Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM 12.1 LiveUpdate Issues

Created: 28 Jan 2013 • Updated: 30 Jan 2013 | 19 comments
This issue has been solved. See solution.

Hi everyone,

Hopefully I'm posting this in the correct forum.

I'm having some issues with SEPM not auto updating from Symantec's Live Update servers.

I'm currently not behind a proxy, and can perform a manual update from one of the member servers.

I've also noticed, that an auto update seems to successfully execute within a few hours after the manual update has been performed. After that, no more auto updates (I have waited for days to see if it auto updates again.)

I've looked at numerous articles out there with people having the same type of symptom, but I still have yet to find a fix.

I've looked through the liveupdate logs and don't see any errors related to the issue. If there's a log file you think I've missed, please let me know.

Can someone guide me into what to troubleshoot? I'm still attempting to wrap my head around how a SEPM site functions with multiple server members.

Which server is responsible for retrieving the updates? Do all servers attempt to perform the LiveUpdate and redistribute the software packages amongst the other member servers?

Does the server priority window under the site properties control more than reports and notifications? Or are servers prioritized on this list also responsible for performing the LiveUpdates? I have moved a few servers up and down on this list and still have the same issue.

Any information you could provide me would greatly be appreciated.

Thanks for your time!

Comments 19 CommentsJump to latest comment

Ashish-Sharma's picture

Troubleshooting LiveUpdate Issues with Symantec Endpoint protection

https://www-secure.symantec.com/connect/articles/troubleshooting-liveupdate-issues-symantec-endpoint-protection

LiveUpdate and content troubleshooting for the Symantec Endpoint Protection Manager

Article:TECH105924 | Created: 2008-01-16 | Updated: 2012-03-30 | Article URL http://www.symantec.com/docs/TECH105924

Thanks In Advance

Ashish Sharma

BluePillRedPill's picture

Thank you for the quick reply and for the link. This is a path that I've seen and followed with no solution to my issue.

1. No proxy
2. Connection verified with manual update being performed successfully
3. LiveUpdate catalog - I am unfamiliar with this, but if this will help resolve my issue, please let me know what I need to look at.
4.I've cleaned up and re-downloaded everything via the LiveUpdate application successfully and still have the issue.

Any other suggestions would be appreciated.

Thank you

.Brian's picture

I assume you have enoughn space on your C drive?

Try re-installing LiveUpdate per this article:

LiveUpdate fails immediately when run from the SEPM console.

Article:TECH173571  |  Created: 2011-11-03  |  Updated: 2011-11-03  |  Article URL http://www.symantec.com/docs/TECH173571

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Are you doing manual update from SEPM console or by executing luall.exe? Or is the problem only with scheduled updates?

If scheduled download is affected can you check in SEPM GUI - > Admin -> Servers ->Local Site -> Show the Liveupdate Status -> for what date is the next scheduled update set?

There was a known issue in 12.1 where the next scheduled update was set in the past - have a look at the following:

http://www.symantec.com/business/support/index?pag...

BluePillRedPill's picture

Thanks for the replies.

Brian,

LiveUpdate is working when being run manually without having failures as your linked article is stating. I have checked the that the version of LU that I'm running is compatible with the version of SEPM that I'm using as well.

Sebastian,

I checked my LiveUpdate log files and all time stamps are correct. I don't believe that is the issue.

To answer your question:
When performing a manual update both within the console and with luall.exe, the update is successful.

When configuring the auto update option in the site, updates do not execute. I've changed the options to continuously update, set it to a schedule of every hour to make an attempt, and I've also setup a custom daily update schedule. All of which have failed.

Can anyone confirm with me which server in the site is responsible for pulling the updates? Or are all site member servers collectively responsible for running an update if its available?

Also, which service and account is responsible for executing the auto update from SEPM? Is it possible that there is a permissions problem going on here? When I run the manual update, I'm using my Active Directory account that only has local administrative rights on the server in addition to be a SEPM admin. It has no other permissions on the domain.

Thanks again

SMLatCST's picture

Generally speaking, any SEPM in a site can be nominated to perform the LiveUpdate (you'd normally be able to see which one did it via the logs near the bottom of the ADMIN->Servers area).  After one SEPM grabs the defs, it shares them with the other SEPM(s) via their shared DB.

Are you saying that despite the LU schedule being set for continuous, if left to their own devices, neither SEPM actually launches a LU attempt?

Can you check the scm-server-0.log files from the SEPMs for any errors too?

Chetan Savade's picture

Hi,

You have posted query in the correct forum smiley.

I would like to answer your questions

Q. Which server is responsible for retrieving the updates?

--> It depends upon SEPM liveupdate configuration. Go to the Admin --> Servers --> Local Site --> Edit Site Properties --> Check liveupdate settings

Q. Do all servers attempt to perform the LiveUpdate and redistribute the software packages amongst the other member servers?

-->  It's not correct.

Q. Does the server priority window under the site properties control more than reports and notifications? Or are servers prioritized on this list also responsible for performing the LiveUpdates?

--> It again depends upon liveupdate configuration.

If auotupdate is not working there should be some error in the logs.

Please pass on the logs.

Log.liveupdate could be found in -
Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: C:\ProgramData\Symantec\LiveUpdate

Could you please confirm

1) Total Number of SEPM's in the network?

