Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Single GUP Configuration

  • 1.  Single GUP Configuration

    Posted Jun 04, 2013 03:43 AM

    Hi to all,


    I want to configure a client to apply Updates to workstations of a group away from Central Offices because every morning it takes a lot of bandwidth.

    Here is the scenario:

    I have two offices: OfficeNo1 and OfficeNo2.

    SEPM is installed on OfficeNo1. 

    I have create a group for OfficeNo1 and a group for OfficeNo2 and add the workstations and servers to the right group.

     

    Then i have select a server from OfficeNo2 (which is on the group OfficeNo2) and i have configure as a Single Group Update Provider by adding the ip of the server.

    Also i have chenge the LiveUpdate Policy fro group OfficeNo2.

    After that clients of OfficeNo2 are still getting updates from SEPM from OfficeNo1.

     

    Am i doing something wrong?

     

    Thank you



  • 2.  RE: Single GUP Configuration

    Posted Jun 04, 2013 03:52 AM

    Kindly cross verify that the client which you are using for GUP Server is really a work as GUP.

    To check the below folder avail or not?

    For 32 bit machine, it is located in
    C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.x.x.x\Bin\SharedUpdates.

    For 64 bit machine, it is located in
    C:\Program Files(x86)\Symantec\Symantec Endpoint Protection\12.1.x.x.x\Bin64\SharedUpdates

    Check the GUP Health

    https://www-secure.symantec.com/connect/downloads/new-sep-content-distribution-monitor-gup-health-checking

    Try the attach document step to configure the GUP

    Configuring the Group Update Provider (GUP) in Symantec Endpoint Protection 11.0 RU5

    http://www.symantec.com/business/support/index?page=content&id=TECH96419&locale=en_US

    How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

    Article:TECH97190  |  Created: 2009-01-03  |  Updated: 2011-08-16  |  Article URL http://www.symantec.com/docs/TECH97190

    How to analyze Debug logs from GUP to determine which clients are taking definitions from GUP



  • 3.  RE: Single GUP Configuration

    Broadcom Employee
    Posted Jun 04, 2013 03:54 AM

    have you set to bypass GUP?

    is the GUP available?



  • 4.  RE: Single GUP Configuration

    Posted Jun 04, 2013 04:17 AM

    Does the GUP System showing True as per screen shot ?

     

    GP.JPG

    Configuring the Group Update Provider (GUP) in Symantec Endpoint Protection 11.0 RU5

    http://www.symantec.com/business/support/index?page=content&id=TECH96419&locale=en_US

    How to: Setup a Group Update Provider (GUP)

    http://www.symantec.com/business/support/index?page=content&id=TECH105005&locale=en_US



  • 5.  RE: Single GUP Configuration

    Posted Jun 04, 2013 04:20 AM

    Hi technical_specialist,

    Yes, the folder is on C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.x.x.x\Bin\SharedUpdates

    I have download and run the bat file from Check the GUP Health with no results.

    Based on the attached file i have make the configuration.

     

     @Pete: Where is the configuration to bypass GUP?

     

    Thank you 



  • 6.  RE: Single GUP Configuration

    Posted Jun 04, 2013 04:24 AM

    Check this

    Symantec Endpoint Protection clients are not getting content updates from configured Group Update Providers

    Article:TECH98121  |  Created: 2009-01-15  |  Updated: 2011-03-30  |  Article URL http://www.symantec.com/docs/TECH98121

     



  • 7.  RE: Single GUP Configuration

    Posted Jun 04, 2013 04:30 AM

    Hello,

    How you verify the Client are getting defintion from Live Update? Enable Sylink debugging

    How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

    Article:TECH97190  | Created: 2009-01-03  | Updated: 2011-08-16  | Article URL http://www.symantec.com/docs/TECH9719
     

    *Edit*

    What the setting you have configured in GUP?

    Maximum time that clients try to download updates from a Group Update Provider before trying the default management server (It is never or time set)?

     

    Understanding and Identifying the different Group Update Provider (GUP) Options in SEP 11.0.5 RU5 and Later

    Article:TECH139867  |  Created: 2010-09-15  |  Updated: 2011-07-04  |  Article URL http://www.symantec.com/docs/TECH139867
     

     



  • 8.  RE: Single GUP Configuration

    Posted Jun 04, 2013 04:32 AM

    One more Check are you able telnet port 2967 SEP client to GUP working or not ?

    Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

    Article:TECH104539  |  Created: 2008-01-01  |  Updated: 2011-09-15  |  Article URL http://www.symantec.com/docs/TECH104539

     



  • 9.  RE: Single GUP Configuration

    Posted Jun 04, 2013 04:47 AM
    Hello Dear, Plz open the 2967 port in GUP (Group Update Provider) server for SEP client machines. If the GUP server not provide the update to client machine after half hour automatically client machines taking update management server. If you want client taking update only by GUP server mark on never...under the GUP server live update policy. And also install the server package on SEP GUP server machine..Not install the full feature package. Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP) http://www.symantec.com/docs/TECH104539 Which communication ports does Symantec Endpoint Protection use? http://www.symantec.com/docs/TECH163787 How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs) http://www.symantec.com/docs/TECH97190


  • 10.  RE: Single GUP Configuration

    Broadcom Employee
    Posted Jun 04, 2013 05:25 AM

    Hi,

    Test SEP to GUP and GUP to SEPM communication

    http://www.symantec.com/docs/TECH153328 

    You also should be able to telnet to Port 2967 on the GUP and see the connection in the GUP logs.
     
    Additionally, basic network testing of the network segments between the SEPM, associated GUP and associated SEP clients should be accomplished.
    for example: {While at the command prompt at the SEP client.} Tracert GUP_IP or GUP_FQDN
     
    Trace Route (Tracert) will display the number of hops from the source to the destination.  It will also show the amount of latency involved on a per hop basis.
    Ideally, there will be as few hops between associated systems as possible and the latency will be under 20 Milliseconds per hop.
     
    Make sure SEPM and GUP client is having the correct policy serial number.
     
    Check this article as well: 
     
    Group Update Provider is not updating all the clients
     
    http://www.symantec.com/docs/TECH140798 

     



  • 11.  RE: Single GUP Configuration

    Posted Jun 04, 2013 05:59 AM

    If your client has indeed got the role of gup then you will see the SharedUpdates folder under

    C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates

    do you see it?

    the GUP and SEPM should be running same version.

    In the Liveupdate policy there is a setting to fail over to SEPM if clinet unable to get it from GUP

    you can set it to get only from GUP. check these settings and then run update policy.



  • 12.  RE: Single GUP Configuration

    Posted Jun 04, 2013 10:36 AM

    Hi,

    in the Server Settings of the Office N.2 Policy, do you have both, "use the management server" and "use a group update provider" selected?

    If yes, have you checked if the GUP himself is up to date? if the "maximum time that client try to download updates from a GUP before trying the default management server" is set to never?

    After configuring the new Live Update Policy for OfficeNo2, you assigned this policy to the group where there is the Server GUP. So the GUP has the same policy as the client? (or do you created a dedicated group for only for the GUP Server and assigned a policy downloading updates from the manager, and acting as a gup?)

    if policies are configured at the top level "my-company", you disabled the inherit policy, and still have updates downloaded from the management server.

    You made change on the live update policy after that the inherit policy have been disabled, but the policy is still a shared policy?