Hello!
I have a SEP management server ver. 11.0.6005.562 on Windows 2003 x64. It manages 2 networks - local and remote connected via low-bandwidth ipsec tunnel. Local clients's LU policy is set to get virus definitions from the default management server, the other one force remote clients to take updates directly from internet due to bandwidth limitations.
Few days ago I started to get that famous "Sesclu event id 13" error in system logs. Sometimes clients get updates, sometimes not.
It seems like I've tried almost all reffering to KB and this forum - cleared broken definitions, reassigned policies, reinstalled LU and re-registred SEPM with LU, tried to use Intelligent Updater and so on, but I'm still getting this error. After 3 days of trying to get rid of it I'm almost giving up.
Here are come suspicious strings from LU log, right on that time when event 13 is registered in windows logs :
16.11.2011, 10:54:01 GMT -> LuComServer version: 3.3.0.107
16.11.2011, 10:54:01 GMT -> LiveUpdate Language: RUSSIAN
16.11.2011, 10:54:01 GMT -> LuComServer Sequence Number: 20110526
16.11.2011, 10:54:01 GMT -> OS: Windows 2003 Standard, Service Pack: 2, Major: 5, Minor: 2, Build: 3790 (64-bit)
16.11.2011, 10:54:01 GMT -> System Language:[0x0419], User Language:[0x0419]
16.11.2011, 10:54:01 GMT -> IE8 support.
16.11.2011, 10:54:01 GMT -> ComCtl32 version: 6.0
16.11.2011, 10:54:01 GMT -> IP Addresses: 192.1.2.2, 192.168.3.100
16.11.2011, 10:54:01 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
16.11.2011, 10:54:01 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
16.11.2011, 10:54:01 GMT -> Account launching LiveUpdate is not a logged in user's account
16.11.2011, 10:54:01 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
16.11.2011, 10:54:01 GMT -> LiveUpdate flag value for this run is 0
16.11.2011, 10:54:01 GMT -> ProductRegCom/luProductReg(PID=5748/TID=8540): Successfully created an instance of an luProductReg object!
16.11.2011, 10:54:01 GMT -> ProductRegCom/luProductReg(PID=5748/TID=8540): Path for calling process executable is C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe.
16.11.2011, 10:54:01 GMT -> ProductRegCom/luProductReg(PID=5748/TID=8540): Setting property for Moniker = {4F889C4A-784D-40de-8539-6A29BAA43139}, PropertyName = LU_SESSION_OPTOUT, Value = YES
16.11.2011, 10:54:01 GMT -> ProductRegCom/luProductReg(PID=5748/TID=8540): Set property error -- Moniker {4F889C4A-784D-40de-8539-6A29BAA43139} is not found.
16.11.2011, 10:54:01 GMT -> ProductRegCom/luProductReg(PID=5748/TID=8540): Setting property for Moniker = {6062B9BA-E8F2-4e5c-97B9-8B669A14AFC1}, PropertyName = LU_SESSION_OPTOUT, Value = YES
16.11.2011, 10:54:01 GMT -> ProductRegCom/luProductReg(PID=5748/TID=8540): Set property error -- Moniker {6062B9BA-E8F2-4e5c-97B9-8B669A14AFC1} is not found.
16.11.2011, 10:54:01 GMT -> ProductRegCom/luProductReg(PID=5748/TID=8540): Destroyed luProductReg object.
16.11.2011, 9:04:44 GMT -> EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU at path C:\PROGRAM%20FILES%20(X86)\SYMANTEC\SYMANTEC%20ENDPOINT%20PROTECTION\SMCLU\CONTENT.ZIP0000 via a LAN connection. The server connection attempt failed with a return code of 1814, Программе LiveUpdate не удалось получить файл каталога доступных обновлений продуктов и компонентов Symantec.
16.11.2011, 9:41:51 GMT -> LuComServer version: 3.3.0.107
16.11.2011, 9:41:51 GMT -> LiveUpdate Language: RUSSIAN
16.11.2011, 9:41:51 GMT -> LuComServer Sequence Number: 20110526
16.11.2011, 9:41:51 GMT -> OS: Windows 2003 Standard, Service Pack: 2, Major: 5, Minor: 2, Build: 3790 (64-bit)
16.11.2011, 9:41:51 GMT -> System Language:[0x0419], User Language:[0x0419]
16.11.2011, 9:41:51 GMT -> IE8 support.
16.11.2011, 9:41:51 GMT -> ComCtl32 version: 6.0
16.11.2011, 9:41:51 GMT -> IP Addresses: 192.1.2.2, 192.168.3.100
16.11.2011, 9:41:51 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
16.11.2011, 9:41:51 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
16.11.2011, 9:41:51 GMT -> Account launching LiveUpdate is not a logged in user's account
16.11.2011, 9:41:51 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
16.11.2011, 9:41:51 GMT -> LiveUpdate flag value for this run is 0
16.11.2011, 9:41:51 GMT -> **** Starting a Silent LiveUpdate Session ****
16.11.2011, 9:41:51 GMT -> *********************** Start of New LU Session ***********************
16.11.2011, 9:41:51 GMT -> The command line is -S -temphostex "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smclu\content.zip0000" -M{CC40C428-1830-44ef-B8B2-920A0B761793} -updateoptout=yes
16.11.2011, 9:41:51 GMT -> ***** This LiveUpdate session is running in TempHostEx mode. *****
16.11.2011, 9:41:51 GMT -> TempHostEx moniker is {CC40C428-1830-44EF-B8B2-920A0B761793}
16.11.2011, 9:41:52 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Silent Mode.
16.11.2011, 9:41:52 GMT -> Progress Update: HOST_SELECTION_ERROR: Error: 0x802A0027
16.11.2011, 9:41:52 GMT -> LiveUpdate did not find any new updates for the given products.
16.11.2011, 9:41:52 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install. The LiveUpdate session exited with a return code of 1814, Программе LiveUpdate не удалось получить файл каталога доступных обновлений продуктов и компонентов Symantec.
16.11.2011, 9:41:52 GMT -> IE8 support.
16.11.2011, 9:41:52 GMT -> *********************** End of LU Session ***********************
The folder C:\PROGRAM FILES (X86)\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU is empty and does not contain any files.
I need help with this, thanks in advance.