2) SEPM's configured with load balancing or Replication?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SMLatCST's picture

Just to reiterate, any SEPM in a Site can perform LiveUpdate.  When using the load-balanced config however, try to avoid using the continuous schedule as it can cause a few problems as per the below article:

http://www.symantec.com/docs/TECH136648

It might also be worth ensuring you've not got the "scm.server.liveupdate.disabled=x" set on any of your servers.

BluePillRedPill's picture

Thanks SML,
In response to your questions:

Q: "Are you saying that despite the LU schedule being set for continuous, if left to their own devices, neither SEPM actually launches a LU attempt?"

A: This is a correct statement. In looking at the 'Show the LiveUpdate Status' task under the Site properties, the log only is updating when I perform a manual update (both in the console and with luall.exe outside of the console.)

Q: "Can you check the scm-server-0.log files from the SEPMs for any errors too?"

A: The only thing that is sticking out in the scm-server-0.log file is the following warning:
2013-01-28 12:27:49.113 THREAD 36 WARNING: LiveUpdateTask>>isLURunning>>isOnline and LuState.IS_RUNNING! - I'm not sure if this is normal behavior or not.

----------------------------

In addition,
I cannot see which server has been nominated to perform the LiveUpdate function in the log window for the local site. Is there anywhere else you would suggest to find this information?

Thanks!

BluePillRedPill's picture

Thank you Chetan,

To your first statement:

"If auotupdate is not working there should be some error in the logs."

I have looked at the log.liveupdate log file and there are no errors listed. The log file seems to only be updated when I perform the manual update. The log file is then populated with general logs related to the update itself. Nothing is updating the log when the auto update is not working as expected.

1) Total Number of SEPM's in the network?

A: 11 in 1 site. No other servers or sites.

2) SEPM's configured with load balancing or Replication?

A: There is one partner configured for replication. I am unsure of any configured for load balancing as I don't see that anywhere.

Please forgive my ignorance if I don't know the answers to some of your questions. I've only been working in this environment for a few weeks, so I'm learning architecture along with misconfigurations etc... Thanks for your patience!

BluePillRedPill's picture

Thanks for the additional information SML,

Just a note, I've only configured the Site to use Continuous LiveUpdate to troubleshoot the issue. It's generally been set to look for an update every 4 hours.

Can you tell me where I can check this setting?

"It might also be worth ensuring you've not got the "scm.server.liveupdate.disabled=x" set on any of your servers."

It would make sense to me that 1 server is broken, and other servers have LU disabled. It would be worth looking into.

Thanks

SMLatCST's picture

Just so we have a clearer view, can you check the scm-server-0.log file on all SEPMs in your site for what might be going on?

The log entry you posted earlier suggested that the SEPM believes a LU session is already in progress, which would prevent any other SEPM from attempting to update.

I'd suggest switching the LiveUpdate Schedule of the site back to "Every X hours" and then performing staggered reboots of all your SEPMs to ensure none of them think they are running LiveUpdate, then monitor.

Other things to check include verifying if you have anything else that might trigger a Liveupdate session on your SEPMs (Windows scheduled task, the SEP11 client, Backup Exec, any other Symantec products, etc).

SMLatCST's picture

Can you give us a bit more info about your environment as well btw?  It's quite rare to see so many SEPMs in a single site (connected to the same databse), and it sounds like you may have hit or exceeeded the maximum number of SEPMs per site as well (10):

http://www.symantec.com/docs/HOWTO81147

Given the very high number of SEPMs in your site though, you might find it easier to manage/troubleshoot if you do add the "scm.server.liveupdate.disabled=x"setting to some of them, so that you can focus your troubleshooting efforts on the few SEPMs that are allowed to grab content.

SOLUTION
A. Wesker's picture

Hi BluePillRedPill, Could you please let us know the version of your SEPM Console ?

At the same occasion, if you have a SEP client installed as well on this SEPM server and his current version indeed.

If you could post the Log.LiveUpdate from your SEPM server, we may be able to see what's happening ;-)

Cheers.

Kind Regards,

A. Wesker

BluePillRedPill's picture

Thank you for the information everyone.

I'm feeling that one of the servers is stuck in an update status as SML suggested, and is causing my issue. I will spend a few hours cycling through and rebooting and disabling where needed.

I understand that the solution implemented doesn't seem practical. I am just getting involved with this setup and plan to coordinate a re-implementation.

Either way, I'll keep the group updated on if this issue is resolved or not.

Thanks again!

SMLatCST's picture

No problem, I'm glad we could help.

As always, it'd be appreciated if you could mark any posts you find useful with a "Thumbs Up" or as the Solution (if we get round to it) wink

Also, as you're looking to redesign your SEP environment, have you considered contacting the Symantec guys to point you in the direction of a partner (like ourselves) to help out?

BluePillRedPill's picture

Thanks again to everyone for your help.

Disabling LU a faulty server resolved the site LU issue.

For the record,

I added the following line of code the the file below:
scm.server.liveupdate.disabled=1

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties

---------

Obviously, we had to cycle through the servers and disable LU on each one until we could isolate which server was presenting the problem.

Thanks again to everyone for your help (Especially SML)!

SML, we plan to do the redesign in house, but if we require outside consultation I'll be sure to give you guys a call.

SMLatCST's picture

I'm glad it's all sortedyes

I couldn't trouble you to mark a post as the "Solution" could I?  Doing so will hopefully help others with similar issues who stumble upon this thread 

BluePillRedPill's picture

Yep, browser was having issues yesterday. Thanks again!