems to be happening is that without any changed to the existing policy, something happens which causes the clients to continuously download and attempt installing updates from the SEPM. Believe the problem to be on the SEPM side. Any suggestions as to where to look for possible policy corruption or other thoughts? SEPM is on Server 2003 with all updates and running the included database.


  • 2.  RE: Network Bogs down, SPM clients loss of network connectivity.



  • 3.  RE: Network Bogs down, SPM clients loss of network connectivity.

    Posted Feb 18, 2010 02:09 PM
    Dont think is applicable to our situation. Perhaps I should better attempt to explain what is going on. There is plenty of network bandwidth. The machines are consumed with attempting to update definitions and it fails and it loops. The available resources on the client machines are all consumed, and it appears that the machines become unresponsive. The event logs are that live update had an error. In the system log on the client machines, NTP updates fail. The clue here is that making a simple minor change to the policy on the SEPM, then changing it back and applying it causes the machines to "normalize".


  • 4.  RE: Network Bogs down, SPM clients loss of network connectivity.

    Posted Feb 18, 2010 02:15 PM
    let us know the error in LU, what is that minor change you make ,? really a tick which means nothing... 


  • 5.  RE: Network Bogs down, SPM clients loss of network connectivity.

    Posted Feb 18, 2010 04:50 PM
    In the Event Viewer of the client, recurring, error Event ID :13 from Source: SescLU, "Live Update returned a non-critical error. Available content updates may have failed to install."
    From the System Log on the client in "Client Management",
    91    2/18/2010 8:18:32 AM    Information    12070306    Received a new policy with serial number 9481-02/09/2010 09:22:34 674 from Symantec Endpoint Protection Manager.    
    92    2/18/2010 8:18:32 AM    Error    12070308    Network Threat Protection cannot apply the policy from Symantec Endpoint Protection Manager.   
    The two lines above recur every 8 seconds with the timestamp and item sequential number changing.
    I did not actually perform the policy change and will update when have the information.

    One item of interest, does not affect Windows 7 machines. Affects Windows 2000 and XP.



  • 6.  RE: Network Bogs down, SPM clients loss of network connectivity.
    Best Answer

    Posted Feb 18, 2010 05:01 PM
    For the Event id 13 , try this


    Title: 'Event ID 13: "SescLU - LiveUpdate returned a non-critical error. Available content may have failed to install."'
    Document ID: 2009010507551848
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009010507551848?Open&seg=ent


  • 7.  RE: Network Bogs down, SPM clients loss of network connectivity.

    Posted Feb 18, 2010 11:29 PM
    Restart your SEPM server once.. 


  • 8.  RE: Network Bogs down, SPM clients loss of network connectivity.

    Posted Feb 25, 2010 03:17 PM
    Well, it seems that for this occurrence of the problem, the personnel didn't actually change the policy, but did in fact restart the server. For the prior occurrence, they did do a policy update as is reflected in the Administrative logs. Both actions seem to have produced the desired effect. Will have to do some monitoring when next this occurs from a Windows 7 station to see what is actually going on.