Endpoint Protection

I am having a problem with Symantec Endpoint Protection (SEP) managed clients receiving updates from the Symantec Endpoint Protection Manager (SEPM).

The SEPM and clients are on an isolated network that doesn't have internet access.  The SEPM server has recent updates (2012-02-02) from the downloaded JDB file (http://www.symantec.com/business/support/index?page=content&id=TECH102607). 

I initally encountered this problem with SEPM 11 RU6a (11.0.6005.562).  After hours of research and troubleshooting, it appeared that an upgrade to the newest version of SEPM would resolve the problem.  I unisntalled SEPM 11 RU6a (and deleted the SEM5 database) , uninstalled SEP from the clients, and restarted.  After installing SEPM 11 RU7 MP1 (11.0.7101.1056), updating the definifitons, configuring the groups, users, policies and deploying to clients, the clients still fail to dowload updates.

The clients are communicating with the SEPM. They recieve policy, but don't update content.

I enabled the Sylink monitor debugging (http://www.symantec.com/business/support/index?page=content&id=TECH103369&locale=en_US) and here is an excerpt of the log:

 02/14 20:20:03 [3304] <LUThreadProc>@@@@@@@@@ LU DEBUG ONLY- Download file failed due to wrong file size.
 FileName:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{1CD85198-26C6-4bac-8C72-5D34B025DE35}1202020021.TMP Expected file size: 164989324
02/14 20:20:03 [3304] SyLinkDeleteConfig => Deleting instance: 00000000036319F0
02/14 20:20:03 [3304] </CSyLink::LUThreadProc()> 

This link (which is commonly suggested as a resolution to this type of error doens't apply or resolve the problem (http://www.symantec.com/business/support/index?page=content&id=TECH105695&locale=en_US).

It nice that a product, out of the box, doesn't function. Good work.

is the client on SEP 11 RU 7 MP1?

is the client to get the updates from SEPM or GUP?

is it possible to upgrade GUP to also the latest version if it has not been done.

Hi,

the article mentioned by you is usually appropriate for this error.

The size of  the file is wrong because something between the client and the manager altered it, for example a proxy able to unzip, scan and zip again the files.

You really need to focus on the route taken by content updates, Wireshark will help you.

Yes, the client is SEP 11 RU7 MP1. 

The client is configured to get updates from the SEPM (not a GUP).

Usually is fine, but in this case, it doesn't resolve the problem.

The SEPM is also a client. It can't update its own definitions.

There are no proxies between the server and workstation. I doubt that a wireshark would help. There are no other network problems that indicate packet dropage.

Hi,

- Please go to: Control Panel --> Symantec LiveUpdate --> Update Cache tab

- Send the values for Maximum Cache Size and Current Cache Size

- Do this on the SEPM and some a few clients

I change the Update Cache - Maximum Cache Size from 2,000 MB to 3,999 MB.

The Current Cache Size is 0.00 MB

From the client, I iniated an Content Update. It failed with the same error message.

are there SEPM's in load balance ?

can you pass on full sylink log?

Hi,

The error message you're getting is very popular in the presence of proxies. Maybe there is one? The ISA Firewall Client maybe installed? Anyway, if you could provide the full LU log file of SEPM it would be a great help.

Also, I always blame the LU component for 90% of problems with SEP, so please follow the steps in the KB article below and see how it goes:

http://www.symantec.com/docs/TECH138384

If this fixes it and correctly updates definitions for the SEP client installed on SEPM, then the problem will be most probably that LU was not completely removed when you uninstalled SEP from your client machines to do the upgrade.

HTH

The SEP client installed on the SEPM does not work differently than other clients. If there is something in the middle, it is usually true for that client as well.

You don't need a packet dropage to get that issue, it is enough that, for example, a proxy is unzipping the liveupdate files, scan them and zip again. A wireshark capture is still worth, is there is no proxy, you will see if the communication is altered by something else.

There is only one SEPM.

Here is the Sylink log:

