SescLU Event Id 13
This issue has been solved. See solution.
Lissome
November 9th, 2009
There is some problem with LiveUpdate in my environment. Since 5 november 15:56 GMT on every workstation every hour or so SescLU event Id 13 error appears in Application log.
Event Type: Error Event Source: SescLU Event Category: None Event ID: 13 Date: 05.11.2009 Time: 18:58:24 User: N/A Computer: HQ-W-SAPERKINL Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install..
There is error in LU log too. It seems LU on client cannot get list of available updates.
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
// Start LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
09.11.2009, 14:58:06 GMT -> LuComServer version: 3.3.0.69
09.11.2009, 14:58:06 GMT -> LiveUpdate Language: English
09.11.2009, 14:58:06 GMT -> LuComServer Sequence Number: 20080630
09.11.2009, 14:58:06 GMT -> OS: Windows XP Professional, Service Pack: 3, Major: 5, Minor: 1, Build: 2600 (32-bit)
09.11.2009, 14:58:06 GMT -> System Language:[0x0419], User Language:[0x0419]
09.11.2009, 14:58:06 GMT -> IE 6 Support
09.11.2009, 14:58:06 GMT -> ComCtl32 version: 6.0
09.11.2009, 14:58:06 GMT -> IP Addresses: 172.16.9.244
09.11.2009, 14:58:06 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
09.11.2009, 14:58:06 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
09.11.2009, 14:58:06 GMT -> Account launching LiveUpdate is not a logged in user's account
09.11.2009, 14:58:06 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
09.11.2009, 14:58:06 GMT -> LiveUpdate flag value for this run is 0
09.11.2009, 14:58:06 GMT -> **** Starting a Silent LiveUpdate Session ****
09.11.2009, 14:58:06 GMT -> *********************** Start of New LU Session ***********************
09.11.2009, 14:58:06 GMT -> The command line is -S -temphostex "C:\Program Files\Symantec\Symantec Endpoint Protection\smclu\content.zip0000" -M{E5A3EBEE-D580-421e-86DF-54C0B3739522} -updateoptout=yes
09.11.2009, 14:58:06 GMT -> ***** This LiveUpdate session is running in legacy TempHost mode. *****
09.11.2009, 14:58:06 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Silent Mode.
09.11.2009, 14:58:06 GMT -> LiveUpdate is about to launch a new callback proxy process for product SESC Virus Definitions Win32 v11 with moniker {C60DC234-65F9-4674-94AE-62158EFCA433}.
09.11.2009, 14:58:06 GMT -> Starting Callback Proxy Worker thread.
09.11.2009, 14:58:07 GMT -> The callback proxy for moniker {C60DC234-65F9-4674-94AE-62158EFCA433} was successfully registered with LiveUpdate.
09.11.2009, 14:58:07 GMT -> LiveUpdate successfully launched a new callback proxy process for product SESC Virus Definitions Win32 v11.
09.11.2009, 14:58:07 GMT -> LiveUpdate is about to execute a PreSession callback for product SESC Virus Definitions Win32 v11.
09.11.2009, 14:58:08 GMT -> The callback proxy finished executing the callback with a result code of 0x0
09.11.2009, 14:58:08 GMT -> The PreSession callback for product SESC Virus Definitions Win32 v11 completed with a result of 0x0
09.11.2009, 14:58:08 GMT -> LiveUpdate is about to launch a new callback proxy process for product Symantec Security Content B1 with moniker {E5A3EBEE-D580-421e-86DF-54C0B3739522}.
09.11.2009, 14:58:08 GMT -> The callback proxy for moniker {E5A3EBEE-D580-421e-86DF-54C0B3739522} was successfully registered with LiveUpdate.
09.11.2009, 14:58:08 GMT -> LiveUpdate successfully launched a new callback proxy process for product Symantec Security Content B1.
09.11.2009, 14:58:08 GMT -> LiveUpdate is about to execute a PreSession callback for product Symantec Security Content B1.
09.11.2009, 14:58:08 GMT -> ProductRegCom/luProductReg(PID=2108/TID=4752): Successfully created an instance of an luProductReg object!
09.11.2009, 14:58:08 GMT -> ProductRegCom/luProductReg(PID=2108/TID=4752): Path for calling process executable is C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe.
