Video Screencast Help

SBS 2003 - SEPM 12.1.2 getting updates, but none of the clients are receiving content or virus definition updates

Created: 04 Mar 2013 | 15 comments

I recently just did a clean install of Symantec Endpoint Protection Manager 12.1.2 (November 2012 release) on a SBS 2003 server.  I did not run into any issues during the installation, and I had NO issues pushing the clients out to the machines (mixed XP - Windows 7 environment).

However, while SEPM console shows that the Endpoint Manager is getting all of the updates, none of my clients are getting any virus def updates.  They are still on the original virus definition package when LiveUpdate ran after the installation.

I've tried and found several articles in Symantec's online knowledgebase, but none worked.  I even tried uninstalling/reinstalling, and using Sylink to push communication back to the clients.  Still no one is getting updates, NOT even the server itself where Endpoint Protection client is deployed as well.  The previous release worked fine, and I'd uninstall this crap and go back a previous version, but its no longer available in the Fileconnect portal.

Can any one help?  I'm at my wit's end on this, and I've spend a lot of time (client's money) trying to get this resolved, and nothing works.

Also, it seems VERY VERY stupid on Symantec's part to include/install LiveUpdate when installing the SEP Clients, but NOT give the client's any fallback capability to use LiveUpdate to do content updates.

Operating Systems:

Comments 15 CommentsJump to latest comment

ᗺrian's picture

Enable sylink debugging on one of the affected clients and post the log here for review

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH104758 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2008-01-18 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2013-02-26 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

W007's picture

SEP client are showing online in sepm console ?

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.
Article:TECH166923 | Created: 2011-08-11 | Updated: 2012-06-16 | Article URL

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

EY_ISandT's picture

Yes, they are showing online, and I have already tried the article you mention ManishS.  That did not work.

Brian81, I'll see what I can do.

EY_ISandT's picture

Sylink debugging enabled on the client on the server. I proceeded to force a content update push from SEPM to the client, and it failed.  Log attached.

AttachmentSize 34.1 KB
EY_ISandT's picture


I've restarted the Embedded database, SEPM, and SEPM Web Server services.  Pushed another content update to the client, and it still did not update.

Like I said previously, the clients are checking in and showing online in SEPM (this is not the issue), they are not getting updates from SEPM.

This is still an "unresolved" issue.

SebastianZ's picture

According to log - SEP reports new update for virus defs is available and needed:

03/05 09:20:16.095 [21784] [Content]<mfn_LiveUpdate:>EVENT_LU_REQUIRE_STATUS: Content update needed.
03/05 09:20:16.095 [21784] [Content]<Add2LUFileList:>Updating existing content update queue entry: Moniker:
{535CB6A4-441F-4e8a-A897-804CD859100E} 130304048 space required for update is being checked:

03/05 09:27:14.170 [2700] [Content]<CSyLink::IsContentSpaceAvailable>Sufficient disk space available on C:\ to download content {535CB6A4-441F-4e8a-A897-804CD859100E} 130304048

...but after that it mentions GUP:

03/05 09:27:14.170 [2700] [Content]<LUThreadProc---->GUP is in startup wait. Exiting.

...and at the end timeout:

03/05 09:27:41.873 [21784] AH: (InetWaiting) time out. Timeout period: 350000
03/05 09:27:41.873 [21784] Throw Internet Exception, Error Code=9;Internet Session Timeout

Does the liveupdate policy assigned to this client specifies the download source of udpate as GUP? If you want only to point the client to get updates only from SEPM - check only the option for management server.

Rafeeq's picture

Can quickly try this on one of the machine..

Start > RUN > dcomcnfg > Component Services > Right Click on My Computer > Properties >Default Properties tab >Default Impersonation Level > Set to Identify

Ensure the SYSTEM account has both "Local and Remote" access granted, in the "COM Security" tab and Edit Defaults tab.

SEP clients failed to update contents from the SEPM.
EY_ISandT's picture

Hello SebastianZ,

This issue is regarding SEPM Small Business Edition, so I have very limited options in the LiveUpdate policy.  There is no mention of selecting where clients can obtain their updates, only schedule of update frequency.  It is currently set to 4 hours.

I don't see a place where I can change what you recommened.

EY_ISandT's picture


Those instructions refer to an issue with SEPM 11.x.  This in in regards to the last 12.1.2 release (November 2012).  I tried it, and it did not work.  I reverted the settings back to the original state.

EY_ISandT's picture

So I guess no one knows?  I suspect that there is some sort of incompatibility that was introduced with this new version and Small Business Server 2003.  Is there any way that I can obtain the previous SEPM release??? Because that version worked fine.

SebastianZ's picture

If it is no longer available on your fileconnect, you would need contact the Symantec Support to get the previous one.

EY_ISandT's picture

Just to update this post, I managed to locate a previous release of SEPM for Small Business Edition, release 12.1.1 MP1.  Uninstalled 12.1.2 SEPM, and installed this previous release.  All problems resolved.  Clients are now updating without issue.  I didn't even have to reinstall SEP clients.

So I can safely say that SEPM 12.1.2 is NOT compatible with Server 2003 (or at least SBS 2003).

pbtmg's picture


Quick question I hope how do the clients know there are new updates available from the SEPM, its probably in the manual somehere but haven't had chance to find it.

many thanks