Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Push new install package version to clients

DLP kishorilal

DLP kishorilalDec 11, 2012 01:07 AM

Hi I think Ashish given solution should work.
Migration User

Migration UserDec 12, 2012 11:42 PM

Hi trevlantin, Did you received solution ?
Migration User

Migration UserDec 13, 2012 01:14 AM

Glad To hear your issue are resolved

  • 1.  Push new install package version to clients

    Posted Dec 10, 2012 07:03 PM
      |   view attached

     

    Good day!

     

    I've created a new install package on my Endpoint Protection Manager v11.0.6005. Our new package is R7 and the current is R5. I've assigned a development group for the new package and the 2 test computers in it were able to get the new settings/policies. Hence, I was expecting they will be upgraded to the new package, as a popup message is displayed on both computers saying:

    "Symantec Management Client is downloading a newer version of the software from the Symantec Endpoint Manager.

    Symantec Client is ready to upgrade to a newer version. Wait until the process has been completed."

    Need to press the Ok button.

     

     

    But the whole day passed (more than enough to allow the download to complete) and the client version is unchanged. I've tried restarting the test computers the next day but nada. What steps could I possibly be missing? Or do I need to update my SEPM to R7 in order for it to push R7 install package to clients? Also worth mentioning is that the R5 package is 'Antivirus and AntiSpyware' only, but R7 is 'Antivirus and AntiSpyware' + Proactive TruScan. TIA.

     

    Regards,

    Trev



  • 2.  RE: Push new install package version to clients

    Posted Dec 10, 2012 07:24 PM

     

    found an interesting link which I am looking at right now:

     

    TECH102907

     

    cheers!



  • 3.  RE: Push new install package version to clients
    Best Answer

    Broadcom Employee
    Posted Dec 10, 2012 09:01 PM

    looks like the client i sin process of downloading and installing, check the install log to know if there is a failure .

     

    just in case if you have not seen this article on autoupgrade

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55058

     

     



  • 4.  RE: Push new install package version to clients

    Posted Dec 10, 2012 09:15 PM

     

    Thanks Pete! I am looking into it now. Any more suggestions please?



  • 5.  RE: Push new install package version to clients

    Broadcom Employee
    Posted Dec 10, 2012 09:19 PM

    install log is the important one as it will throw some light if the install took place or not.



  • 6.  RE: Push new install package version to clients

    Posted Dec 11, 2012 12:32 AM

     

    You're right Pete. I was able to review the data from the install log (SEP_INST.LOG) and found the clues as to why they haven't been updated:

     

    For the 1st computer although it was able to grab the R7 package, below log extract indicates error that has something to do with "LUALL" process in the SEPM server? 

     

    ....(extract start)
    1: InstAPca.dll:   ProductVersion=11.0.7101.1056
     
    MSI (s) (08:60) [17:08:14:837]: Skipping action: LockoutLU.FF07F38E_78C2_412E_B858_64488E808644 (condition is false)
    MSI (s) (08:60) [17:08:14:837]: Doing action: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644
    Action ended 17:08:14: SetExtCustomActionData.9DDC0E81_9620_4441_B4F7_FD077F55D6D2. Return value 1.
    MSI (s) (08:64) [17:08:14:900]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSID6DD.tmp, Entrypoint: CheckForRunningLU
    Action start 17:08:14: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644.
    LUCA: UILevel = 2 (2)
    LUCA(1782): error=2 GetLastError=2
    LUCA(1782): error=2 GetLastError=2
    LUCA: Checking if LUALL is running...
    LUCA: LiveUpdate is running!!
    Action ended 17:13:14: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644. Return value 3.
    Action ended 17:13:14: INSTALL. Return value 3.
    ....(succeeding logs truncated)
    Property(S): CURRENTDIRECTORY = C:\WINDOWS\system32
    Property(S): SETUPEXEDIR = C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup
    Property(S): PackagecodeChanging = 1
    Property(S): ProductState = -1
    Property(S): PackageCode = {A541D86B-B821-47E7-9331-1C6609853198}
    MSI (s) (08:60) [17:13:15:086]: Note: 1: 1708 
    MSI (s) (08:60) [17:13:15:086]: Product: Symantec Endpoint Protection -- Installation operation failed.
     