09.11.2009, 14:58:08 GMT -> ProductRegCom/luProductReg(PID=2108/TID=4752): Setting property for Moniker = {E5A3EBEE-D580-421e-86DF-54C0B3739522}, PropertyName = SEQ.CURDEFS, Value = 91104020
09.11.2009, 14:58:09 GMT -> ProductRegCom/luProductReg(PID=2108/TID=4752): Destroyed luProductReg object.
09.11.2009, 14:58:09 GMT -> The callback proxy finished executing the callback with a result code of 0x0
09.11.2009, 14:58:09 GMT -> The PreSession callback for product Symantec Security Content B1 completed with a result of 0x0
09.11.2009, 14:58:09 GMT -> Successfully released callback {6FDEE0F0-ECD7-423C-BD1C-525ECBAC7E1B}
09.11.2009, 14:58:09 GMT -> LiveUpdate has called the last callback for product Symantec Security Content B1, so LiveUpdate is informing the callback proxy that it can exit.
09.11.2009, 14:58:09 GMT -> LiveUpdate is about to launch a new callback proxy process for product Symantec Security Content A1 with moniker {812CD25E-1049-4086-9DDD-A4FAE649FBDF}.
09.11.2009, 14:58:09 GMT -> The callback proxy executable for product {E5A3EBEE-D580-421e-86DF-54C0B3739522} is exiting with no errors
09.11.2009, 14:58:09 GMT -> The callback proxy for moniker {812CD25E-1049-4086-9DDD-A4FAE649FBDF} was successfully registered with LiveUpdate.
09.11.2009, 14:58:09 GMT -> LiveUpdate successfully launched a new callback proxy process for product Symantec Security Content A1.
09.11.2009, 14:58:09 GMT -> LiveUpdate is about to execute a PreSession callback for product Symantec Security Content A1.
09.11.2009, 14:58:09 GMT -> ProductRegCom/luProductReg(PID=4408/TID=6348): Successfully created an instance of an luProductReg object!
09.11.2009, 14:58:09 GMT -> ProductRegCom/luProductReg(PID=4408/TID=6348): Path for calling process executable is C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe.
09.11.2009, 14:58:09 GMT -> ProductRegCom/luProductReg(PID=4408/TID=6348): Setting property for Moniker = {812CD25E-1049-4086-9DDD-A4FAE649FBDF}, PropertyName = SEQ.CURDEFS, Value = 91106017
09.11.2009, 14:58:09 GMT -> ProductRegCom/luProductReg(PID=4408/TID=6348): Destroyed luProductReg object.
09.11.2009, 14:58:09 GMT -> The callback proxy finished executing the callback with a result code of 0x0
09.11.2009, 14:58:09 GMT -> The PreSession callback for product Symantec Security Content A1 completed with a result of 0x0
09.11.2009, 14:58:09 GMT -> Successfully released callback {6FDEE0F0-ECD7-423C-BD1C-525ECBAC7E1B}
09.11.2009, 14:58:09 GMT -> LiveUpdate has called the last callback for product Symantec Security Content A1, so LiveUpdate is informing the callback proxy that it can exit.
09.11.2009, 14:58:09 GMT -> Progress Update: TRYING_HOST: HostName: "C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU\CONTENT.ZIP0000" URL: "C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU\CONTENT.ZIP0000" HostNumber: 0
09.11.2009, 14:58:09 GMT -> Check for updates to: Product: Symantec Security Content B1, Version: MicroDefsB.CurDefs, Language: SymAllLanguages. Mini-TRI file name: symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip
09.11.2009, 14:58:09 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
09.11.2009, 14:58:09 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 1 Downloading Mini-TRI files
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU\CONTENT.ZIP0000\symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
09.11.2009, 14:58:09 GMT -> The callback proxy executable for product {812CD25E-1049-4086-9DDD-A4FAE649FBDF} is exiting with no errors
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU\CONTENT.ZIP0000\symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symantec$20security$20content$20b1_microdefsb.curdefs_symalllanguages_livetri.zip" HR: 0x802A0033
09.11.2009, 14:58:09 GMT -> HR 0x802A0033 DECODE: E_CANT_CREATE_FILE
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0
09.11.2009, 14:58:09 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "1"
09.11.2009, 14:58:09 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 1 Downloading LiveUpdate catalog file
09.11.2009, 14:58:09 GMT -> LiveUpdate could not find the MiniTri.flg file on the server. LiveUpdate is entering legacy mode and will attempt to download the full LiveUpdate Catalog file.
