Endpoint Protection

We are running Symantec Endpoint Protection Manager v.11.  For some odd reason, this product does not allow client updates to be scheduled when clients use the default management server to receive updates.  We have some computers that must be updated on a schedule, so I installed LiveUpdate Administrator on another server and configured a policy for those computers to get their updates from the LUA server.  This works fine, but now the clients in the original policy don't get updates from the default management server.  They seem to believe that they have the latest updates.  The shield has the green dot and status says "Your computer is protected," but the date of the virus definitions is two days old. The management server also seems to think it has the latest updates.  If I highlight the site and click "Download LiveUpdate Content," it says everything is up to date.  If I remove the policy containing the LUA server and restart the SEP services, the management server and clients update correctly again.  What could be wrong?  Isn't SEP supposed to be able to do this? 

I would suggest enabling sylink logging on one of the affected clients to see what is going on:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

does it happen if the same policy is in place? have you tried deleting the client definition and try to update?

Did you point the SEPM to get the updates from LUA as well (SEPM Site properties)? If yes, is LUA configured to download and dirstribute the updates for SEPM as well?

"Thumbs up" to Sebastian, this sounds to fit the scenario to me.  Just in case though, here's a handy article on troubleshooting the SEPM's update mechanism (and how it fits into the scheme of things):

http://www.symantec.com/docs/TECH105924

http://www.symantec.com/docs/TECH95790

Hi Glenn,

For some odd reason, this product does not allow client updates to be scheduled when clients use the default management server to receive updates.

You may wish to cast a vote for the following enhancement request:

https://www-secure.symantec.com/connect/idea/gup-definition-schedule

Now: I understand that it's desired to have some of the SEP 11 clients go to the SEPM for their updates, and some of the SEP clients to go to the LUA 2.x server for updates. Is that currently configured in the LiveUpdate policies?  (The LUA-only policy applied to the correct client group?)  Or did you configure those by dropping a settings.hosts.liveupdate file on the SEP clients?  (Was one dropped on the SEPM, by any chance?)

Is the SEPM itself still configured to go looking to the Internet LU source servers for updates, or is it configured to go to the LUA 2.x server as well?  Check this KB and make sure the SEPM still knows to look to the Internet:

How to configure LiveUpdate to use alternate sources through the Symantec Endpoint Protection Manager Console
http://www.symantec.com/docs/TECH103706 
 

BTW: do be sure that you are running the very latest release of SEP 11, SEP 11 RU7 MP3. 

Please do keep this thread up-to-date with your progress!

Mick

When I first noticed the problem, the SEPM was still set to receive updates from the default Internet source.  I tried configuring it to receive updates from my new LUA server.  At first this seemed to work, as the SEPM and its clients were updated once.  After that the SEPM and its clients were not updated again.

As mentioned above, clients are directed to receive updates from SEPM or LUA depending on policy settings.  I did not drop a settings.hosts.liveupdate file anywhere.

Does this actually work?  Does anyone have it set up and working currently?

Mick, I think using a GUP server would just complicate things.  What I really need is a way to schedule client updates in the SEPM itself, just as it can be done in LUA.

Thanks for the reply, Glenn.

Don't add a GUP.  Vote for the enhancement request.  &: )   It's currently not possible to schedule updates that come from the SEPM or GUP.

If the SEPM is configured to retrieve new materials from the LUA server, check the LUA server to ensure it is downloading the correct SEP 11 "SESM" materials. 

Post the latest entry from the SEPM's log.liveupdate if you get the chance- that will have full details on what it wants, where it is going, and what it is finding there!

All the best,

Mick

Hi

Can you repair the clients and update

Regards

This seems to be resolved now.  I removed the LUA policy, restarted the SEPM server and the LUA server, rebuilt the LUA policy, and restarted Symantec services on the SEPM server.  The only difference between this attempt and the last one was restarting the Symantec services.

Mick, I don't think voting for the GUP enhancement has much relevance here.  There is another request more to the point:

https://www-secure.symantec.com/connect/idea/scheduling-option-updates-without-lu-server