Endpoint Protection

 View Only
  • 1.  SEP alternative liveupdate servers

    Posted Jan 23, 2012 06:30 AM

    I am using SEP 11 and have 2 alternative LU-servers which I have setup as http://www.symantec.com/business/support/index?page=content&id=TECH103706

    The problem is that this is only for the situation "If one server goes off-line, the other server provides support." 

    My LU-servers are not going offline they are having problems updating definitions, so if my source servers are LU-Server1 and LU-Server2 and LU-Server1 is not downloading correctly, the AV-servers are not going to check for definitions on LU-Server2.

    The reply from LU-Server1 is that the definitions are up-to-date, which is somewhat correct because the definitions on the AV-server and LU-Server1 are the same, despite the fact that LU-Server1 has old definitions.

    How do I get the AV-server to check both LU-servers without having to change the order of the LU-servers manually ?

    Of course the LU-servers should both be updated correctly but I see this problem often that one of them are not able to update, which is why I want this to be handled automatically.



  • 2.  RE: SEP alternative liveupdate servers

    Trusted Advisor
    Posted Jan 23, 2012 07:11 AM

    Hello,

    The Technical KB Article you are working on is specifically used for SEPM Liveupdate policies.

    Whereas, you need to add the LUA server in the Client Liveupdate Policies.

     

    Once you add 2 LUA server in the Client Liveupdate Policies, the clients would update on its own if LU Server 1 goes down.

    Hope that helps!!



  • 3.  RE: SEP alternative liveupdate servers

    Posted Jan 23, 2012 09:06 AM

    ...and as far as I can tell, there is no option within the SEPM to make sure it checks all your LUA's for updates all the time.  The best I can advise at the moment is to ensure you have upgraded to the latest LUA (v2.3.1) and enable the alerting options so that you are notified if a download schedule ever fails.

    #EDIT# After thinking it over, there is another option available to you outside of LUA, and that is to use DNS round-robin to alternately point your SEPM/SEP Clients at a different LUA each time.  This assumes both LUAs use the same ports for their respecitive distribution centres.



  • 4.  RE: SEP alternative liveupdate servers

    Posted Jan 23, 2012 07:01 PM

    I don't think it's going to do what you want it to do. It's only going to check LUA #2 if it fails to connect to LUA #1. If the client connects but LUA #1 has nothing new to offer, that's not considered a failure.

    sandra



  • 5.  RE: SEP alternative liveupdate servers

    Posted Jan 24, 2012 05:28 AM

    Hi Sahlsa,

    >My LU-servers are not going offline they are having problems updating definitions, so if my source >servers are LU-Server1 and LU-Server2 and LU-Server1 is not downloading correctly, the AV-servers are >not going to check for definitions on LU-Server2.

    Can I ask a bit more about your environment? 

    1. Are these LUA 2.x internal LiveUpdate servers, or the older LUAU 1.x?  Can you supply the exact version?
    2. Are the SEPMs retrieving definitions from the internal source servers, or is it the SEP clients?  Or both?
    3. Do both of the internal LU serevrs download directly from the internet, or does one download from the other?

    Here is an article which gives some recommendations about how to best use LUA....

    A Helpful LiveUpdate Administrator 2.x Analogy
    https://www-secure.symantec.com/connect/articles/helpful-liveupdate-administrator-2x-analogy
     

    Most companies only ever need one LUA server, which then distributed to as many Distribution Centers as are needed (up to 100).  Please do update this thread with some additional details and the experienced admins here on the forum may be able to provide some advice as how best to configure your network's update architecture.

    Hope this helps!

    Mick



  • 6.  RE: SEP alternative liveupdate servers

    Posted Jan 25, 2012 06:01 AM

    Hi,

    that is also the setup I have made, added both LU-servers as Internal Liveupdate servers, but the "problem" is that my LU-server does not go down, it still works but the def-files are not updated.



  • 7.  RE: SEP alternative liveupdate servers

    Trusted Advisor
    Posted Jan 25, 2012 07:18 AM

    Hello,

    What version of LUA are you carrying?

    Make sure you are carrying the Latest version of LUA 2.3

    Check Mick's Suggestion below.

    Hope that helps!!