Video Screencast Help

SEP clients not getting A/V def. updates from SEPM server.

Created: 05 Dec 2013 | 9 comments

I'm having an issue with some of my SEP clients not updating A/V definitions from the SEPM server. They call all ping the SEPM server but for some reason, some workstations are not getting the latest virus def. When I launch the SEPM console, the semsvc CPU usage jumps between 30%-60% and it slows to a crawl. The communication settings are set to Push mode with heartbeat interval set on 5 minutes. Even when right click one of the troublesome machines on the Clients section and select Update Content, it shows that it completes but the client machines still reads antivirus and antispyware definitons are out of date On the smc-server-0.log, there area bunch of these errors:

SEVERE: Error while extracting full content under c:\program files\symantec\symantec endpoint protection manager\tomcat\..\inetpub\content\xxxxxxxxxxxxxxxxxxxxxxxxxxxx\xxxxxxxx\Full

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

Any similarity to this one here?

https://www-secure.symantec.com/connect/forums/upd...

Did this just start?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GaryLeung's picture

Been doing this for a few days actually and I don't have that error on the link you provided. Mine reads:

December 5, 2013 1:09:16 PM EST:  LUALL.EXE finished running.  [Site: NY]  [Server: SERVERNAME]

December 5, 2013 1:09:13 PM EST:  LiveUpdate will start next on Thursday, December 5, 2013 5:09:13 PM EST on SERVERNAME.  [Site: NY]  [Server: SERVERNAME]
December 5, 2013 1:09:12 PM EST:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: NY]  [Server: SERVERNAME]
December 5, 2013 1:05:21 PM EST:  Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date.    [Site: NY]  [Server: SERVERNAME]
December 5, 2013 1:04:14 PM EST:  Symantec Endpoint Protection Win64 11.0.6100.645 (English) is up-to-date.    [Site: NY]  [Server: SERVERNAME]
December 5, 2013 1:03:32 PM EST:  Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date.    [Site: NY]  [Server: SERVERNAME]
December 5, 2013 1:02:42 PM EST:  Symantec Endpoint Protection Win32 11.0.6100.645 (English) is up-to-date.    [Site: NY]  [Server: SERVERNAME]
December 5, 2013 1:01:22 PM EST:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: NY]  [Server: SERVERNAME]
.Brian's picture

Check this article:

http://www.symantec.com/docs/TECH95830

See if you see similar entries in the log.liveupdate file. You may just need to re-register SEPM with LU.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GaryLeung's picture

Don't see any entry referenced in that link. But I've attached it for someone else to inspect.

AttachmentSize
Log.zip 249.21 KB
GaryLeung's picture

Here are some more details I found from the smc-server-0.log:

SEVERE: Error, unable to create temp extraction dir: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\..\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}\131201021\Full.tmp.DeltaTask

SEVERE: Error while extracting full content under C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\..\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\131108018\Full

I also got this:

2013-12-02 10:25:44.436 SEVERE: Unknown Exception in: com.sygate.scm.server.statereader.av.StateHandler
java.sql.SQLException: Violation of PRIMARY KEY constraint 'PK_PATTERN'. Cannot insert duplicate key in object 'sem5.PATTERN'. The duplicate key value is (F88219BC07D678A96147E1901C5E0119).
at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:364)
at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2754)
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2195)
at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(TdsCore.java:625)
at net.sourceforge.jtds.jdbc.JtdsStatement.processResults(JtdsStatement.java:483)
at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL(JtdsStatement.java:445)
at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.execute(JtdsPreparedStatement.java:456)
at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:169)
at com.sygate.scm.server.logreader.av.PatternTableHandler.getIndex(PatternTableHandler.java:316)
at com.sygate.scm.server.statereader.av.StateHandler.processMoniker(StateHandler.java:303)
at com.sygate.scm.server.statereader.av.StateHandler.process(StateHandler.java:245)
at com.sygate.scm.server.statereader.StateHandlerWorker.processStateData(StateHandlerDispatcher.java:275)
at com.sygate.scm.server.statereader.StateHandlerWorker.run(StateHandlerDispatcher.java:236)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)

.Brian's picture

We're probably going to need to more granular logging. See here on how to turn on:

http://www.symantec.com/docs/TECH102413

Have you tried a repair of the SEPM?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Beppe's picture

Hello,

how much free disk space you have left there?

 

Regards,

Giuseppe

.Brian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.