02/14 20:04:57 [7352] ~~~Sylink log started. (SEP Product Version in registry: 11.0.7101.1056, Sylink File Version: 11.0.7101.89)
02/14 20:04:57 [7352] Stored HostGUID=1AE359EB0A4009E20185E155B1921983; outlen=16
02/14 20:04:57 [7352] <RestoreSettings>Stored UserGuid=0; outlen=2
02/14 20:04:57 [7352] <mfn_DecodeSSN>Sygate-SSN=11
02/14 20:04:57 [7352] <mfn_DecodeSSN>Read CSN=12
02/14 20:04:57 [7352] <mfn_DecodeSSN>Sygate-SSN=4
02/14 20:04:57 [7352] <mfn_DecodeSSN>Read CSN=5
02/14 20:04:57 [7352] Product Type=2,Major Ver=6,Minor Ver=1,Platform ID=18,OSType=33947922
02/14 20:04:57 [7352] OS=Windows Server 2008 Standard Edition; number=6.1.7601
02/14 20:04:57 [7352] SyLinkCreateInstance => Instance created: 0000000004BB6E70 Registry path: SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK
02/14 20:04:57 [7352] <GetOnlineNicInfo>:Netport Count=1
02/14 20:04:57 [7352] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.2" Mac="e4-1f-13-c1-12-56" Gateway="192.168.0.1" SubnetMask="255.255.255.240"/></SSANICs>
02/14 20:04:57 [7352] SyLinkCreateConfig => Created instance: 0000000004B50080
02/14 20:04:57 [7352] UseNewConfig => Created m_hNewConfig: 0000000004B50080
02/14 20:04:57 [7352] Importing ConfigObject: 0000000003718630 into: 0000000004B50080
02/14 20:04:57 [7352] Importing ConfigObject: 0000000003718630 into: 000000000371E630
02/14 20:04:57 [7352] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
02/14 20:04:57 [7352] SSA packageType is set as 105
02/14 20:04:57 [7352] SyLinkDeleteConfig => Deleting instance: 0000000003718630
02/14 20:04:57 [7352] <SetHiStatus>HI status is changed to=3; reason=105; rule=Host Integrity check is disabled.
 Host Integrity policy has been disabled by the administrator.
02/14 20:04:57 [7352] SyLinkCreateConfig => Created instance: 0000000004D6C3D0
02/14 20:04:57 [7352] SetCurLocationName: Name is set to - Default
02/14 20:04:57 [7352] SetCurLocationID: ID is set to - 598087CF0A4009E200EC8597B7DF1D24
02/14 20:04:57 [7352] SyLinkCreateConfig => Created instance: 0000000004E1B540
02/14 20:04:57 [7352] RemeberCurrentGroup=0,RememberCurrentPolicyMode=0
02/14 20:04:57 [7352] Importing ConfigObject: 0000000004E1B540 into: 0000000004B50080
02/14 20:04:57 [7352] Importing ConfigObject: 0000000004E1B540 into: 000000000371E630
02/14 20:04:57 [7352] <PostEvent>stopping...ignore event ID=EVENT_SYLINK_CONFIG_SETTING_CHANGED
02/14 20:04:57 [7352] SyLinkDeleteConfig => Deleting instance: 0000000004E1B540
02/14 20:04:57 [7352] SyLinkDeleteConfig => Deleting instance: 0000000004D6C3D0
02/14 20:04:57 [4040] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
02/14 20:04:57 [7352] <CSyLink::Start()>
02/14 20:04:57 [7352] <Start>PreferredGroup in sylink.xml has been saved into registry: My Company\Project
02/14 20:04:57 [7352] <Start>PreferredMode in sylink.xml has been saved into registry: 1
02/14 20:04:57 [7352] <CSyLink::ImportConfigFile()>
02/14 20:04:57 [7352] </CSyLink::ImportConfigFile()>
02/14 20:04:57 [7352] <GetDomainHostName>msz_DomainName is taken from szDomainName
02/14 20:04:57 [7352] <GetDomainHostName>DomainName (Final)=Domain.Project.org
02/14 20:04:57 [7352] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87
02/14 20:04:57 [6312] <HeartbeatThreadProc:>Thread is about to begin..
02/14 20:04:57 [7228] Successfully created the heartbeat thread
02/14 20:04:57 [7352] <Start>Started, contact SMS every 300 seconds
02/14 20:04:57 [7352] <PostEvent>going to post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED
02/14 20:04:57 [7352] <PostEvent>done post event=EVENT_SYLINK_CONFIG_SETTING_CHANGED, return=0
02/14 20:04:57 [7352] </CSyLink::Start()>
02/14 20:04:57 [6948] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
02/14 20:04:57 [7352] <SetClientAuth>Received new User/Domain from SMC..  User: xAdministrator User Domain: Domain
02/14 20:04:57 [7352] <SetClientAuth>Getting FQDN from XP or later OS.
02/14 20:04:57 [7352] <GetLoginFqdn>user_name's length is: 15
02/14 20:04:57 [7352] <GetLoginFqdn>domain_name's length is: 10
02/14 20:04:57 [7352] <GetLoginFqdn>The sessions' total amount we get:36
02/14 20:04:57 [7352] <GetLoginFqdn>OS version is: Windows Server 2008 Standard Edition
02/14 20:04:57 [7352] <GetLoginFqdn>OS version is not Win2K!
02/14 20:04:57 [7352] <GetLoginFqdn>User xAdministrator FQDN name is Domain.Project.org
02/14 20:04:57 [7352] <SetClientAuth>Setting the User Domain to RDNS Domain ..
02/14 20:04:57 [7352] <SetClientAuth>Logged in user info set to: Domain.Project.org/xAdministrator
02/14 20:04:57 [7352] <SetClientAuth>Marking User Change Notify to redo registration..
02/14 20:04:58 [6312] <EncodeHelper::DecryptUrl>
02/14 20:04:58 [6312] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/14 20:04:58 [6312] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
02/14 20:04:58 [6312] <Add2LUFileList:>Adding LU Info to LU Download File List: {1CD85198-26C6-4bac-8C72-5D34B025DE35}120202002
02/14 20:04:58 [6312] <CheckHeartbeatTimer>====== Heartbeat loop starts at 20:04:58 ======
02/14 20:04:58 [6312] <GetOnlineNicInfo>:Netport Count=1
02/14 20:04:58 [6312] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.2" Mac="e4-1f-13-c1-12-56" Gateway="192.168.0.1" SubnetMask="255.255.255.240"/></SSANICs>
02/14 20:04:58 [6312] <HWID CSyLink::GetHardwareKey> Get Hardware ID
02/14 20:04:59 [6312] <HWID CSyLink::GetHardwareKey> Hardware ID assigned: 9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:04:59 [4040] SyLinkCreateConfig => Created instance: 00000000035E73E0
02/14 20:04:59 [4040] Importing ConfigObject: 000000000371E630 into: 00000000035E73E0
02/14 20:04:59 [4040] SyLinkDeleteConfig => Deleting instance: 00000000035E73E0
02/14 20:04:59 [6312] <CalcAgentHashKey>:CH=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:04:59 [6312] <CalcAgentHashKey>:CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:04:59 [6312] <CalcAgentHashKey>:C=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org