    MSI (s) (08:60) [17:13:16:101]: Cleaning up uninstalled install packages, if any exist
    MSI (s) (08:60) [17:13:16:101]: MainEngineThread is returning 1603
    MSI (s) (08:78) [17:13:16:117]: Destroying RemoteAPI object.
    MSI (s) (08:C8) [17:13:16:117]: Custom Action Manager thread ending.
    === Logging stopped: 10/12/2012  17:13:15 ===
    MSI (c) (10:54) [17:13:16:117]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (c) (10:54) [17:13:16:117]: MainEngineThread is returning 1603
    === Verbose logging stopped: 10/12/2012  17:13:16 ===
     
     
    FOR THE SECOND PC; I am not sure why it is still using the R5 instead of R7 package, eventhough i moved it to the test group where R7 is assigned. Please see below log extracts:
     
    ...
    1: InstAPca.dll:   ProductVersion=11.0.5002.333
     
    MSI (s) (18:50) [00:05:59:002]: Skipping action: LockoutLU.FF07F38E_78C2_412E_B858_64488E808644 (condition is false)
    MSI (s) (18:50) [00:05:59:002]: Doing action: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644
    Action ended 0:05:59: SetExtCustomActionData.9DDC0E81_9620_4441_B4F7_FD077F55D6D2. Return value 1.
    MSI (s) (18:F4) [00:05:59:081]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI21.tmp, Entrypoint: CheckForRunningLU
    Action start 0:05:59: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644.
    LUCA: UILevel = 2 (2)
    LUCA(1782): error=2 GetLastError=2
    LUCA(1782): error=2 GetLastError=2
    LUCA(1782): error=2 GetLastError=2
    LUCA(1782): error=2 GetLastError=2
    LUCA: CheckForRunningLU: Failed to open LU mutex, can not check for running LU.
    ....
     
    The log files are really big and I can only look for the suggested "value 3" for a sign of the update failure. The 1st PC has it, the other none.
     
    Regards,
    Trev
     
     


  • 7.  RE: Push new install package version to clients

    Posted Dec 11, 2012 12:39 AM

    HI,

    SEP client installation rolls back at creating install cache

    http://www.symantec.com/business/support/index?page=content&id=TECH167813

    Also Check this thread

    https://www-secure.symantec.com/connect/forums/sep-121-client-installation-failure



  • 8.  RE: Push new install package version to clients

    Posted Dec 11, 2012 12:46 AM

     

    Thanks Ashish! My test clients are both XP and both of your links pertains to Win 7. Nice to see that appdata issue htough as I am also testing this on Win 7 boxes later.



  • 9.  RE: Push new install package version to clients

    Posted Dec 11, 2012 12:54 AM

    Hi,

    Check this setting in

    SEPM -> Policy-> Application and Device control policy-> Uncheck the option "Protect client files and registry keys" .

    or

    1) Create a Test Group

    2) Edit Application and Device control policy for Test Group.

    3) Click on Application Control.

    4) Uncheck the option "Protect client files and registry keys" .

    5) Create a new package so that the clients report to the Test Group.

    6) Use the package for installation .

    Please Check if the installation works.



  • 10.  RE: Push new install package version to clients

    Broadcom Employee
    Posted Dec 11, 2012 12:59 AM

    yes, since LU was running on client it caused the issue.

    can you try again?



  • 11.  RE: Push new install package version to clients

    Posted Dec 11, 2012 01:07 AM

    Hi I think Ashish given solution should work.



  • 12.  RE: Push new install package version to clients

    Posted Dec 12, 2012 11:42 PM

    Hi trevlantin,

    Did you received solution ?



  • 13.  RE: Push new install package version to clients

    Posted Dec 13, 2012 01:02 AM

     

    Hi everyone,

     

    I ended up using SEPM's deployment wizard which I found from a previous thread. I was able to successfully upgrade my 2 test computers in silent mode, though normally a restart was needed after the process. Quite inconvenient to add PC's one by one if you've got hundreds or more to update.

    However, I am still trying out the more appropriate way which is assigning the new install package to a group and deploying it from there. I will post an update on how I go on this.

     

    Thanks Pete and Ashish for your valuable help on resolving my issues.

     

    Regards,

    Roberto



  • 14.  RE: Push new install package version to clients

    Posted Dec 13, 2012 01:12 AM

    By the way, Ashish suggestion regarding unchecking the option "Protect client files and registry keys" could lead to a solution for others having similar issues as mine... although in my case it's already been unchecked beforehand. I will also try recreating a new package and follow his suggestion step by step. Just sad that I can only mark one as a solution.

     

    cheers!



  • 15.  RE: Push new install package version to clients

    Posted Dec 13, 2012 01:14 AM

    Glad To hear your issue are resolved