Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

One site has a GUP that is up to date, but the clients are not getting current definitions

Created: 07 Feb 2013 | 23 comments

The definitions for all of the clients are from 1-30-2013. The GUP (Server) Is up to date. All of the clients at this site get updates from this server, and have been for a couple of months. How can I make sure that these clients are communicating with this GUP to ensure that the definitions are current.

 

Clients are Windows 7 64 BIT O/S

Server is Windows 2008 64 BIT O/S

SEP 12 (Latest one)

Comments 23 CommentsJump to latest comment

.Brian's picture

You can run sylink monitor on either the GUP or one of the clients to verify. GUP communication takes place over port 2967.

You can verify the GUP became a GUP by looking the System log on the GUP. It will say that it is now serving as a proxy server in the log.

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

Article:TECH104539  |  Created: 2008-01-01  |  Updated: 2011-09-15  |  Article URL http://www.symantec.com/docs/TECH104539

 

How to determine what content SEP 12.1 clients are downloading from a GUP?

Article:TECH188574  |  Created: 2012-05-11  |  Updated: 2012-06-01  |  Article URL http://www.symantec.com/docs/TECH188574

 

Also you can use GUP monitoring tool on your SEPM to ensure the GUPs are working correctly:

SEP Content Distribution Monitor / GUP monitoring tool.

Article:TECH156558  |  Created: 2011-03-25  |  Updated: 2012-03-28  |  Article URL http://www.symantec.com/docs/TECH156558

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

I'm sorry man, maybe I am a little overwhelmed with Symantec EP lately, But I have NO idea what the third thing is about. I get a batch file and a couple of other files that do nothing.

.Brian's picture

You need to put them in the Tools folder on the SEPM. Put here:

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools

Than doubleclick the SepmMonitorTool.bat to open and you will get a new window showing your GUPs

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

Application Event Viewer for gupdate:

 

 

The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped.

The Conquistador's picture

I have re installed the clients and even moved them out of where that GUP is, and they are STILL not updating.

Vikram Kumar-SAV to SEP's picture

@Bryan - GUP is getting definition is fine but it does not ensure it is working properly as a GUP as well.

Not on client but atleast you need to check the GUP server.

1. It windows so first thing to do is restart SEP and SMC service.

2.Check in SEPM and on GUP server whether it is acting as GUP look at 

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate]

or look at SEP -Client Management system Logs.

3. Make sure C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates is receiving definitions

4. Make sure you are able to telnet the GUP on 2967..

5. Nothing works repair GUP client.

I think this much should resolve the issue.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

.Brian's picture

Yes, per the screenshot it is activated as a GUP.

How do the clients know to go to the GUP? Do you have location awareness conditions in place?

Or are the clients getting updated and you just want to make sure the clients are using the GUP?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

The way I have it broke down is

Top folder (Location) where all of the policies are defined is where I have the GUP listed

The subfolders are the client and servers.

They should know to report to the GUP since it is defined in that top level folder.

.Brian's picture

Sounds like it should be correct

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

Can you please elaborate on this one?

5. Nothing works repair GUP client.

 

It is every client that reports to this server, it has to be on the server end. When it says "Rapair the GUP client" what does it mean that I should do?

.Brian's picture

It just means doing a repair on the client via add/remove programs

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

That won't work, this is all of the clients, it HAS to be something to do with the network or the server connection.

.Brian's picture

So the GUP is not working correctly?

Go to the GUP and do a Start >> Run and type smc -stop and wait 10-15 seconds than type smc -start

Than open the SEP GUI and go to the System log. Does it show a line about now acting as a GUP again?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

I will get to the exciting conclusion on Monday. I'm tired from all the digging out today. :-)

Have a nice weekend!!!

The Conquistador's picture

the GUP Gateway and the clients were mismatched. Once I changed the GUP Gateway to what it SHOULD be, which is the same as the clients Gateway, it didn't make a difference, Clients are STILL not up to date.

The Conquistador's picture

Application Event Viewer for gupdate:

 

 

The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped.

alplechaty's picture

How can you tell from the local machine if it is acting as a GUP properly? I looked at the registry key but I am unsure what I am looking for that denotes it is actually working as a GUP? When I look at properties on the SEPM Server it says Group Update Provider FALSE. Thanks in advance.

The Conquistador's picture

From the client go to view logs, then client management, then click on view logs, then click on "system log"