02/14 20:04:59 [6312] <CalcAgentHashKey>:CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:04:59 [6312] <CalcAgentHashKey>:UCH=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:04:59 [6312] <CalcAgentHashKey>:UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:04:59 [6312] <CalcAgentHashKey>:UC=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org
02/14 20:04:59 [6312] <CalcAgentHashKey>:UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:04:59 [6312] <DoHeartbeat>HardwareID=9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:04:59 [6312] <DoHeartbeat>CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:04:59 [6312] <DoHeartbeat>CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:04:59 [6312] <DoHeartbeat>UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:04:59 [6312] <DoHeartbeat>UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:04:59 [6312] <DoHeartbeat> Set heartbeat event
02/14 20:04:59 [6312] Use new configuration
02/14 20:04:59 [6312] <RegHeartbeatProc>====== Reg Heartbeat loop starts at 20:04:59 ======
02/14 20:05:00 [6312] HEARTBEAT: Check Point 1
02/14 20:05:00 [6312] <GetFirstSEMServer> Selecting a random server
02/14 20:05:00 [6312] HEARTBEAT: Check Point 2
02/14 20:05:00 [6312] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
02/14 20:05:00 [6312] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
02/14 20:05:00 [6312] HEARTBEAT: Check Point 3
02/14 20:05:00 [6312] <RegHeartbeatProc>Setting the session timeout on Profile Session (Registration) to 30000
02/14 20:05:00 [6312] HEARTBEAT: Check Point 4
02/14 20:05:00 [6312] <RegHeartbeatProc>===Registration STAGE===
02/14 20:05:00 [6312] <MakeRegisterData:>logon id (domain/user)=Domain.Project.org/xAdministrator
02/14 20:05:00 [6312] <GeneratePreferredGroupAndModeInRegistration:>Loading current group:My Company\Project
02/14 20:05:00 [6312] <GeneratePreferredGroupAndModeInRegistration:>Loading preferred group:My Company\Project
02/14 20:05:00 [6312] <GeneratePreferredGroupAndModeInRegistration:>Loading preferred mode:1
02/14 20:05:00 [6312] <GeneratePreferredGroupAndModeInRegistration:>It will remember nothing, PreferredGroup is My Company\Project, PreferredMode is 1
02/14 20:05:00 [6312] <MakeRegisterData:>XML data: <?xml version="1.0" encoding="UTF-8" ?><SSARegData NameSpace="rpc"><AgentInfo DomainID="749BF83B0A4009E20043C7DC621C1783" AgentType="105" UserDomain="Domain.Project.org" LoginUser="xAdministrator" ComputerDomain="Domain.Project.org" ComputerName="DomainL70" PreferredGroup="Myompany
read error, exit
02/14 20:05:00 [6312] <SendRegistrationRequest:>SMS return=200
02/14 20:05:00 [6312] <ParseHTTPStatusCode:>200=>200 OK
02/14 20:05:00 [6312] <SendRegistrationRequest:>Content Lenght => 350
02/14 20:05:00 [6312] HTTP returns status code=200
02/14 20:05:00 [6312] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
02/14 20:05:00 [6312] <SendRegistrationRequest:>COMPLETED, returned 0
02/14 20:05:00 [6312] <IsInClientIPorOnLink> NextHop is equal to192.168.0.2,return TRUE
02/14 20:05:00 [6312] <mfn_GetOutIP> Out IP is:192.168.0.2
02/14 20:05:00 [6312] HEARTBEAT: Check Point 5.1
02/14 20:05:00 [6312] <ScheduleNextUpdate>Manually assigned heartbeat=3 seconds
02/14 20:05:00 [6312] <PostEvent>going to post event=EVENT_SERVER_ONLINE
02/14 20:05:00 [6312] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
02/14 20:05:00 [6312] HEARTBEAT: Check Point 8
02/14 20:05:00 [6312] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
02/14 20:05:00 [6312] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
02/14 20:05:00 [6312] <RegHeartbeatProc>====== Registration Procedure stops at 20:05:00 ======
02/14 20:05:00 [6312] HEARTBEAT: Check Point 10
02/14 20:05:00 [6312] HEARTBEAT: Check Point Complete
02/14 20:05:00 [6312] <RegHeartbeatProc>Done, Heartbeat=3seconds
02/14 20:05:00 [6312] <CheckHeartbeatTimer>====== Heartbeat loop stops at 20:05:00 ======
02/14 20:05:04 [6312] <CheckHeartbeatTimer>====== Heartbeat loop starts at 20:05:04 ======
02/14 20:05:05 [6312] <GetOnlineNicInfo>:Netport Count=1
02/14 20:05:05 [6312] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.2" Mac="e4-1f-13-c1-12-56" Gateway="192.168.0.1" SubnetMask="255.255.255.240"/></SSANICs>
02/14 20:05:05 [6312] <CalcAgentHashKey>:CH=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:05:05 [6312] <CalcAgentHashKey>:CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:05:05 [6312] <CalcAgentHashKey>:C=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org
02/14 20:05:05 [6312] <CalcAgentHashKey>:CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:05:05 [6312] <CalcAgentHashKey>:UCH=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:05:05 [6312] <CalcAgentHashKey>:UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:05:05 [6312] <CalcAgentHashKey>:UC=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org
02/14 20:05:05 [6312] <CalcAgentHashKey>:UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:05:05 [6312] <DoHeartbeat>HardwareID=9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:05:05 [6312] <DoHeartbeat>CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:05:05 [6312] <DoHeartbeat>CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:05:05 [6312] <DoHeartbeat>UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:05:05 [6312] <DoHeartbeat>UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:05:05 [6312] <DoHeartbeat> Set heartbeat event
02/14 20:05:05 [6312] Use new configuration
02/14 20:05:05 [6312] <CSyLink::IndexHeartbeatProc()>
02/14 20:05:05 [6312] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 000000000371E630
02/14 20:05:05 [6312] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 20:05:05 ======
02/14 20:05:05 [6312] HEARTBEAT: Check Point 1
02/14 20:05:05 [6312] Get First Server!
