Endpoint Protection

Hi There

Running SEP 11.0.6, all clients are also SEP 11.0.6

I am using the multiple GUP policy.   I have 3 GUP's setup which are on the same subnet as the clients trying to get updates, they never seem to update from the GUP(s).  I have a "try GUP for 30 days" due to the fact that these machines sit over a very slow WAN link, If they talk directly to either of the management servers, they get updates with no issues, this however is a bad idea as it tends to overload the WAN link which is why we have to use the GUP option.  I've run the sylink tool when a machine was trying to use the GUP, i have pasted the information below:

04/25 14:46:19 [2120] </CHttpFileDownload::getRemainingBytesToDownload()>
04/25 14:46:19 [2120] <CHttpConnector::SendRequest()>
04/25 14:46:19 [2120] Request> http://10.1.1.10:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/100425019/xdelta100420008.dax
04/25 14:46:40 [2120] SendRequest() failed.
04/25 14:46:40 [2120] </CHttpConnector::SendRequest()>
04/25 14:47:09 [2120] </CHttpFileDownload::Do()>
04/25 14:47:09 [2120] <LUDownloader::GetContentToFile> completed.
04/25 14:47:09 [2120] <CHttpFileDownload::~CHttpFileDownload()>
04/25 14:47:09 [2120] </CHttpFileDownload::~CHttpFileDownload()>
04/25 14:47:09 [2120] <LUThreadProc>LU file download failed due to HTTP error:0
04/25 14:47:09 [2120] <SetupTempLUFilePath:>NEW download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{C60DC234-65F9-4674-94AE-62158EFCA433}1004250191004200087.TMP
04/25 14:47:09 [2120] <CHttpFileDownload::CHttpFileDownload()>
04/25 14:47:09 [2120] </CHttpFileDownload::CHttpFileDownload()>
04/25 14:47:09 [2120] <CHttpFileDownload::Do()>
04/25 14:47:09 [2120] <CHttpFileDownload::getRemainingBytesToDownload()>
04/25 14:47:09 [2120] Remaining bytes to download: 1174247
04/25 14:47:09 [2120] </CHttpFileDownload::getRemainingBytesToDownload()>
04/25 14:47:09 [2120] <CHttpConnector::SendRequest()>
04/25 14:47:09 [2120] Request> http://10.1.1.61:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/100425019/xdelta100420008.dax
04/25 14:47:11 [2112] <CSyLink::mfn_DownloadNow()>
04/25 14:47:11 [2112] </CSyLink::mfn_DownloadNow()>
04/25 14:47:30 [2120] SendRequest() failed.
04/25 14:47:30 [2120] </CHttpConnector::SendRequest()>
04/25 14:47:30 [2120] </CHttpFileDownload::Do()>
04/25 14:47:30 [2120] <LUDownloader::GetContentToFile> completed.
04/25 14:47:30 [2120] <CHttpFileDownload::~CHttpFileDownload()>
04/25 14:47:30 [2120] </CHttpFileDownload::~CHttpFileDownload()>
04/25 14:47:30 [2120] <LUThreadProc>LU file download failed due to HTTP error:0
04/25 14:47:30 [2120] <SetupTempLUFilePath:>NEW download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{C60DC234-65F9-4674-94AE-62158EFCA433}1004250191004200087.TMP
04/25 14:47:30 [2120] <CHttpFileDownload::CHttpFileDownload()>
04/25 14:47:30 [2120] </CHttpFileDownload::CHttpFileDownload()>
04/25 14:47:30 [2120] <CHttpFileDownload::Do()>
04/25 14:47:30 [2120] <CHttpFileDownload::getRemainingBytesToDownload()>
04/25 14:47:30 [2120] Remaining bytes to download: 1174247
04/25 14:47:30 [2120] </CHttpFileDownload::getRemainingBytesToDownload()>
04/25 14:47:30 [2120] <CHttpConnector::SendRequest()>
04/25 14:47:30 [2120] Request> http://10.1.1.77:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/100425019/xdelta100420008.dax
04/25 14:47:51 [2120] SendRequest() failed.
04/25 14:47:51 [2120] </CHttpConnector::SendRequest()>
04/25 14:47:51 [2120] </CHttpFileDownload::Do()>
04/25 14:47:51 [2120] <LUDownloader::GetContentToFile> completed.
04/25 14:47:51 [2120] <CHttpFileDownload::~CHttpFileDownload()>
04/25 14:47:51 [2120] </CHttpFileDownload::~CHttpFileDownload()>
04/25 14:47:51 [2120] <LUThreadProc>LU file download failed due to HTTP error:0

As you can see, the policy tried to get to those 3 machines, yet failed to do so.  I can confirm that in the SEP Manager that all three PC's state that they are GUP's



What I can also prove is that if I open up Internet Explorer and paste in the url which it errored on:  http://10.1.1.10:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/100425019/xdelta100420008.dax i receive the following:



Can you please give some advice on what else I can try? Is there some setting in Live update that could be causing this issue?

In Control Panel symantec liveupdate change to interactive mode and try.Also assure that here for both ftp and http you selected use the same settings of IE option only.

esnure that there is no proxy nor firewall betweenthe clients and the GUP machine.

both HTTP and FTP settings are using IE explorer settings.  Interactive mode / Express mode makes no difference.  If run C:\program files\symantec\liveupdate\luall.exe it will download updates fine, but that is because it goes off to the internet, i'm trying to get it to use the Group Update Provider.

The wpad.dat file specified in the proxy has an exception for 10.*.*.* addresses which the GUP is located on.  I can also telnet from the client machine to the gup on 2967 and it connects fine.  The windows firewall is off and the SEP Firewall has a rule to specifically allow GUP traffic both ways.

did you check if the policy NTP has been applied on the clients ( allow GUP traffic)?

are the clients too on RU 6/5?

 

Yes the policy serial number for the group is: 

8BBE-05/03/2010 21:38:30 532

I can confirm that on both the GUP(s) and the client trying to connect that they all have
8BBE-05/03/2010 21:38:30 532.  I checked by going to the Troubleshooting page on the SEP client (rather than relying on what was reported on the SEP Manager server).  I can confirm that all the clients are on RU 6.