Video Screencast Help

SEPM not recieving updates from LUA

Created: 10 Jan 2011 • Updated: 14 Feb 2011 | 18 comments
This issue has been solved. See solution.

I currently have a call open with Symantec at the moment on this but as of yet we have been unable to resolve the issue.

Currently we have a SEPM that for some reason is not recieving the latest definitions from the LUA. Manager was recieving updates fine up until just before 22/12/10. We are having to manually update the defs with the JDB file. Even when we go to Admin>Servers>Local Site>Download LiveUpdate Content it speaks to the LUA and checks for latest updates but still does not update the Manager with the latest definitions, it reports that current definitions are up to date. 

SEM is on RU6 MP1 (11.0.6100.XXXX) Windows 2003 SP2

LUA is on version 2.2.2.9

Comments 18 CommentsJump to latest comment

Rafeeq's picture

is there a firewall between your sepm and LUadmin?

clear sepm corrupt definition.

start - run  - type luall.exe

check if that goes to luadmin

post the log.liveupdate from the sepm..

sandeep_sali's picture

Check for the configuration changes such as Firewall, Proxy etc. The event viewer should help you to trace the cause for the definition download failure. Try synchronizing the catalog with the Symantec Live update Serve rand then try to download the definitions. 

 

 

Thanks & Regards

Sandeep C Sali

GeoGeo's picture

Hi,

There's no Firewall between the LUA and the SEPM and the proxy settings have remained the same.

AttachmentSize
LiveUpdate.txt 4.67 MB

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

Rafeeq's picture

did u clear the definitions and run the download again?

the log says it has latest defs so it skipped the defs. whats the version of your IE?

GeoGeo's picture

Hi Rafeeq,

Sorry I didn't clear it have done it again with cleared defs.

Try this one.

AttachmentSize
LiveUpdate2.txt 5.3 MB

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

Rafeeq's picture

 

  1. Click Start, then Run.
  2. Type cmd, then click OK. This will bring up a command prompt.
  3. At the command prompt type cd and the path to lucatalog.exe. By default the command would be: 

    cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
     

  4. Type lucatalog.exe -cleanup
  5. wait for 2 mins
  6. type lucatlog.exe -updatew
  7. wait for 2 mins
  8. run the update again
GeoGeo's picture

Tried that was one of the first things we tried with the symantec engineer but no luck. Just ran it again now and still no change.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

GeoGeo's picture

Anyone else got any other ideas I can try?

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

AravindKM's picture

Wheter your LUA is updated?Check its event logs.Wheter  your download and distribition schedules are running fine?Some times it is observed tht LUA services will be in running condition and no schedules will work.If that is the case if you restart both LUA services most of the cases it will work fine...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

GeoGeo's picture

Download and Distribution logs are confirmed at 100% on the LUA. Even when you go to the SEPM admin and click on download latest updates it runs and says everything is up to date even though they are not.

An already restarted the LUA's with no affect

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

AravindKM's picture

Create a new group and move one or two pc to it.In the LU policy of the group select only live update server and add your internal live update there.Then update the policy of the client and see whether it is able to receive updates from it.If it is able to receive updated try by cleating the defs from SEPM.You can refer following article for doing this.

 

How to clear corrupt Virus Definitions from SEPM

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

GeoGeo's picture

Hi AravindKM

Already tried that clients can recieve updates directly from symantec and the manager. But need the manager to pick up updates from the LUA as it's not able to go out to the internet and pick them up directly from symantec.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

AravindKM's picture

Reinstall liveupdate in the server and try.Refer this KB

How to Uninstall and Reinstall LiveUpdate When a Symantec Endpoint Protection Manager or Symantec Endpoint Protection Client is Installed

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

GeoGeo's picture

Tried the re-install liveupdate and still no joy :(

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

Doit1203's picture

Hello,

I have read your comments very interested, because I have exact the same problem. I have tried all the steps you have described, but the problem is still there.

We have two LiveUpdate-Administrators and 4 SEP Managers. When I configure the liveupdate policy for the clients to connect directly to the LiveUpdate-Server then all signatures were updated. When I configure the policy to automatically download the update from the SEP Manager the updates were not assinged and in the LiveUpdate "Donwload  Status" in the SEP Manager old virus signatures are shown.

I think it is not a problem of LUA ?!

Next step for me is to open a incident for this problem

RickJDS's picture

Same here, not running LUA though.  I have an open case too - 413551082.  2 - 1/2 hours on the phone with tech support and no resolution.  Deleted old defs, increased timeout and still get 1835 errors with live update.  This is not a firewall issue as I can download ZIP and JDB files from the server without problems.  Uninstalled/reinstalled liveupdate twice.  Is this another corrupt definition problem that we went through in 2009?

GeoGeo's picture

Not sure what's going on but case I've had open with symantec is two weeks old today. Been on to symantec engineers everyday but no joy. Hoping to get this resolved today requested the call be escalated as really need to get this resolved.

Fingers crossed I'll have some good news today.

Also aditional issue has happened as the LUA was working perfectly downloading the updates on http. A setting was adjusted when speaking to engineer and now LUA will not connect to liveupdate either via http or ftp. Then to be told there was something wrong with our settings put the icing on the cake. As the LUA was connecting fine before the engineer adjusted the settings.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

GeoGeo's picture

After many weeks we have finally found the solution. We ended up setting up a backup lua from fresh. When we sat there and compared them with symantec we discovered that the catalogue on the faulty lua was updating the catalogue and in turn was not downloading version 2 definitions. We completly removed the download and distribution schedules and had to manually update the catalogue before these version 2 definitions would appear in the virus definition catalogue. After that was updated the SEPM's seem to pick up the updates with no further issues. Hope this helps anybody with a similar issue in the future.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

SOLUTION