Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM stops downloading definitions every 4-7 days, err code 4

Created: 25 Apr 2014 | 7 comments

Hi Guys,

Have an issue with my SEPM 11.0.7405.1424.  Every week or so, it just stops downloading definitions, which leads to a croshendo effect to all my clients obviously.

This started occuring after I upgraded it to this version to patch a security vunerability

A restart of the server, will generally make it download again, restarting the services does not.

Here is the error logged. I've had a look on knowledge bases for all the usual fixes but they have not worked.

25 April 2014 11:04:23 BST:  LiveUpdate failed.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
25 April 2014 11:04:23 BST:  LUALL.EXE finished running.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
25 April 2014 11:04:23 BST:  LiveUpdate encountered one or more errors. Return code = 4.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
25 April 2014 11:00:22 BST:  Client traffic logs have been swept.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]
25 April 2014 10:59:57 BST:  LUALL.EXE has been launched.  [Site: De Beers UK MK]  [Server: DTC-STJ-SEP-01]

Nothing has chnaged or is blocked in regards to allowing the SEPM un-auethaticated access to liveupdate sites.

I've re-registered liveupdate, 'lucatalog -cleanup/ -update' to no effect.

I've removed liveupdate and reinstalled it / re-registered it. no change

This server was updating happily for years, then ever since the update there has been a problem.

Please advise the logs you require to troubleshoot this.

I've attached my log.liveupdate for your analysis.

Thank you very much SEPM guns!

regards

Keir

Operating Systems:

Comments 7 CommentsJump to latest comment

James007's picture

Are you using proxy ?
 

"Error: LiveUpdate encountered one or more errors. Return code = 4" in LiveUpdate status in Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH103112

LiveUpdate couldn't expand replacement path [sesmvirdef64InstallDir]

see this

LiveUpdate fails on the Symantec Endpoint Protection Manager with errors in Log.LiveUpdate similar to "LiveUpdate couldn't expand replacement path [spcIronWl-incr-InstallDir]."

http://www.symantec.com/business/support/index?page=content&id=TECH201511

Rafeeq's picture

Your SEPM is not able to reach the liveupdate server out on the internet. thats why its failing

From the logs

HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
25/04/2014, 09:27:34 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0045, Num Successful: 0
25/04/2014, 09:27:34 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER

EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server liveupdate.symantecliveupdate.com at path  via a HTTP connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.

any change on your firewall? using proxy? is it properly configigured in SEPM an in IE?

from the logs its not using any proxy

 PRE_CONNECT: Proxy: "(not-available)" Agent: "NcAQ8BCaQ16p6Roz9mRyEoqmC7g3ClaUwAAAAA" AccessType: 0x0       
25/04/2014, 09:27:34 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "NcAQ8BCaQ16p6Roz9mRyEoqmC7g3ClaUwAAAAA" AccessType: 0x0       

Brɨan's picture

You can enable some advanced debugging

How to debug the Symantec Endpoint Protection Manager

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community

What's the liveupdate frequency?

Try the following article if not tired yet.

Symantec Endpoint Protection Manager 12.1 is not updating 32-bit or 64-bit virus definitions due to corrupt content

http://www.symantec.com/docs/TECH166923

When SEPM stops receiving updates verify the connectivity. Refer this article in that case.

How to determine whether your firewall is blocking LiveUpdate

http://www.symantec.com/docs/TECH139451

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

James007's picture

Do you need more help here ?

If you have received your answer please update your thread (Mark A Solution).If multiple post help you please select "Request split solution" option

chin_aust's picture

LiveUpdate concludes with Error code LU1814 while trying to update Symantec Endpoint Protection Manager Replication partner

Article:TECH177465  |  Created: 2011-12-21  |  Updated: 2013-06-12  |  Article URL http://www.symantec.com/docs/TECH177465

https://www-secure.symantec.com/connect/forums/lua...

AjinBabu's picture

Hello, 

Are you using any proxy on this network? And check is there enough disk space on the SEPM server to occupy new update.

Regards

Ajin