Old GUP became a GUP again
Updated: 21 Oct 2010 | 21 comments
This issue has been solved. See solution.
I'm not sure how this is possible but a machine that used to act as a GUP just became a GUP again! What's more confusing is that specific policy doesn't exist anymore so I don't know what to do.
Has anyone seen this happen before?
Discussion Filed Under:
Comments
You can reassign an new
You can reassign an new policy liveupdate with the valid GUP Settings in this client group and update policy on the client by security.
What is your method for define the GUP ? With IP or DNS name ? It's possible of you have an DNS error if you use the second method, using nslookup for know this.
Move the computer/server to a
Move the computer/server to a new group, and see if the if the LiveUpdate policy updates.
You might also take a look at this article:
http://www.symantec.com/business/support/index?pag...
You can take a look at the Windows registery and see what's going on there.
Mike
I'm checking with our network
I'm checking with our network admin to see if I can move in AD, just to make sure I don't cause any problems
Endpoint Knowledge Base
Security Best Practices
I currently define the GUP by
I currently define the GUP by DNS name. Maybe defining by IP would be more reliable?
Endpoint Knowledge Base
Security Best Practices
I think it's better to use
I think it's better to use IP.
You evacuate a possible problem on your DNS.
I think it's the first step for troubleshooting....and that's update the policy on your SEPM and Client.
I have set my GUPs to use IP
I have set my GUPs to use IP now instead of DNS name
Endpoint Knowledge Base
Security Best Practices
This thread is included in the "King for a Week" contest
Hello everyone,
This thread is now included in the Security Solutions Contest. Do your best to solve this thread, and the others included in the contest, and you could be "King of the Week" and earn a prize. Check out the details here:
https://www-secure.symantec.com/connect/symantec-blogs/security-community-blog
Best,
Eric
Subscribe to the upcoming Security Newsletter - Log in, visit your profile, and click on "Newsletter Subscriptions!"
check the globallist.xml
check the globallist.xml which can be found at "Program files\symantec\symantec endpointprotection manager\data\outbox\GUP", if this IP exits it will be acting as GUP.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
I do not have the GUP folder
I do not have the GUP folder in the path specified above. Nor can I find the globallist.xml file
However the GUP content distro monitor tells me my GUPs are there, althoug some will not update
Endpoint Knowledge Base
Security Best Practices
Hey Brian, The folder that
Hey Brian,
The folder that you are looking for is:
Symantec Endpoint Protection Manager\data\outbox\agent\gup\globallist.xml
This should list the GUPs that are in use.
Mike
Hey Mike, The folder doesn't
Hey Mike,
The folder doesn't exist
I tried a search as well, on all 3 of my SEPMs but with no luck. I'm assuming this an important file bascially telling SEPM what GUPs are what so it has to be there somewhere?Or else the GUPs wouldn't function at all ??
Endpoint Knowledge Base
Security Best Practices
That's strange. Maybe use the
That's strange. Maybe use the GUP content distribution monitor and see if the GUP is listed.
Do you see an agent directory off of the outbox folder?
Mike
Found it! Was located
Found it Was located in:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\gup\
I do see all my GUPs in there and the old GUP is still showing up in there. What's also odd is that a 192.168.x.x address is showing in there. This happens to be the virtual NIC on this machine and no where in SEPM was this IP ever specified. So some weird stuff happening.
I did move the PC in AD to another group, and according to the logs it applied a new policy and stopped being a GUP. I just moved the PC back and now waiting on AD replication to see what happens once it goes back to its correct group. Some I'm waiting to see what happens.
Also, I'm guessing I should just edit this list and remove the two IP addresses?
Endpoint Knowledge Base
Security Best Practices
I don't think you can edit
I don't think you can edit the globalist.xml file. It's protected to my knowledge. Could be wrong though.
Mike
I'm sure the GUP information
I'm sure the GUP information is in the database. Maybe you can query the IP or hostname of the GUP in question and see what you come up with. I'm assing you are running SQL with three SEPMs.
Mike
Yes, running SQL. Most
Yes, running SQL.
Most aggravating...the PC was moved back and immediately became a GUP again, picking up the old policy, which doesn't even exist...lmao....and the weird thing is it actually applied the correct policy and 4 seconds later it applied the old one per the logs anyways....maybe a call to support is needed.
Endpoint Knowledge Base
Security Best Practices
Just thinking outside of the
Just thinking outside of the box. Maybe there is a problem with the OU. I hadnt thought that you had AD intergration. Maybe recreate the OU and see if that helps. But, yeah maybe calling support might help.
Mike
some clients?
Hello Brian,
Are your some clients did not take latest update policy and try to download definitions still old gup? therefore machine think hisself GUP for another machine want to try download definitions from it?
Best Regards.
Fatih
Everything works better when everything works together.
Yes, some clients still have
Yes, some clients still have the old policy and are trying to contact the old GUP so they are not updating.
Endpoint Knowledge Base
Security Best Practices
Have you tried this: Create a
Have you tried this:
Create a new group and either use the current shared liveupdate policy or create a new liveupdate policy and move the clients that are not updating into that group. To see if the policy updates?
Mike
Thanks Mike, moving to a new
Thanks Mike, moving to a new AD group solved the issue. As it stopped being a GUP and picked up a new policy.
Endpoint Knowledge Base
Security Best Practices
Would you like to reply?
Login or Register to post your comment.