Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Push new install package version to clients

Created: 10 Dec 2012 • Updated: 12 Dec 2012 | 14 comments
This issue has been solved. See solution.

 

Good day!

 

I've created a new install package on my Endpoint Protection Manager v11.0.6005. Our new package is R7 and the current is R5. I've assigned a development group for the new package and the 2 test computers in it were able to get the new settings/policies. Hence, I was expecting they will be upgraded to the new package, as a popup message is displayed on both computers saying:

"Symantec Management Client is downloading a newer version of the software from the Symantec Endpoint Manager.

Symantec Client is ready to upgrade to a newer version. Wait until the process has been completed."

Need to press the Ok button.

 

 

But the whole day passed (more than enough to allow the download to complete) and the client version is unchanged. I've tried restarting the test computers the next day but nada. What steps could I possibly be missing? Or do I need to update my SEPM to R7 in order for it to push R7 install package to clients? Also worth mentioning is that the R5 package is 'Antivirus and AntiSpyware' only, but R7 is 'Antivirus and AntiSpyware' + Proactive TruScan. TIA.

 

Regards,

Trev

Comments 14 CommentsJump to latest comment

trevlantin's picture

 

found an interesting link which I am looking at right now:

 

TECH102907

 

cheers!

pete_4u2002's picture

looks like the client i sin process of downloading and installing, check the install log to know if there is a failure .

 

just in case if you have not seen this article on autoupgrade

http://www.symantec.com/business/support/index?pag...

 

 

SOLUTION
trevlantin's picture

 

Thanks Pete! I am looking into it now. Any more suggestions please?

pete_4u2002's picture

install log is the important one as it will throw some light if the install took place or not.

trevlantin's picture

 

You're right Pete. I was able to review the data from the install log (SEP_INST.LOG) and found the clues as to why they haven't been updated:

 

For the 1st computer although it was able to grab the R7 package, below log extract indicates error that has something to do with "LUALL" process in the SEPM server? 

 

....(extract start)
1: InstAPca.dll:   ProductVersion=11.0.7101.1056
 
MSI (s) (08:60) [17:08:14:837]: Skipping action: LockoutLU.FF07F38E_78C2_412E_B858_64488E808644 (condition is false)
MSI (s) (08:60) [17:08:14:837]: Doing action: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644
Action ended 17:08:14: SetExtCustomActionData.9DDC0E81_9620_4441_B4F7_FD077F55D6D2. Return value 1.
MSI (s) (08:64) [17:08:14:900]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSID6DD.tmp, Entrypoint: CheckForRunningLU
Action start 17:08:14: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644.
LUCA: UILevel = 2 (2)
LUCA(1782): error=2 GetLastError=2
LUCA(1782): error=2 GetLastError=2
LUCA: Checking if LUALL is running...
LUCA: LiveUpdate is running!!
Action ended 17:13:14: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644. Return value 3.
Action ended 17:13:14: INSTALL. Return value 3.
....(succeeding logs truncated)
Property(S): CURRENTDIRECTORY = C:\WINDOWS\system32
Property(S): SETUPEXEDIR = C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup
Property(S): PackagecodeChanging = 1
Property(S): ProductState = -1
Property(S): PackageCode = {A541D86B-B821-47E7-9331-1C6609853198}
MSI (s) (08:60) [17:13:15:086]: Note: 1: 1708 
MSI (s) (08:60) [17:13:15:086]: Product: Symantec Endpoint Protection -- Installation operation failed.
 
MSI (s) (08:60) [17:13:16:101]: Cleaning up uninstalled install packages, if any exist
MSI (s) (08:60) [17:13:16:101]: MainEngineThread is returning 1603
MSI (s) (08:78) [17:13:16:117]: Destroying RemoteAPI object.
MSI (s) (08:C8) [17:13:16:117]: Custom Action Manager thread ending.
=== Logging stopped: 10/12/2012  17:13:15 ===
MSI (c) (10:54) [17:13:16:117]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (10:54) [17:13:16:117]: MainEngineThread is returning 1603
=== Verbose logging stopped: 10/12/2012  17:13:16 ===
 
 
FOR THE SECOND PC; I am not sure why it is still using the R5 instead of R7 package, eventhough i moved it to the test group where R7 is assigned. Please see below log extracts:
 
...
1: InstAPca.dll:   ProductVersion=11.0.5002.333
 
MSI (s) (18:50) [00:05:59:002]: Skipping action: LockoutLU.FF07F38E_78C2_412E_B858_64488E808644 (condition is false)
MSI (s) (18:50) [00:05:59:002]: Doing action: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644
Action ended 0:05:59: SetExtCustomActionData.9DDC0E81_9620_4441_B4F7_FD077F55D6D2. Return value 1.
MSI (s) (18:F4) [00:05:59:081]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI21.tmp, Entrypoint: CheckForRunningLU
Action start 0:05:59: CheckForRunningLU.FF07F38E_78C2_412E_B858_64488E808644.
LUCA: UILevel = 2 (2)
LUCA(1782): error=2 GetLastError=2
LUCA(1782): error=2 GetLastError=2
LUCA(1782): error=2 GetLastError=2
LUCA(1782): error=2 GetLastError=2
LUCA: CheckForRunningLU: Failed to open LU mutex, can not check for running LU.
....
 
The log files are really big and I can only look for the suggested "value 3" for a sign of the update failure. The 1st PC has it, the other none.
 
Regards,
Trev
 
 
trevlantin's picture

 

Thanks Ashish! My test clients are both XP and both of your links pertains to Win 7. Nice to see that appdata issue htough as I am also testing this on Win 7 boxes later.

Ashish-Sharma's picture

Hi,

Check this setting in

SEPM -> Policy-> Application and Device control policy-> Uncheck the option "Protect client files and registry keys" .

or

1) Create a Test Group

2) Edit Application and Device control policy for Test Group.

3) Click on Application Control.

4) Uncheck the option "Protect client files and registry keys" .

5) Create a new package so that the clients report to the Test Group.

6) Use the package for installation .

Please Check if the installation works.

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

yes, since LU was running on client it caused the issue.

can you try again?

Ashish-Sharma's picture

Hi trevlantin,

Did you received solution ?

Thanks In Advance

Ashish Sharma

 

 

trevlantin's picture

 

Hi everyone,

 

I ended up using SEPM's deployment wizard which I found from a previous thread. I was able to successfully upgrade my 2 test computers in silent mode, though normally a restart was needed after the process. Quite inconvenient to add PC's one by one if you've got hundreds or more to update.

However, I am still trying out the more appropriate way which is assigning the new install package to a group and deploying it from there. I will post an update on how I go on this.

 

Thanks Pete and Ashish for your valuable help on resolving my issues.

 

Regards,

Roberto

trevlantin's picture

By the way, Ashish suggestion regarding unchecking the option "Protect client files and registry keys" could lead to a solution for others having similar issues as mine... although in my case it's already been unchecked beforehand. I will also try recreating a new package and follow his suggestion step by step. Just sad that I can only mark one as a solution.

 

cheers!

Ashish-Sharma's picture

Glad To hear your issue are resolved

Thanks In Advance

Ashish Sharma