02/14 20:05:06 [6312] HEARTBEAT: Check Point 2
02/14 20:05:06 [6312] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
02/14 20:05:06 [6312] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
02/14 20:05:06 [6312] HEARTBEAT: Check Point 3
02/14 20:05:06 [6312] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
02/14 20:05:06 [6312] HEARTBEAT: Check Point 4
02/14 20:05:06 [6312] <IndexHeartbeatProc>===Get Index STAGE===
02/14 20:05:06 [6312] ************CSN=13
02/14 20:05:06 [6312] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=1AE359EB0A4009E20185E155B1921983&chk=63D26D1A0FE7717E35C1D02FC6A1A1EA&ck=8BD96CEE557EF555A3507DBD06C4E470&uchk=1A823FE5AF0199987311A297780D39B1&uck=411EE0418856C69222B24E34DA1FC1B6&hid=9CFB9B91958ACCAB27B44E0DD82C598F&groupid=749BF83B0A4009E20043C7DC621C1783&mode=0&hbt=900&as=13&cn=[hex]5041303032303133594C3730&lun=[hex]7841646D696E6973747261746F72&udn=[hex]5041303032303133592E636F6469732E6F7267
02/14 20:05:06 [6312] <GetIndexFileRequest:>http://DomainL70:8014/secars/secars.dll?h=F8BAAC53EFF8F390C9E66653AB61F7B9A66509D613A54A00697D8107C3F282C84E793663E626D0BDBB3175E8C30363963F4BC79068B14563D4D92E7ADE8950CF869CC01C9A5431580F10761D4501EF3D90705F1BBC395644ABDE20BFE4DF8A56A534992EF768FF04B04C385E9D46B2DBF6954F5FA622BF66814EB992C8CBB6B5BC550473AF5223261471AB2A4AFB30FF058406E665BF1CB1AA398CDF3936B4C2FA7C6A9724518AAB5FBA558B71E919C2634D456FA1B9E83C4C9DCB6D4262973A5AD6D8AB952ABB78033EEA8A753EE253840D1A6EF626B272041F4E42A51D77DF0B918AA6CA856F6D694073C01D7AC509FBA31A534F23867CC47B9C3FB17495BFA239B5D5E9A44D7D0077770197EC6F20EEA8AE54473670BA6C5A27241290400F4CE2673FB0CDD4C8ACB422B44328295B77796C53F56ACE1618238BF6A8340BFB2C89B7105037744988A56C72DF2361ED8EFC391F073ED0672D09FA9FB6B712E39E3ED4081C05E52DAF6F9E41CD259B31904DA74069878AC38524C87999B68C4C3A41B24C0563CA4E690CB7A9B86CB34EA47810489F8CBA1208DA0CFE66F24E4226250CBAB0F08D3305C5F7FA6F7AC969
02/14 20:05:06 [6312] <GetIndexFileRequest:>SMS return=200
02/14 20:05:06 [6312] <ParseHTTPStatusCode:>200=>200 OK
02/14 20:05:06 [6312] <mfn_DoGetIndexFile200>Content Lenght => 0
02/14 20:05:06 [6312] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
02/14 20:05:06 [6312] <GetIndexFileRequest:>COMPLETED
02/14 20:05:06 [6312] <IndexHeartbeatProc>GetIndexFile handling status: 1
02/14 20:05:06 [6312] <IndexHeartbeatProc>Switch Server flag=0
02/14 20:05:06 [6312] HEARTBEAT: Check Point 5.1
02/14 20:05:06 [6312] Index File Error!
02/14 20:05:06 [6312] <PostEvent>going to post event=EVENT_SERVER_ONLINE
02/14 20:05:06 [6312] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
02/14 20:05:06 [6312] <ScheduleNextUpdate>new scheduled heartbeat=32 seconds
02/14 20:05:06 [6312] HEARTBEAT: Check Point 8
02/14 20:05:06 [6312] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
02/14 20:05:06 [6312] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
02/14 20:05:06 [6312] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 20:05:06 ======
02/14 20:05:06 [6312] <IndexHeartbeatProc>Set Heartbeat Result= 3
02/14 20:05:06 [6312] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
02/14 20:05:06 [6312] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
02/14 20:05:06 [6312] Use new configuration
02/14 20:05:06 [6312] HEARTBEAT: Check Point Complete
02/14 20:05:06 [6312] <IndexHeartbeatProc>Done, Heartbeat=32seconds
02/14 20:05:06 [6312] </CSyLink::IndexHeartbeatProc()>
02/14 20:05:06 [6312] <CheckHeartbeatTimer>====== Heartbeat loop stops at 20:05:06 ======
02/14 20:05:38 [6312] <CheckHeartbeatTimer>====== Heartbeat loop starts at 20:05:38 ======
02/14 20:05:38 [6312] <GetOnlineNicInfo>:Netport Count=1
02/14 20:05:38 [6312] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.2" Mac="e4-1f-13-c1-12-56" Gateway="192.168.0.1" SubnetMask="255.255.255.240"/></SSANICs>
02/14 20:05:38 [6312] <CalcAgentHashKey>:CH=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:05:38 [6312] <CalcAgentHashKey>:CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:05:38 [6312] <CalcAgentHashKey>:C=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org
02/14 20:05:38 [6312] <CalcAgentHashKey>:CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:05:38 [6312] <CalcAgentHashKey>:UCH=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:05:38 [6312] <CalcAgentHashKey>:UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:05:38 [6312] <CalcAgentHashKey>:UC=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org
02/14 20:05:38 [6312] <CalcAgentHashKey>:UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:05:38 [6312] <DoHeartbeat>HardwareID=9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:05:38 [6312] <DoHeartbeat>CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:05:38 [6312] <DoHeartbeat>CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:05:38 [6312] <DoHeartbeat>UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:05:38 [6312] <DoHeartbeat>UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:05:38 [6312] <DoHeartbeat> Set heartbeat event
02/14 20:05:38 [6312] Use new configuration
02/14 20:05:38 [6312] <CSyLink::IndexHeartbeatProc()>
02/14 20:05:38 [6312] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 000000000371E630
02/14 20:05:38 [6312] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 20:05:38 ======
02/14 20:05:39 [6312] HEARTBEAT: Check Point 1
02/14 20:05:39 [6312] Get First Server!
02/14 20:05:39 [6312] HEARTBEAT: Check Point 2
02/14 20:05:39 [6312] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
02/14 20:05:39 [6312] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
02/14 20:05:39 [6312] HEARTBEAT: Check Point 3
02/14 20:05:39 [6312] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
02/14 20:05:39 [6312] HEARTBEAT: Check Point 4
02/14 20:05:39 [6312] <IndexHeartbeatProc>===Get Index STAGE===
02/14 20:05:39 [6312] ************CSN=14
