Video Screencast Help

SEPM is not regularly updating clients

Created: 12 Sep 2012 | 17 comments

If I look at the Computer status logs they are all either 5 or 3 days out of date. If I go to one client it sais it is waiting for the manager to give it the updates. I get a status message (email) from SEPM which sais that no response has been had for 10 mins. I have tried to run the DB Validator.bat using the "Run s Admin" command but it reports "The system cannot find the path specified.". I think this has been like this since I installed some months aga.

Comments 17 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Could you let us know what version of the SEPM and SEP client running on?

What OS are these 2 machines carrying?

Could you please upload us the sylink.log from 1 of the client machines so that we could check the root cause of the issue?

Check this Article on how to collect the sylink.loghttp://www.symantec.com/docs/TECH104758

Secondly, work on the articles below to troubleshoot the issue.

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Troubleshooting communication problems between the management server and the client

http://www.symantec.com/docs/HOWTO55017

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

http://www.symantec.com/docs/TECH95790

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

I hope database is in running condition.

First check whether SEPM is receiving the latest updates or not?

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

http://www.symantec.com/docs/TECH166923

If SEPM is updated then make sure policies are updated on all the clients, force update policy on all the clients.

Policy serial number should be the same.Screenshot is attached to the reference.

 

If above steps didn't help, check following articles.

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Troubleshooting communication problems between the management server and the client

http://www.symantec.com/docs/HOWTO55017

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

omits's picture

To answer the question "First check whether SEPM is receiving the latest updates or not?" The last update was in SEPM was showing 10th May 2012. When I click "Download Liveupdate Content." Every one fails. When I click "Show Live Update Status" It shows last update "16th Sept 2012" and "Next..." Thurs 10th May 2012.

This is really wierd!

 

Thanks for your time.

-----------------------------

omits's picture

I have found no error messages.

In the SEPM My Company - Default Group there is no "Details" or "Installed packages" tabs.

 

 

Thanks for your time.

-----------------------------

Chetan Savade's picture

Hi,

Reinstall liveupdate.

Remove it through add/remove programs, reinstall it & don't forget to re-register it

After reinstall go through the following steps to re-register it.

    Open a command window, then browse to:
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
    Type lucatalog -cleanup and press Enter.
    Type lucatalog -forcedupdate and press Enter.
    Run LiveUpdate to verify that there are no errors.

After following above suggested steps go to control panel again & select Symantec endpoint protection manager & click on repiar.

After successful repair, download liveupdate content through the SEPM console.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Chetan Savade's picture

Hi,

Is there any update?

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

omits's picture

Yes, I tried to repair SEPM and it went through a rollback action and reported it was interupted and that it failed. I did that twice. It went nearly to the end of "Copying new files" and then rolled back again with "Fatal error during installation".

PLEASE also note: Above I was asked to reinstall Live Update. There is no such program listed in my programs and Features. If I need it how do I install it?

Additional info: I have run the support tool V1.0.6030 and it shows error amongst which it sai the verion of SEPM I have:

Symantec Endpoint Protection 12.1, RU1(12.1.1000.15

Is out of date and I need:

 

Symantec Endpoint Protection 12.1, RU1 MP1(12.1.1101.401)

How do I get it as my account does not show latest version numbers?

Attached is the full report file from the tool:

 

 

AttachmentSize
SymantecReport.zip 625.39 KB

 

Thanks for your time.

-----------------------------

Chetan Savade's picture

Hi,

It's strange that liveupdate is not present under Programs & Features.

Download liveupdate setup from the following location:

ftp://ftp.symantec.com/public/english_us_canada/li...

After live update installs please register it as guided above

Do you have original setup files?

After the successful live update install, try to repair SEPM with the help of original setup files.

If the above steps didn't help please pass on RORU logs, it would be present under temp folder.

Logs can help us to find out why SEPM repair is rolling back.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

