Endpoint Protection

 View Only

  • 1.  SEPM stops downloading definitions every 4-7 days, err code 4

    Posted Apr 25, 2014 06:24 AM
      |   view attached

    Hi Guys,

    Have an issue with my SEPM 11.0.7405.1424.  Every week or so, it just stops downloading definitions, which leads to a croshendo effect to all my clients obviously.

    This started occuring after I upgraded it to this version to patch a security vunerability

    A restart of the server, will generally make it download again, restarting the services does not.

    Here is the error logged. I've had a look on knowledge bases for all the usual fixes but they have not worked.

    25 April 2014 11:04:23 BST:  LiveUpdate failed.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
    25 April 2014 11:04:23 BST:  LUALL.EXE finished running.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
    25 April 2014 11:04:23 BST:  LiveUpdate encountered one or more errors. Return code = 4.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
    25 April 2014 11:00:22 BST:  Client traffic logs have been swept.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
    25 April 2014 10:59:57 BST:  LUALL.EXE has been launched.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]

    Nothing has chnaged or is blocked in regards to allowing the SEPM un-auethaticated access to liveupdate sites.

    I've re-registered liveupdate, 'lucatalog -cleanup/ -update' to no effect.

    I've removed liveupdate and reinstalled it / re-registered it. no change

     

    This server was updating happily for years, then ever since the update there has been a problem.

    Please advise the logs you require to troubleshoot this.

    I've attached my log.liveupdate for your analysis.

    Thank you very much SEPM guns!

    regards

    Keir

     

    Attachment(s)

    zip
    Keir-Log.Liveupdate.zip   1.55 MB 1 version


  • 2.  RE: SEPM stops downloading definitions every 4-7 days, err code 4

    Posted Apr 25, 2014 06:31 AM

    Are you using proxy ?
     

    "Error: LiveUpdate encountered one or more errors. Return code = 4" in LiveUpdate status in Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=TECH103112

     

    LiveUpdate couldn't expand replacement path [sesmvirdef64InstallDir]

     

    see this

    LiveUpdate fails on the Symantec Endpoint Protection Manager with errors in Log.LiveUpdate similar to "LiveUpdate couldn't expand replacement path [spcIronWl-incr-InstallDir]."

    http://www.symantec.com/business/support/index?page=content&id=TECH201511

     



  • 3.  RE: SEPM stops downloading definitions every 4-7 days, err code 4

    Posted Apr 25, 2014 06:34 AM

    You can enable some advanced debugging

    How to debug the Symantec Endpoint Protection Manager



  • 4.  RE: SEPM stops downloading definitions every 4-7 days, err code 4

    Posted Apr 25, 2014 06:34 AM

    Your SEPM is not able to reach the liveupdate server out on the internet. thats why its failing

    From the logs

    HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    25/04/2014, 09:27:34 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0045, Num Successful: 0
    25/04/2014, 09:27:34 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER

     

    EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server liveupdate.symantecliveupdate.com at path  via a HTTP connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.

    any change on your firewall? using proxy? is it properly configigured in SEPM an in IE?

    from the logs its not using any proxy

     PRE_CONNECT: Proxy: "(not-available)" Agent: "NcAQ8BCaQ16p6Roz9mRyEoqmC7g3ClaUwAAAAA" AccessType: 0x0       
    25/04/2014, 09:27:34 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "NcAQ8BCaQ16p6Roz9mRyEoqmC7g3ClaUwAAAAA" AccessType: 0x0       

     

     

     



  • 5.  RE: SEPM stops downloading definitions every 4-7 days, err code 4

    Broadcom Employee
    Posted Apr 25, 2014 11:43 AM

    Hi,

    Thank you for posting in Symantec community

    What's the liveupdate frequency?

    Try the following article if not tired yet.

    Symantec Endpoint Protection Manager 12.1 is not updating 32-bit or 64-bit virus definitions due to corrupt content

    http://www.symantec.com/docs/TECH166923

    When SEPM stops receiving updates verify the connectivity. Refer this article in that case.

    How to determine whether your firewall is blocking LiveUpdate

    http://www.symantec.com/docs/TECH139451



  • 6.  RE: SEPM stops downloading definitions every 4-7 days, err code 4

    Posted May 04, 2014 02:51 AM

    Do you need more help here ?

    If you have received your answer please update your thread (Mark A Solution).If multiple post help you please select "Request split solution" option



  • 7.  RE: SEPM stops downloading definitions every 4-7 days, err code 4

    Posted May 05, 2014 01:42 AM

     

    LiveUpdate concludes with Error code LU1814 while trying to update Symantec Endpoint Protection Manager Replication partner

    Article:TECH177465  |  Created: 2011-12-21  |  Updated: 2013-06-12  |  Article URL http://www.symantec.com/docs/TECH177465

    https://www-secure.symantec.com/connect/forums/luallexe-problem



  • 8.  RE: SEPM stops downloading definitions every 4-7 days, err code 4

    Posted May 05, 2014 03:15 AM

    Hello, 

    Are you using any proxy on this network? And check is there enough disk space on the SEPM server to occupy new update.

    Regards

    Ajin