02/14 20:05:39 [6312] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=1AE359EB0A4009E20185E155B1921983&chk=63D26D1A0FE7717E35C1D02FC6A1A1EA&ck=8BD96CEE557EF555A3507DBD06C4E470&uchk=1A823FE5AF0199987311A297780D39B1&uck=411EE0418856C69222B24E34DA1FC1B6&hid=9CFB9B91958ACCAB27B44E0DD82C598F&groupid=749BF83B0A4009E20043C7DC621C1783&mode=0&hbt=900&as=14&cn=[hex]5041303032303133594C3730&lun=[hex]7841646D696E6973747261746F72&udn=[hex]5041303032303133592E636F6469732E6F7267
02/14 20:05:39 [6312] <GetIndexFileRequest:>http://DomainL70:8014/secars/secars.dll?h=F8BAAC53EFF8F390C9E66653AB61F7B9A66509D613A54A00697D8107C3F282C84E793663E626D0BDBB3175E8C30363963F4BC79068B14563D4D92E7ADE8950CF869CC01C9A5431580F10761D4501EF3D90705F1BBC395644ABDE20BFE4DF8A56A534992EF768FF04B04C385E9D46B2DBF6954F5FA622BF66814EB992C8CBB6B5BC550473AF5223261471AB2A4AFB30FF058406E665BF1CB1AA398CDF3936B4C2FA7C6A9724518AAB5FBA558B71E919C2634D456FA1B9E83C4C9DCB6D4262973A5AD6D8AB952ABB78033EEA8A753EE253840D1A6EF626B272041F4E42A51D77DF0B918AA6CA856F6D694073C01D7AC509FBA31A534F23867CC47B9C3FB17495BFA239B5D5E9A44D7D0077770197EC6F20EEA8AE54473670BA6C5A27241290400F1EF559B227490298784F897CB570596A77796C53F56ACE1618238BF6A8340BFB2C89B7105037744988A56C72DF2361ED8EFC391F073ED0672D09FA9FB6B712E39E3ED4081C05E52DAF6F9E41CD259B31904DA74069878AC38524C87999B68C4C3A41B24C0563CA4E690CB7A9B86CB34EA47810489F8CBA1208DA0CFE66F24E4226250CBAB0F08D3305C5F7FA6F7AC969
02/14 20:05:39 [6312] <GetIndexFileRequest:>SMS return=200
02/14 20:05:39 [6312] <ParseHTTPStatusCode:>200=>200 OK
02/14 20:05:39 [6312] <mfn_DoGetIndexFile200>Content Lenght => 0
02/14 20:05:39 [6312] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
02/14 20:05:39 [6312] <GetIndexFileRequest:>COMPLETED
02/14 20:05:39 [6312] <IndexHeartbeatProc>GetIndexFile handling status: 1
02/14 20:05:39 [6312] <IndexHeartbeatProc>Switch Server flag=0
02/14 20:05:39 [6312] HEARTBEAT: Check Point 5.1
02/14 20:05:39 [6312] Index File Error!
02/14 20:05:39 [6312] <PostEvent>going to post event=EVENT_SERVER_ONLINE
02/14 20:05:39 [6312] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
02/14 20:05:39 [6312] <ScheduleNextUpdate>new scheduled heartbeat=64 seconds
02/14 20:05:39 [6312] HEARTBEAT: Check Point 8
02/14 20:05:39 [6312] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
02/14 20:05:39 [6312] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
02/14 20:05:39 [6312] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 20:05:39 ======
02/14 20:05:39 [6312] <IndexHeartbeatProc>Set Heartbeat Result= 3
02/14 20:05:39 [6312] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
02/14 20:05:39 [6312] <IndexHeartbeatProc>Connection Failed! No. of tries = 2
02/14 20:05:39 [6312] Use new configuration
02/14 20:05:39 [6312] HEARTBEAT: Check Point Complete
02/14 20:05:39 [6312] <IndexHeartbeatProc>Done, Heartbeat=64seconds
02/14 20:05:39 [6312] </CSyLink::IndexHeartbeatProc()>
02/14 20:05:39 [6312] <CheckHeartbeatTimer>====== Heartbeat loop stops at 20:05:39 ======
02/14 20:05:57 [3304] <CSyLink::LUThreadProc()>
02/14 20:05:57 [3304] <CExpBackoff::CExpBackoff()>
02/14 20:05:57 [3304] </CExpBackoff::CExpBackoff()>
02/14 20:05:57 [3304] SyLinkCreateConfig => Created instance: 0000000004F3D6E0
02/14 20:05:57 [3304] Importing ConfigObject: 000000000371E630 into: 0000000004F3D6E0
02/14 20:05:57 [3304] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 0000000004F3D6E0
02/14 20:05:57 [3304] <CRandomDelay::CRandomDelay()>
02/14 20:05:57 [3304] Random delay window: 0hour 5min 0sec
02/14 20:05:57 [3304] Computed random delay:0hour 3min 42sec 0millisec
02/14 20:05:57 [3304] </CRandomDelay::CRandomDelay()>
02/14 20:05:57 [3304] <LUThreadProc>Waiting for: 222000 milliseconds to start downloading LU contents
02/14 20:05:57 [7228] <CSyLink::mfn_DownloadNow()>
02/14 20:05:57 [7228] </CSyLink::mfn_DownloadNow()>
02/14 20:06:35 [7352] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
02/14 20:06:35 [6312] <CheckHeartbeatTimer>====== Heartbeat loop starts at 20:06:35 ======
02/14 20:06:36 [6312] <GetOnlineNicInfo>:Netport Count=1
02/14 20:06:36 [6312] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.2" Mac="e4-1f-13-c1-12-56" Gateway="192.168.0.1" SubnetMask="255.255.255.240"/></SSANICs>
02/14 20:06:36 [6312] <CalcAgentHashKey>:CH=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:06:36 [6312] <CalcAgentHashKey>:CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:06:36 [6312] <CalcAgentHashKey>:C=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org
02/14 20:06:36 [6312] <CalcAgentHashKey>:CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:06:36 [6312] <CalcAgentHashKey>:UCH=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:06:36 [6312] <CalcAgentHashKey>:UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:06:36 [6312] <CalcAgentHashKey>:UC=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org
02/14 20:06:36 [6312] <CalcAgentHashKey>:UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:06:36 [6312] <DoHeartbeat>HardwareID=9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:06:36 [6312] <DoHeartbeat>CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:06:36 [6312] <DoHeartbeat>CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:06:36 [6312] <DoHeartbeat>UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:06:36 [6312] <DoHeartbeat>UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:06:36 [6312] <DoHeartbeat> Set heartbeat event
02/14 20:06:36 [6312] Use new configuration
02/14 20:06:36 [6312] <CSyLink::IndexHeartbeatProc()>
02/14 20:06:36 [6312] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 000000000371E630
02/14 20:06:36 [6312] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 20:06:36 ======
02/14 20:06:36 [6312] HEARTBEAT: Check Point 1
02/14 20:06:36 [6312] Get First Server!
02/14 20:06:36 [6312] HEARTBEAT: Check Point 2
