Hello all , I have SEPM 12.1.4 MP1 running on Sv2K8 in my envoirement supporting 3000 clients . The Problem which I am facing is that Both 32Bit and 64BIT Virus definations in Content/Incoming/Inetpub folder is consuming all the HD with 30GB each.

All the space on that particular Drive has been consumed with about 300 MB Space remaining . If I add  more space to this drive then it will be consumed within few minutes . I have follwed the instruction to clear out the corrupt definations as per the articles but still no use

When I purge the corrupt definations and Disk Space is free when I reset the SEPM service then again it starts to cosume the whole Disk Space from 80GB free and it starts decreasing and within few minutes the whole space is consumed.

Prior to purging the definations I ran the SymHelp tool but  it didnt give any errors everything was fine in the result. After clearing the corrupt definations when i ran Luall.exe as per the article it failed . I am attaching the screenshot  and log.liveupdate for your refrence please tell what the problem is and how it can be fixed. Thanks

Attachment(s)

log-liveupdate.docx   391 KB 1 version

How many number of content revisions do you have set ?

Thanks for your reply James but the issue is even if you have 60GB free Disk Space then it will start decreasing and will be consumed with 10 minutes

you should decrease the revisions, under liveupdate check what to download and what not , for ex if you are not using NTP do not download NTP defs or client packages

set the revisions to 10.. that would free up lot of space.

# EDIT#  Even if the Drive has 60GB Free Disk Space then when the service is restarted after clearing the defs Disk Space  will start decreasing and eventually the whole Disk Space will be consumed within 10 minutes

my dear friends clearing the disk space or adding more space to the Disk is not an issue . Like I have said even if I clear the defs and add more disk Space then it will be consumed within few minutes.

thats why I said to decrease the revision to 10. defs will be put back from SEPM to incoming folder

even if you stop liveupdate or have no internet connection, the moment you start SEPM service, that folder will be filled again

Rafeeq and James

Let give you a clearer understanding of the problem.

Currently \inetpub\content\{535 . . .  (32-BIT Virus Defs) = 30GB

                inetpub\content\{07B. . .  (64-BIT Virus Defs)=29 GB\

                SymcData\spcVirDef32 = 800 MB

                SymcData\spcVirDef64 = 800 MB

Symantec\LiveUpdate\Downloads\" = 900 MB

Remaining Disk Space on Drive= 300 MB

Now Even if I add 20GB more to this drive then it will start decreasing as soon as I add it and eventually it will be consumed by those two Def's folder within few minutes

Now as per this article (http://www.symantec.com/docs/TECH166923 ) to clear the corrupt Defs . When I ran luall.exe from cmd it gave me the error which I added in the screenshot. Now after clearing them I managed to had 60GB free Disk space and when I restarted the SEPM service it started to decrease and after 20 minutes it was consumed again fully.

In my envoirement I have two SEPM's configured in failover this was my Primary SEPM. But becuase of this issue clients failed to connect to my this primary SEPM and now they are connected to my secondary SEPM.

Currently the number of content revisions set is 27 keeping in mind I have 3100 clients in my envoirement.

Try to decrease content revisions 27 to 10 and monitor the issue.

How to change the number of downloaded content revisions that are retained by the Symantec Endpoint Protection Manager versions 11.0. or 12.1

How would reducing the number of content revisions help in this case ? Secondly when I reduce it to 10 it would have an effect on both the SEPM's Primary and Secondary ?  I have this setup running for like 1.5 Year with the same number of content revisions

I would really appreciate if someone can tell me the reasons what is causing this behavior. Thanks  

Thanks for your replies , I would reduce it to 10 and then monitor the outcome but the part where the Disk Space starts reducing and eventually filling up is kinda strange and I would apprciate to know the reason causing this behavior.

do let us know the outcome...

I will definetly do that rafeeq but meanwhile I would really appreciate if you can share with me the technical aspect of this reducing the content revisions and the problem which is causing the whole Disk to Consume Free Disk Space ?

Hi,

It seems old definitions purge process is not working correctly.

Add the following line to the END if the conf.properties file, (the example uses a value of 5, adjust the value as necessary, the default value is 10 if no entry is present)

scm.lucontentcleanup.threshold=5

Restart the SEPM service.

Within a short period of time the numbered content folders should adjusted to the value that you selected

If the number and size of files in the Symantec Endpoint Protection Manager\Inetpub\Content folder continues to grow even after upgrading the Symantec Endpoint Protection Manager to the latest version, the SEPM database has become corrupted.

You dont need to edit the config file, you can enter the value on the console..

http://www.symantec.com/business/support/index?page=content&id=TECH96214

Thanks for your reply Chetan. SEPM's is already running with the latest version.

I have two SEPM's running in failover mode , SEPM1 and SEPM2 with a SQL DB.

This behavior is occuring only on SEPM1

 Hi,

Make sure you have allocated minimum disk space as per System requirements article

Small Business Edition: 16 GB available minimum; 100 GB available recommended.
Enterprise version: 16 GB available minimum (100 GB recommended) for the management server; 40 GB available minimum (200 GB recommended) for the management server and a locally installed database

http://www.symantec.com/business/support/index?page=content&id=TECH163829&actp=search&viewlocale=en_US&searchid=1340734728291