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU\CONTENT.ZIP0000\livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU\CONTENT.ZIP0000\livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\livetri.zip" HR: 0x802A0033
09.11.2009, 14:58:09 GMT -> HR 0x802A0033 DECODE: E_CANT_CREATE_FILE
09.11.2009, 14:58:09 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0
09.11.2009, 14:58:09 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "1"
09.11.2009, 14:58:10 GMT -> EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server C:\PROGRAM FILES\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\SMCLU at path C:\PROGRAM%20FILES\SYMANTEC\SYMANTEC%20ENDPOINT%20PROTECTION\SMCLU\CONTENT.ZIP0000 via a LAN connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
09.11.2009, 14:58:10 GMT -> Progress Update: HOST_SELECTION_ERROR: Error: 0x802A0027
09.11.2009, 14:58:10 GMT -> LiveUpdate did not find any new updates for the given products.
09.11.2009, 14:58:10 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install. The LiveUpdate session exited with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
09.11.2009, 14:58:10 GMT -> LiveUpdate is about to execute a PostSession callback for product SESC Virus Definitions Win32 v11.
09.11.2009, 14:58:10 GMT -> The callback proxy finished executing the callback with a result code of 0x0
09.11.2009, 14:58:10 GMT -> The PostSession callback for product SESC Virus Definitions Win32 v11 completed with a result of 0x0
09.11.2009, 14:58:10 GMT -> Successfully released callback {855BA5F4-6588-4F09-AE61-847E59D08CB0}
09.11.2009, 14:58:10 GMT -> LiveUpdate has called the last callback for product SESC Virus Definitions Win32 v11, so LiveUpdate is informing the callback proxy that it can exit.
09.11.2009, 14:58:10 GMT -> The callback proxy executable for product {C60DC234-65F9-4674-94AE-62158EFCA433} is exiting with no errors
09.11.2009, 14:58:10 GMT -> *********************** End of LU Session ***********************
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
// End LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////I also used Sylink Monitor to detect possible problem:
11/09 16:24:41 [6196] Volatile op-state damper: 0, Interval passed: 3 11/09 16:24:41 [6196] Free memory difference: 1499136, Threshold: 8702970 11/09 16:24:41 [6196] Free disk space difference: 98304, Threshold: 1460830605 11/09 16:24:41 [6196] going to post event=EVENT_SYLINK_QUERY_COMMANDSTATUS 11/09 16:24:41 [6196] done post event=EVENT_SYLINK_QUERY_COMMANDSTATUS, return=0 11/09 16:24:41 [6196] ===UPLOAD STAGE=== 11/09 16:24:41 [6196] going to post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG 11/09 16:24:41 [6196] done post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG, return=0 11/09 16:24:41 [6196] ===PREPARE EVENT LOG STAGE=== 11/09 16:24:41 [6196] initialized technology extension processing ok 11/09 16:24:41 [6196] Allow total logs to send=0 11/09 16:24:41 [6196] Communication Mode=0(Push Mode) 11/09 16:24:41 [6196] Enter Push Session 11/09 16:24:41 [6196] Setting the session timeout on Profile Session (for MaintainPushConnection) to 920000 11/09 16:24:41 [6196] Push Connecton! 11/09 16:24:41 [6196] ************CSN=207451 11/09 16:24:41 [6196] Request is: action=128&hostid=37E7FE6AAC101141018F6C7DD657DA16&chk=2D5833D2F725130CB15779983ACE1EE4&ck=8613061A5A9DCB0BE2940676779C6E28&uchk=5DC25F2014C512DC98DF4A2D0B1334C8&uck=AEC182C98440B15314CC6E9F06C3A727&groupid=97B4ACDDAC10114101143614A26EABE8&mode=0&as=207451 11/09 16:24:41 [6196] http://hq-s-fscl01:80/secars/secars.dll?h=B9267BB6... 