02/14 20:06:36 [6312] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
02/14 20:06:36 [6312] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
02/14 20:06:36 [6312] HEARTBEAT: Check Point 3
02/14 20:06:36 [6312] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
02/14 20:06:36 [6312] HEARTBEAT: Check Point 4
02/14 20:06:36 [6312] <IndexHeartbeatProc>===Get Index STAGE===
02/14 20:06:36 [6312] ************CSN=15
02/14 20:06:36 [6312] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=1AE359EB0A4009E20185E155B1921983&chk=63D26D1A0FE7717E35C1D02FC6A1A1EA&ck=8BD96CEE557EF555A3507DBD06C4E470&uchk=1A823FE5AF0199987311A297780D39B1&uck=411EE0418856C69222B24E34DA1FC1B6&hid=9CFB9B91958ACCAB27B44E0DD82C598F&groupid=749BF83B0A4009E20043C7DC621C1783&mode=0&hbt=900&as=15&cn=[hex]5041303032303133594C3730&lun=[hex]7841646D696E6973747261746F72&udn=[hex]5041303032303133592E636F6469732E6F7267
02/14 20:06:36 [6312] <GetIndexFileRequest:>http://DomainL70:8014/secars/secars.dll?h=F8BAAC53EFF8F390C9E66653AB61F7B9A66509D613A54A00697D8107C3F282C84E793663E626D0BDBB3175E8C30363963F4BC79068B14563D4D92E7ADE8950CF869CC01C9A5431580F10761D4501EF3D90705F1BBC395644ABDE20BFE4DF8A56A534992EF768FF04B04C385E9D46B2DBF6954F5FA622BF66814EB992C8CBB6B5BC550473AF5223261471AB2A4AFB30FF058406E665BF1CB1AA398CDF3936B4C2FA7C6A9724518AAB5FBA558B71E919C2634D456FA1B9E83C4C9DCB6D4262973A5AD6D8AB952ABB78033EEA8A753EE253840D1A6EF626B272041F4E42A51D77DF0B918AA6CA856F6D694073C01D7AC509FBA31A534F23867CC47B9C3FB17495BFA239B5D5E9A44D7D0077770197EC6F20EEA8AE54473670BA6C5A27241290400F49473F68CAC00964D2CF441DC2FC83AC77796C53F56ACE1618238BF6A8340BFB2C89B7105037744988A56C72DF2361ED8EFC391F073ED0672D09FA9FB6B712E39E3ED4081C05E52DAF6F9E41CD259B31904DA74069878AC38524C87999B68C4C3A41B24C0563CA4E690CB7A9B86CB34EA47810489F8CBA1208DA0CFE66F24E4226250CBAB0F08D3305C5F7FA6F7AC969
02/14 20:06:36 [6312] <GetIndexFileRequest:>SMS return=200
02/14 20:06:36 [6312] <ParseHTTPStatusCode:>200=>200 OK
02/14 20:06:36 [6312] <mfn_DoGetIndexFile200>Content Lenght => 0
02/14 20:06:36 [6312] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
02/14 20:06:36 [6312] <GetIndexFileRequest:>COMPLETED
02/14 20:06:36 [6312] <IndexHeartbeatProc>GetIndexFile handling status: 1
02/14 20:06:36 [6312] <IndexHeartbeatProc>Switch Server flag=0
02/14 20:06:36 [6312] HEARTBEAT: Check Point 5.1
02/14 20:06:36 [6312] Index File Error!
02/14 20:06:36 [6312] <PostEvent>going to post event=EVENT_SERVER_ONLINE
02/14 20:06:36 [6312] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
02/14 20:06:36 [6312] <ScheduleNextUpdate>new scheduled heartbeat=128 seconds
02/14 20:06:36 [6312] HEARTBEAT: Check Point 8
02/14 20:06:36 [6312] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
02/14 20:06:36 [6312] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
02/14 20:06:36 [6312] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 20:06:36 ======
02/14 20:06:36 [6312] <IndexHeartbeatProc>Set Heartbeat Result= 3
02/14 20:06:36 [6312] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
02/14 20:06:36 [6312] <IndexHeartbeatProc>Connection Failed! No. of tries = 3
02/14 20:06:36 [6312] <SwitchSylinkConfig:> Switching from sylink.xml..
02/14 20:06:36 [6312] <SwitchSylinkConfig:> Failed to switch to use SyLinkEx.bak
02/14 20:06:36 [6312] <SwitchSylinkConfig:> Switching from SyLinkEx.bak
02/14 20:06:36 [6312] Use new configuration
02/14 20:06:36 [6312] HEARTBEAT: Check Point Complete
02/14 20:06:36 [6312] <IndexHeartbeatProc>Done, Heartbeat=128seconds
02/14 20:06:36 [6312] </CSyLink::IndexHeartbeatProc()>
02/14 20:06:36 [6312] <CheckHeartbeatTimer>====== Heartbeat loop stops at 20:06:36 ======
02/14 20:07:01 [7228] <CSyLink::mfn_DownloadNow()>
02/14 20:07:01 [7228] </CSyLink::mfn_DownloadNow()>
02/14 20:08:04 [7228] <CSyLink::mfn_DownloadNow()>
02/14 20:08:04 [7228] </CSyLink::mfn_DownloadNow()>
02/14 20:08:44 [6312] <CheckHeartbeatTimer>====== Heartbeat loop starts at 20:08:44 ======
02/14 20:08:45 [6312] <GetOnlineNicInfo>:Netport Count=1
02/14 20:08:45 [6312] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.0.2" Mac="e4-1f-13-c1-12-56" Gateway="192.168.0.1" SubnetMask="255.255.255.240"/></SSANICs>
02/14 20:08:45 [6312] <CalcAgentHashKey>:CH=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:08:45 [6312] <CalcAgentHashKey>:CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:08:45 [6312] <CalcAgentHashKey>:C=749BF83B0A4009E20043C7DC621C17831DomainL70Domain.Project.org
02/14 20:08:45 [6312] <CalcAgentHashKey>:CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:08:45 [6312] <CalcAgentHashKey>:UCH=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:08:45 [6312] <CalcAgentHashKey>:UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:08:45 [6312] <CalcAgentHashKey>:UC=749BF83B0A4009E20043C7DC621C17830xAdministratorDomain.Project.orgDomainL70Domain.Project.org
02/14 20:08:45 [6312] <CalcAgentHashKey>:UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:08:45 [6312] <DoHeartbeat>HardwareID=9CFB9B91958ACCAB27B44E0DD82C598F
02/14 20:08:45 [6312] <DoHeartbeat>CHKey=63D26D1A0FE7717E35C1D02FC6A1A1EA
02/14 20:08:45 [6312] <DoHeartbeat>CKey=8BD96CEE557EF555A3507DBD06C4E470
02/14 20:08:45 [6312] <DoHeartbeat>UCHKey=1A823FE5AF0199987311A297780D39B1
02/14 20:08:45 [6312] <DoHeartbeat>UCKey=411EE0418856C69222B24E34DA1FC1B6
02/14 20:08:45 [6312] <DoHeartbeat> Set heartbeat event
02/14 20:08:45 [6312] Use new configuration
02/14 20:08:45 [6312] <CSyLink::IndexHeartbeatProc()>
02/14 20:08:45 [6312] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 000000000371E630
02/14 20:08:45 [6312] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 20:08:45 ======
02/14 20:08:45 [6312] HEARTBEAT: Check Point 1
02/14 20:08:45 [6312] Get First Server!
02/14 20:08:45 [6312] HEARTBEAT: Check Point 2
02/14 20:08:45 [6312] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
