Video Screencast Help

SEP - 3rd party content delivery

Created: 24 Aug 2012 | 3 comments

 

Using SEP 12 (latest).

Due to SEP client proxy settings not being persisted on client side (see https://www-secure.symantec.com/connect/forums/sep-121-configuration-values-rollback) we are investigating the ideea of 3rd party content management and delivery for our setup ("unlimited number" of clients each with different proxy settings).

The intention is to have a separate component on client side that would download the content from server side (using the available proxy settings) and then push them to the SEP client.

Current I'm not able to have a POC for this "3rd party content management".
I was not able to have the SEP load the definitions which I manually put in the inbox folder. I've tried the esyest (?) way, to just manually push the full definitions to the client.

Steps so far:

  1. create TPMState (dword) with value 128 (0x80) under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
  2. reboot
  3. copy the index2.dax for my policy under "xxx\inbox"
  4. copy the full AV definitions under the needed folder structure
    xxx\inbox{535CB6A4-441F-4e8a-A897-804CD859100E}\120706036\full.zip 

The files just get into the "xxx\Invalid" folder.

The logs content ("c:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Lue\Logs\Log.Lue") does not help too much, I see some errors but they do not make too much sense nor do I know if they are relevant for this issue. Log below.

 

Does anyone has any ideea on troubleshooting this?

 

Symantec LiveUpdate Engine 2.0.3.6   (Release)

OS: Windows XP Professional 32-bit 
VerInfo: 5.1 
ServicePack: 3.0
LanguageID: 00000409
WinHttp.dll Version: 5.1.2600.6175
TcpMaxDataRetransmissions: 5
----------------------------------------------------------------------------------------------------
Session started at: 2012/08/24 17:18:02.444    (UTC +00:00)
ProcessId: 904, ThreadId: 5980, SessionId: 74
Machine ID: 9DE16F11-3181-B69B-5330-6802B4B2FEE8
Agent Field: SEP/12.1.1101.401 MID/{9DE16F11-3181-B69B-5330-6802B4B2FEE8} SID/74
----------------------------------------------------------------------------------------------------
  Component: Moniker: {535CB6A4-441F-4e8a-A897-804CD859100E}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
  Component: Moniker: {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.Error, L: SymAllLanguages.
  Component: Moniker: {6F678702-6A34-479b-9166-2C2EA45C68E4}, P: SESC AntiVirus Client Win32, V: 12.1, L: English.
  OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} returned 0x0
  Server selection complete. Server is HTTP://teleservice2.roche.com/SEP on port 80.
  OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} returned 0x0
  OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} returned 0x0
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 500
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 500
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 500
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 500
* OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} failed; err = 0x80004005
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 517
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 517
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 517
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 517
* Callback {72DA128F-2591-43f2-B272-29DA5452A197} is a PostSession callback. Callback Failed. Result -2147467259
* Update Failed - PostSession for moniker {535CB6A4-441F-4e8a-A897-804CD859100E}
* Update Failed - PostSession for moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}
  Update for moniker: {535CB6A4-441F-4e8a-A897-804CD859100E}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages, package: 1345679428jtun_sep12ennful26.m26, SeqName: CurDefs, SeqNum: 120822019, has update status code: 208
* Reporting error: 0x80004005 Update failed PVL=SEPC Virus Definitions Win32 v12.1 MicroDefsB.CurDefs SymAllLanguages
* PostSession Callbacks Failed. Update status code for moniker {535CB6A4-441F-4e8a-A897-804CD859100E}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages is: 0x      D0.
  Update for moniker: {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.Error, L: SymAllLanguages, package: 1342510013jtun_sep12ennful26.m26, SeqName: HubDefs, SeqNum: 120716018, has update status code: 208
* Reporting error: 0x80004005 Update failed PVL=SEPC Virus Definitions Win32 v12.1 MicroDefsB.Error SymAllLanguages
* PostSession Callbacks Failed. Update status code for moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.Error, L: SymAllLanguages is: 0x      D0.
  ***** Session Results *****
  Total Updates Available: 2
  Total Updates Succeeded: 0
  Total Updates Succeeded - Reboot Req: 0
  Total Updates Skipped: 0
  Total Updates Failed: 2
  RunLiveUpdate result code: 0x00000000
  Session max recursion count = 1
* Fail to submit error report: 0x80070422
----------------------------------------------------------------------------------------------------
Session ended at: 2012/08/24 17:19:51.741    (UTC +00:00)

 

 

See the folowing references

 

http://www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO26819

http://www.symantec.com/business/support/index?page=content&id=TECH106028

http://www.symantec.com/business/support/index?page=content&id=TECH106032

 

Comments 3 CommentsJump to latest comment

Chetan Savade's picture

Hi,

Why don't you use GUP feature to delive SEP contents. However for the delivery of setup.exe you can use third party software. 

Check the following article as well.

How to upgrade a client from a non-manager server using the "Download the client package from the following URL (http or https)" option.

http://www.symantec.com/docs/TECH106181

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

florin.d's picture

Due to the different configurations of each client and network restrictions in place.

Mithun Sanghavi's picture

Hello,

I would suggest you to check this Article:

Troubleshooting Content Delivery to the Symantec Endpoint Protection client

http://www.symantec.com/docs/TECH106034

Hope that helps!!
 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.