Endpoint Protection

I noticed that liveupdate on my SEPM server was failing intermittently (most of the time it runs fine).
A while ago, I had an INTERNAL liveupdate server listed as the "liveupdate source server" on my SEPM. I no longer have this listed, since my SEPM server now has a direct Internet connection.
I started to look at the logs when the failures occur and noticed that it's trying to connect to the previously listed internal liveupdate server when the failure occurs.

Why is liveupdate still trying to connect to a server that I no longer have listed. Any idea where this setting is being kept?

I actually found a registry key pointing to the internal liveupdate server (even though it's NOT listed in the console anymore)
I deleted the key, hopefully this problem should be solved.

I will mark it solved in a few days.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel\LANDesk\VirusProtect6\CurrentVersion\LiveUpdateSource

Can you post Liveupdate logs?

Are u the only administrator of SEPM????

You can go to command pompt. Change the directory to point protection manager\bin

run a command    lucatalog -update

Let us know if the issue persists after that.

Cheers,
Aniket

For some reason the registry key mentioned in my above post keeps appearing every few days even after I delete the whole liveupdate key.
When you look in the SEPM console, there is no liveupdate source as the picture above shows.

Strange...

Hi Bjohn,

I would like to mention that all the settings related to proxy and liveupdate servers are actually in the setting.liveupdate file
we can find that under

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate  you can open the settings.liveudpate in a notepad and check the hosts colum, it should be something like this if the system is going out using internet for liveupdate.

HOSTS\0\ACCESS=liveupdate.symantecliveupdate.com
HOSTS\0\ACCESS2=http://liveupdate.symantecliveupdate.com
HOSTS\0\IS_SYMANTEC:ENC=N%9-U,&[>@M
HOSTS\0\LOGIN:ENC=YBR#A%5\(CI
HOSTS\0\NAME=liveupdate.symantecliveupdate.com
HOSTS\0\PASSWORD:ENC=YBR#A%5\(CI
HOSTS\0\SUBNET=0.0.0.0
HOSTS\0\SUBNETMASK=0.0.0.0
HOSTS\0\TYPE=HTTP
HOSTS\1\ACCESS=liveupdate.symantec.com
HOSTS\1\ACCESS2=http://liveupdate.symantec.com
HOSTS\1\IS_SYMANTEC:ENC=N%9-U,&[>@M
HOSTS\1\LOGIN:ENC=YBR#A%5\(CI
HOSTS\1\NAME=liveupdate.symantec.com
HOSTS\1\PASSWORD:ENC=YBR#A%5\(CI
HOSTS\1\SUBNET=0.0.0.0
HOSTS\1\SUBNETMASK=0.0.0.0
HOSTS\1\TYPE=HTTP
HOSTS\2\ACCESS=update.symantec.com/opt/content/onramp
HOSTS\2\ACCESS2=ftp://update.symantec.com/opt/content/onramp
HOSTS\2\IS_SYMANTEC:ENC=N%9-U,&[>@M
HOSTS\2\LOGIN:ENC=V!0QDU7."^$C(%+!24M?+A
HOSTS\2\NAME=update.symantec.com
HOSTS\2\PASSWORD:ENC=L"`';1^I=[DC(%+!24M?+A
HOSTS\2\SUBNET=0.0.0.0
HOSTS\2\SUBNETMASK=0.0.0.0
HOSTS\2\TYPE=FTP

0 has the priority then comes 1 and then 2, so if you want to change , just reverse the values, hope this helps to figure out how liveupdate works ,

I'm on 2008, so the file is in C:\ProgramData\Symantec\LiveUpdate I believe:

When I checked this file, I only have HOSTS\0 and it is pointing to my internal liveupdate server.

I went to Admin > Servers > Local Site > Edit Site Properties > LiveUpdate Tab > Edit Source Servers.
Choose "Use a specified internal liveupdate server" and added a server as "test"

I wanted to know if the settings.liveupdate file change when I did this, and it did NOT!

Any idea why?

Can I copy the settings you have for HOSTS\0 to my own settings.liveupdate?

Strange, when I added "test" as mentioned above, it seems to have edited C:\Program Files (x86)\Symantec\LiveUpdate\Settings.Hosts.LiveUpdate

settings.liveupdate would be a read only file, u have to uncheck the if you want to edit it, what ever changes you make on sepm or sep, related to liveudpate those get edited here.
You can copy my host settings no harm, or else u may replace settings.liveupdate from any other server which is running fine. Hope this info helped u , good day