02/14 20:08:45 [6312] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
02/14 20:08:45 [6312] HEARTBEAT: Check Point 3
02/14 20:08:45 [6312] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
02/14 20:08:45 [6312] HEARTBEAT: Check Point 4
02/14 20:08:45 [6312] <IndexHeartbeatProc>===Get Index STAGE===
02/14 20:08:45 [6312] ************CSN=16
02/14 20:08:45 [6312] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=1AE359EB0A4009E20185E155B1921983&chk=63D26D1A0FE7717E35C1D02FC6A1A1EA&ck=8BD96CEE557EF555A3507DBD06C4E470&uchk=1A823FE5AF0199987311A297780D39B1&uck=411EE0418856C69222B24E34DA1FC1B6&hid=9CFB9B91958ACCAB27B44E0DD82C598F&groupid=749BF83B0A4009E20043C7DC621C1783&mode=0&hbt=900&as=16&cn=[hex]5041303032303133594C3730&lun=[hex]7841646D696E6973747261746F72&udn=[hex]5041303032303133592E636F6469732E6F7267
02/14 20:08:45 [6312] <GetIndexFileRequest:>http://DomainL70:8014/secars/secars.dll?h=F8BAAC53EFF8F390C9E66653AB61F7B9A66509D613A54A00697D8107C3F282C84E793663E626D0BDBB3175E8C30363963F4BC79068B14563D4D92E7ADE8950CF869CC01C9A5431580F10761D4501EF3D90705F1BBC395644ABDE20BFE4DF8A56A534992EF768FF04B04C385E9D46B2DBF6954F5FA622BF66814EB992C8CBB6B5BC550473AF5223261471AB2A4AFB30FF058406E665BF1CB1AA398CDF3936B4C2FA7C6A9724518AAB5FBA558B71E919C2634D456FA1B9E83C4C9DCB6D4262973A5AD6D8AB952ABB78033EEA8A753EE253840D1A6EF626B272041F4E42A51D77DF0B918AA6CA856F6D694073C01D7AC509FBA31A534F23867CC47B9C3FB17495BFA239B5D5E9A44D7D0077770197EC6F20EEA8AE54473670BA6C5A27241290400F8FAB2F2DB28386073CE9F7FFF4B6D3FD77796C53F56ACE1618238BF6A8340BFB2C89B7105037744988A56C72DF2361ED8EFC391F073ED0672D09FA9FB6B712E39E3ED4081C05E52DAF6F9E41CD259B31904DA74069878AC38524C87999B68C4C3A41B24C0563CA4E690CB7A9B86CB34EA47810489F8CBA1208DA0CFE66F24E4226250CBAB0F08D3305C5F7FA6F7AC969
02/14 20:08:45 [6312] <GetIndexFileRequest:>SMS return=200
02/14 20:08:45 [6312] <ParseHTTPStatusCode:>200=>200 OK
02/14 20:08:45 [6312] <mfn_DoGetIndexFile200>Content Lenght => 0
02/14 20:08:45 [6312] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
02/14 20:08:45 [6312] <GetIndexFileRequest:>COMPLETED
02/14 20:08:45 [6312] <IndexHeartbeatProc>GetIndexFile handling status: 1
02/14 20:08:45 [6312] <IndexHeartbeatProc>Switch Server flag=0
02/14 20:08:45 [6312] HEARTBEAT: Check Point 5.1
02/14 20:08:45 [6312] Index File Error!
02/14 20:08:45 [6312] <PostEvent>going to post event=EVENT_SERVER_ONLINE
02/14 20:08:45 [6312] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
02/14 20:08:45 [6312] <ScheduleNextUpdate>new scheduled heartbeat=256 seconds
02/14 20:08:45 [6312] HEARTBEAT: Check Point 8
02/14 20:08:45 [6312] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
02/14 20:08:45 [6312] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
02/14 20:08:45 [6312] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 20:08:45 ======
02/14 20:08:45 [6312] <IndexHeartbeatProc>Set Heartbeat Result= 3
02/14 20:08:45 [6312] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 1, 'Using Location Config' = 0
02/14 20:08:45 [6312] <IndexHeartbeatProc>Connection Failed! No. of tries = 1
02/14 20:08:45 [6312] Use new configuration
02/14 20:08:45 [6312] HEARTBEAT: Check Point Complete
02/14 20:08:45 [6312] <IndexHeartbeatProc>Done, Heartbeat=256seconds
02/14 20:08:45 [6312] </CSyLink::IndexHeartbeatProc()>
02/14 20:08:45 [6312] <CheckHeartbeatTimer>====== Heartbeat loop stops at 20:08:45 ======
02/14 20:09:08 [7228] <CSyLink::mfn_DownloadNow()>
02/14 20:09:08 [7228] </CSyLink::mfn_DownloadNow()>
02/14 20:09:39 [3304] <LUThreadProc>Starting LU download.
02/14 20:09:39 [3304] <LUThreadProc> Sufficient disk space available on C:\ to download content {1CD85198-26C6-4bac-8C72-5D34B025DE35} 120202002
02/14 20:09:39 [3304] <SetupTempLUFilePath:>NEW download: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{1CD85198-26C6-4bac-8C72-5D34B025DE35}1202020021.TMP
02/14 20:09:39 [3304] <CHttpFileDownload::CHttpFileDownload()>
02/14 20:09:39 [3304] </CHttpFileDownload::CHttpFileDownload()>
02/14 20:09:39 [3304] <CHttpFileDownload::Do()>
02/14 20:09:39 [3304] <CHttpFileDownload::getRemainingBytesToDownload()>
02/14 20:09:39 [3304] Remaining bytes to download: 164989324
02/14 20:09:39 [3304] </CHttpFileDownload::getRemainingBytesToDownload()>
02/14 20:09:39 [3304] <CHttpConnector::SendRequest()>
02/14 20:09:39 [3304] Request> http://DomainL70:8014/content/{1CD85198-26C6-4bac-8C72-5D34B025DE35}/120202002/Full.zip
02/14 20:09:39 [3304] </CHttpConnector::SendRequest()>
02/14 20:09:39 [3304] <CHttpFileDownload::read()>
02/14 20:09:39 [3304] </CHttpFileDownload::read()>
02/14 20:09:39 [3304] </CHttpFileDownload::Do()>
02/14 20:09:39 [3304] <LUDownloader::GetContentToFile> completed.
02/14 20:09:39 [3304] <CHttpFileDownload::~CHttpFileDownload()>
02/14 20:09:39 [3304] </CHttpFileDownload::~CHttpFileDownload()>
02/14 20:09:39 [3304] <LUThreadProc>@@@@@@@@@ LU DEBUG ONLY- Download file failed due to wrong file size.
 FileName:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{1CD85198-26C6-4bac-8C72-5D34B025DE35}1202020021.TMP Expected file size: 164989324
02/14 20:09:39 [3304] SyLinkDeleteConfig => Deleting instance: 0000000004F3D6E0
02/14 20:09:39 [3304] </CSyLink::LUThreadProc()>
02/14 20:10:11 [7228] <CSyLink::mfn_DownloadNow()>
02/14 20:10:11 [7228] </CSyLink::mfn_DownloadNow()>
02/14 20:10:39 [3304] <CSyLink::LUThreadProc()>
02/14 20:10:39 [3304] SyLinkCreateConfig => Created instance: 0000000004E1B540
02/14 20:10:39 [3304] Importing ConfigObject: 000000000371E630 into: 0000000004E1B540
02/14 20:10:39 [3304] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 0000000004E1B540
02/14 20:10:39 [3304] <CRandomDelay::CRandomDelay()>
02/14 20:10:39 [3304] Random delay window: 0hour 5min 0sec
02/14 20:10:39 [3304] Computed random delay:0hour 2min 30sec 0millisec
02/14 20:10:39 [3304] </CRandomDelay::CRandomDelay()>
02/14 20:10:39 [3304] <LUThreadProc>Waiting for: 150000 millisec