11/09 16:24:54 [6504] SyLinkCreateConfig => Created instance: 00EB7A98 11/09 16:24:54 [6504] Importing ConfigObject: 018E2178 into: 00EB7A98 11/09 16:24:54 [6504] Got ConfigObject to proceed the operation.. pSylinkConfig: 00EB7A98 11/09 16:24:54 [6504] Starting LU download. 11/09 16:24:54 [6504] LU item not ready - skipping download. 11/09 16:24:54 [6504] SyLinkDeleteConfig => Deleting instance: 00EB7A98 11/09 16:25:14 [7492] 11/09 16:25:14 [7492] 11/09 16:25:54 [6504] SyLinkCreateConfig => Created instance: 00EB7A98 11/09 16:25:54 [6504] Importing ConfigObject: 018E2178 into: 00EB7A98 11/09 16:25:54 [6504] Got ConfigObject to proceed the operation.. pSylinkConfig: 00EB7A98 11/09 16:25:54 [6504] Starting LU download. 11/09 16:25:54 [6504] LU item not ready - skipping download. 11/09 16:25:54 [6504] SyLinkDeleteConfig => Deleting instance: 00EB7A98 11/09 16:26:14 [7492] 11/09 16:26:14 [7492] ... 11/09 16:38:54 [6504] SyLinkCreateConfig => Created instance: 00EB7A98 11/09 16:38:54 [6504] Importing ConfigObject: 018E2178 into: 00EB7A98 11/09 16:38:54 [6504] Got ConfigObject to proceed the operation.. pSylinkConfig: 00EB7A98 11/09 16:38:54 [6504] Starting LU download. 11/09 16:38:54 [6504] LU item not ready - skipping download. 11/09 16:38:54 [6504] SyLinkDeleteConfig => Deleting instance: 00EB7A98 11/09 16:39:37 [7492] 11/09 16:39:37 [7492] 11/09 16:39:54 [6504] SyLinkCreateConfig => Created instance: 00EB7A98 11/09 16:39:54 [6504] Importing ConfigObject: 018E2178 into: 00EB7A98 11/09 16:39:54 [6504] Got ConfigObject to proceed the operation.. pSylinkConfig: 00EB7A98 11/09 16:39:54 [6504] Starting LU download. 11/09 16:39:54 [6504] LU item not ready - skipping download. 11/09 16:39:54 [6504] SyLinkDeleteConfig => Deleting instance: 00EB7A98 11/09 16:40:02 [6196] AH: (InetWaiting) time out. Timeout period: 920000 11/09 16:40:03 [6196] Throw Internet Exception, Error Code=4294967287;Internet Session Timeout
I tryed update my workstation from Symantec LiveUpdate and that was successfull. No errors where generated. But next update from SEPM was failure again.
There is no such SescLU errors on servers. I use only two types of install packages. One for workstations and one for servers.
Components of package for workstations: Antivirus and Antispyware Protection, Antivirus Email Protection (POP3/SMTP + MS Outlook), TruScan Proactive Threat Scan.
Components of package for workstations: Antivirus and Antispyware Protection.
Most of workstations use SEP 11.4000.2295
My workstation and couple of other use SEP 11.5002.333
Symptoms are the same for either of versions
Management server is SEPM 11.4000.2295
Filed under: Endpoint Protection (AntiVirus), Security
Try starting your
Try starting your troubleshooting with this KB -
Troubleshooting Content Delivery to the Symantec Endpoint Protection client
http://service1.symantec.com/support/ent-security....
Best,
Thomas
Clients not taking definitions from the SEPM console
First of all please check whether the SEPM has the latest virus definitions. If yes then check whether you are able to ping the client from the server and vice versa. If that is possible then create a separate test group and apply a new Liveupdate policy for that group then move one of the client machines in question to that test group and check whether it gets the update. Check the policy serial number on the SEPM console and also on the client interface they both should have the same policy serial number.
Thanks & Regards
Sandip C Sali
Strange thing was that
Strange thing was that workstations had obtained definitions in spite of error.
Anyway, yesterday i had recreated LU police and it seems that helped. Today random check showed that error is gone in Application events and LU log.
Thanks for help.
Would you like to reply?
Login or Register to post your comment.