omits's picture

Result so far. 1. I have installed Live update BUT I do not know how to register it (it has not asked to be registered OR there is no "register" link in the program. 2. I have used it to update the client on the SBS server and that seemed to work. 3. I tried to update the SEPM and that seemed to work but there were some problems "...could not update...". I have copied the result report here: 21 September 2012 10:55:37 BST: LiveUpdate succeeded. [Server: ] 21 September 2012 10:55:37 BST: LUALL.EXE finished running. [Server: ] 21 September 2012 10:55:35 BST: LUALL.EXE successfully updated the content. Return code = 0. [Server: ] 21 September 2012 10:55:32 BST: No updates found for SPC AntiVirus Client Mac 12.1 (English). [Server: ] 21 September 2012 10:55:31 BST: No updates found for Symantec Endpoint Protection Win64 12.1 (English). [Server: ] 21 September 2012 10:55:31 BST: No updates found for Symantec Endpoint Protection Win32 12.0.1001.95 (English). [Server: ] 21 September 2012 10:55:31 BST: No updates found for Symantec Endpoint Protection Win32 12.1 (English). [Server: ] 21 September 2012 10:55:29 BST: Symantec Endpoint Protection Manager could not update Centralized Reputation Settings 12.1. [Server: ] 21 September 2012 10:55:29 BST: No updates found for SONAR scan engine Win32 11.0. [Server: ] 21 September 2012 10:55:29 BST: Symantec Endpoint Protection Manager could not update AP Portal List 12.1 RU2. [Server: ] 21 September 2012 10:55:29 BST: No updates found for TruScan proactive threat scan commercial application list Win32 11.0. [Server: ] 21 September 2012 10:55:29 BST: No updates found for SONAR scan whitelist Win64 11.0. [Server: ] 21 September 2012 10:55:29 BST: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win32 12.1. [Server: ] 21 September 2012 10:55:29 BST: No updates found for Intrusion Prevention signatures Win64 11.0. [Server: ] 21 September 2012 10:55:28 BST: No updates found for Client Intrusion Detection System signatures 12.1. [Server: ] 21 September 2012 10:55:28 BST: Symantec Endpoint Protection Manager could not update Revocation Data. [Server: ] 21 September 2012 10:55:28 BST: No updates found for SONAR scan engine Win64 11.0. [Server: ] 21 September 2012 10:55:28 BST: No updates found for Submission Control signatures 11.0. [Server: ] 21 September 2012 10:55:28 BST: No updates found for Submission Control signatures 12.1. [Server: ] 21 September 2012 10:55:28 BST: No updates found for SONAR scan data 11.0. [Server: ] 21 September 2012 10:55:28 BST: Symantec Endpoint Protection Manager could not update Symantec Whitelist 12.1. [Server: ] 21 September 2012 10:55:27 BST: No updates found for SONAR Heuristics engine 12.1. [Server: ] 21 September 2012 10:55:27 BST: No updates found for SONAR scan whitelist Win32 11.0. [Server: ] 21 September 2012 10:55:27 BST: No updates found for TruScan proactive threat scan commercial application list Win64 11.0. [Server: ] 21 September 2012 10:55:27 BST: No updates found for SEPM LiveUpdate Database 12.1. [Server: ] 21 September 2012 10:55:27 BST: No updates found for SONAR scan commercial application engine 11.0. [Server: ] 21 September 2012 10:55:27 BST: Symantec Endpoint Protection Manager could not update Extended File Attributes and Signatures 12.1 RU2. [Server: ] 21 September 2012 10:55:27 BST: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win64 12.1. [Server: ] 21 September 2012 10:55:26 BST: No updates found for Symantec Endpoint Protection Manager Content Catalog 12.1. [Server: ] 21 September 2012 10:55:26 BST: No updates found for Intrusion Prevention signatures Win32 11.0. [Server: ] 21 September 2012 10:47:22 BST: LUALL.EXE has been launched. [Server: ] 21 September 2012 10:47:20 BST: Download started. [Server: ] AM I working now?

 

Thanks for your time.

-----------------------------

Chetan Savade's picture

Hi Omit,

I had given steps to register liveupdate.

Open a command window, then browse to:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
Type lucatalog -cleanup and press Enter.
Type lucatalog -forcedupdate and press Enter.
Run LiveUpdate to verify that there are no errors.

The attached report is very difficult to read, could you please attach the screenshot?

If SEPM itself updates regularly and providing updates to clients as well then you can assume it's working fine.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

omits's picture

Chetan, thanks. I did that and it was OK. I have now opened SEPM and performed an update command on the server cient. The server client reported that the client was already up2date. SEPM then reported the command had been done. So I assume now that both SEPM and Client are working OK. I will ceck the other clients (windows clients) when staff turn them on Monday.

So I will close this Thread. Thanks for your time.

 

Thanks for your time.

-----------------------------

.Brian's picture

Don't forget to mark whichever post helped you the most as "Solved"

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

omits's picture

Problem now arises again. Scheduled update show failed.

30 October 2012 09:10:59 GMT: LiveUpdate failed. [Server: SERVER]
30 October 2012 09:10:59 GMT: LUALL.EXE finished running. [Server: SERVER]
30 October 2012 09:10:59 GMT: LiveUpdate encountered one or more errors. Return code = 4. [Server: SERVER]
30 October 2012 09:09:53 GMT: LUALL.EXE has been launched. [Server: SERVER]
30 October 2012 09:09:51 GMT: Download started. [Server: SERVER]

Advice appreciated.

 

Thanks for your time.

-----------------------------

Ashish-Sharma's picture

Try This
Error: LiveUpdate encountered one or more errors. Return code = 4" in LiveUpdate status in Symantec Endpoint Protection Manager
http://www.symantec.com/business/support/index?pag...

Thanks In Advance

Ashish Sharma