I highly doubt that there was a problem uninstalling the LU.  As the post indicates, this problem occurred the with the previous version of SEP (11 RU6a).  Since this error occurred before and after the upgrade, it leads me to believe it is something else.

Not to mention, the Live Update control panel opens wihout error.

Venik,

The error message in your original post was syaing the file size was incorrect and that the system was expecting a larger or smaller file.

The original post was also from Feb. 02.  Later on, logs from Feb. 14.

Today, Feb 20, are you still having the same problem with the original file from Feb 02?  Or are you updating the definitions every day and have downloaded today's definitions and are experiencing the same problem?

* * * * * *

Errors in your logs

* * * * * *

1- 02/14 20:04:57 [7352] <Start>Unable to create Session with 'User Proxy' settings - Proxy Server: Error Code: 87

2- 02/14 20:08:45 [6312] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 1, 'Using Backup Sylink' = 1, 'Using Location Config' = 0
02/14 20:08:45 [6312] <IndexHeartbeatProc>Connection Failed! No. of tries = 1

* * * * * * * *

There are also some logs about the system going to the backup of Sylink.xml file.

02/14 20:06:36 [6312] <SwitchSylinkConfig:> Switching from sylink.xml..
02/14 20:06:36 [6312] <SwitchSylinkConfig:> Failed to switch to use SyLinkEx.bak
02/14 20:06:36 [6312] <SwitchSylinkConfig:> Switching from SyLinkEx.bak

* * * * * * * *

This all points to a communications issue. 

Can you successfully telnet to the server (SEPM) on port 8014?
 

As the post describes. the only noticible problem is content update.  The client receives policy from the SEPM. The client processes commands from the SEPM. The client can request and receive policy from the SEPM.

The sylink log file has this line:

02/14 20:09:39 [3304] <LUThreadProc>@@@@@@@@@ LU DEBUG ONLY- Download file failed due to wrong file size.
 FileName:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{1CD85198-26C6-4bac-8C72-5D34B025DE35}

The last JDB file used to update the SEPM contains updates released on Feb 02. I haven't updated the JDB file since - its a waste of time since none of the clients are updating.  Prior to that, I used two other JDB files.

I cannot telnet to the SEPM server on port 8014.

02/14 20:05:06 [6312] <GetIndexFileRequest:>http://DomainL70:8014/secars/secars.dll?h=F8BAAC53EFF8F390C9E66653AB61F7B9A66509D613A54A00697D8107C3F282C84E793663E626D0BDBB3175E8C30363963F4BC79068B14563D4D92E7ADE8950CF869CC01C9A5431580F10761D4501EF3D90705F1BBC395644ABDE20BFE4DF8A56A534992EF768FF04B04C385E9D46B2DBF6954F5FA622BF66814EB992C8CBB6B5BC550473AF5223261471AB2A4AFB30FF058406E665BF1CB1AA398CDF3936B4C2FA7C6A9724518AAB5FBA558B71E919C2634D456FA1B9E83C4C9DCB6D4262973A5AD6D8AB952ABB78033EEA8A753EE253840D1A6EF626B272041F4E42A51D77DF0B918AA6CA856F6D694073C01D7AC509FBA31A534F23867CC47B9C3FB17495BFA239B5D5E9A44D7D0077770197EC6F20EEA8AE54473670BA6C5A27241290400F4CE2673FB0CDD4C8ACB422B44328295B77796C53F56ACE1618238BF6A8340BFB2C89B7105037744988A56C72DF2361ED8EFC391F073ED0672D09FA9FB6B712E39E3ED4081C05E52DAF6F9E41CD259B31904DA74069878AC38524C87999B68C4C3A41B24C0563CA4E690CB7A9B86CB34EA47810489F8CBA1208DA0CFE66F24E4226250CBAB0F08D3305C5F7FA6F7AC969

I take it, the server name is DomainL70 (the server on which the SEPM is running)?

I also have to assume (sorry) from the logs that the server is running Server 2008 standard edition with Service Pack 1.

Which brings to the next questions.

- When you setup the server (SEPM) did you use the standard SEPM setup and default port of 8014?

- Windows Firewall is enabled or disabled?

- The server is running SEP client; with or without the Firewall component?

* * * * *

**Note**

You do NOT need to enable the "telnet server" feature on the server in order to be able to establish a connection.

** End note **

This page indicates that the comm port between the server and the client is port 8014.

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/edda0cd89141a6788025734e004b6a02?OpenDocument

Without you being able to telnet to said port, this is the underlying problem.

*** Taken from SATYAM PUJARI ***

Open 8014 in the Firewall.

The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 8014 - Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

Client-Server Communication:
For IIS SEP uses HTTP between the clients and the server. For the client server communication it uses port 8014 .

Remote Console:
9090 is used by the remote console to download .jar files and display the help pages.
8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.

Considering your scenario...

Just open 8014 in the firewall .Clients will connect to this port for communication.
SEPM is listening on port 8014 and waiting for connection.

You dont need to open ports (1024-65535) in the SEPM system.The concept is simple..When a client connects to a Webserver at some port [i.e 80 or 8014 ] it needs to open a random port in the local system to establish the communication ...that's how TCP/IP sockets work.

Simple example...
When you connect to google.com at port 80 You need to open a random port (i.e. 3355 )in the your machine aswell so that the webserver should also be communicate with you right ? That happens in the background but that's why random ports are used.

To see it..Just open some websites ..go to command prompt and type netstat -nao

Go through this chart....IT clearly states that for client-server [SEPM] communication you need to open 8014

Port Number Port Type Initiated by Listening Process Description 80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older). 443 TCP SEP Clients svchost.exe (IIS) Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers. 1433 TCP SEPM manager sqlservr.exe Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers. 1812 UDP Enforcer w3wp.exe RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer. 2638 TCP SEPM manager dbsrv9.exe Communication between the Embedded Database and the SEPM manager. 8443 TCP Remote Java or web console SemSvc.exe HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port. 9090 TCP Remote web console SemSvc.exe Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only). 8005 TCP SEPM manager SemSvc.exe The SEPM manager listens on the Tomcat default port. 39999 UDP Enforcer Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer. 2967 TCP SEP Clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.

source: http://service1.symantec.com/SUPPORT/ent-security....

* * * * * *

Link to the original Thread here:

https://www-secure.symantec.com/connect/forums/sep-port-clarification

Server: Windows 2008 R2 SP1

Server Name: DomainL70

The SEPM was setup with the defaul port 8014.

The windows firewall service is enabled, but before SEPM (and SEP install), the windows firewall was configured to not protect on any of the three profiles.

The SEPM server and clients have the firewall component. The results are the same when it is disabled.

Although telenet isn't connecting, the server is responding on port 8014.  I know this from performing the 'hello secars' test described in this document: Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager (http://www.symantec.com/business/support/index?page=content&id=TECH102682).  The test was successsful. 

A successful connection returns a web page that displays "OK."