One site has a GUP that is up to date, but the clients are not getting current definitions
Created: 07 Feb 2013 | 21 comments
The definitions for all of the clients are from 1-30-2013. The GUP (Server) Is up to date. All of the clients at this site get updates from this server, and have been for a couple of months. How can I make sure that these clients are communicating with this GUP to ensure that the definitions are current.
Clients are Windows 7 64 BIT O/S
Server is Windows 2008 64 BIT O/S
SEP 12 (Latest one)
Discussion Filed Under:
Comments 21 Comments • Jump to latest comment
I really want to do this WITHOUT going on to the client PC's.
Thank you.
You can run sylink monitor on either the GUP or one of the clients to verify. GUP communication takes place over port 2967.
You can verify the GUP became a GUP by looking the System log on the GUP. It will say that it is now serving as a proxy server in the log.
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)
How to determine what content SEP 12.1 clients are downloading from a GUP?
Also you can use GUP monitoring tool on your SEPM to ensure the GUPs are working correctly:
SEP Content Distribution Monitor / GUP monitoring tool.
SEP Knowledge Base
Endpoint SWAT
I'm sorry man, maybe I am a little overwhelmed with Symantec EP lately, But I have NO idea what the third thing is about. I get a batch file and a couple of other files that do nothing.
You need to put them in the Tools folder on the SEPM. Put here:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools
Than doubleclick the SepmMonitorTool.bat to open and you will get a new window showing your GUPs
SEP Knowledge Base
Endpoint SWAT
Application Event Viewer for gupdate:
The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped.
I have re installed the clients and even moved them out of where that GUP is, and they are STILL not updating.
@Bryan - GUP is getting definition is fine but it does not ensure it is working properly as a GUP as well.
Not on client but atleast you need to check the GUP server.
1. It windows so first thing to do is restart SEP and SMC service.
2.Check in SEPM and on GUP server whether it is acting as GUP look at
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate]
or look at SEP -Client Management system Logs.
3. Make sure C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates is receiving definitions
4. Make sure you are able to telnet the GUP on 2967..
5. Nothing works repair GUP client.
I think this much should resolve the issue.
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Here is what I see in the registry
The server is set up in the SEPM and it is a GUP to the local clients.
Yes, per the screenshot it is activated as a GUP.
How do the clients know to go to the GUP? Do you have location awareness conditions in place?
Or are the clients getting updated and you just want to make sure the clients are using the GUP?
SEP Knowledge Base
Endpoint SWAT
The way I have it broke down is
Top folder (Location) where all of the policies are defined is where I have the GUP listed
The subfolders are the client and servers.
They should know to report to the GUP since it is defined in that top level folder.
Sounds like it should be correct
SEP Knowledge Base
Endpoint SWAT
Can you please elaborate on this one?
5. Nothing works repair GUP client.
It is every client that reports to this server, it has to be on the server end. When it says "Rapair the GUP client" what does it mean that I should do?
It just means doing a repair on the client via add/remove programs
SEP Knowledge Base
Endpoint SWAT
That won't work, this is all of the clients, it HAS to be something to do with the network or the server connection.
So the GUP is not working correctly?
Go to the GUP and do a Start >> Run and type smc -stop and wait 10-15 seconds than type smc -start
Than open the SEP GUI and go to the System log. Does it show a line about now acting as a GUP again?
SEP Knowledge Base
Endpoint SWAT
I will get to the exciting conclusion on Monday. I'm tired from all the digging out today. :-)
Have a nice weekend!!!
Syslog just tells me that the service has stopped and started.
Nothing else
Looks like it is a gateway issue.
the GUP Gateway and the clients were mismatched. Once I changed the GUP Gateway to what it SHOULD be, which is the same as the clients Gateway, it didn't make a difference, Clients are STILL not up to date.
Application Event Viewer for gupdate:
The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped.
Would you like to reply?
Login or Register to post your comment.