Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Endpoint Clients not updating from management server

Created: 19 Apr 2012 • Updated: 19 Apr 2012 | 26 comments

We have Symantec Endpoint Protetion version 11.0 and that is configured as server and clients has to pull update from that management server but that is not happening all the client pulling updates from symantec liveupdate so when i change settings in live update first one use a default mamagement server recommended is enabled and use a liveupdate server is also enabled and in that below use a default symantec live update server is ticked .so when i remove use liveupdate server option none of the clients are updating so what needs to be done so that clients pull update from internal server .

Comments 26 CommentsJump to latest comment

greg12's picture

Check if your SEPM has current definitions. Please post a screenshot of the following form:

Admin > Servers > Local Site > Show LiveUpdate downloads

Valliappan's picture

This is the screenshot which shows updates of last year

how to troubleshoot this

Thanks
Valliappan

pete_4u2002's picture

SEPM is not updated, can you confirm how is SEPM supposed to get the updates?

for a time being update SEPM using jdb file.

How to update definitions for Symantec Endpoint Protection Manager using a JDB file
http://symantec.com/docs/TECH102607
 

NRaj's picture

Also post us a screenshot of the LU policy.

All you need is the first option selected. nothing else.

Mithun Sanghavi's picture

Hello,

Here are few Troubleshooting Articles you have have to look at:

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/docs/TECH105894

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

http://www.symantec.com/docs/TECH95790

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Valliappan's picture

Thanks i have downloaded jdb files and followed the instructions mentioned and updated SEPM that worked fine ,but how to configure SEPM so that it downloads updates automatically instead of downloading JDB files and updating manually .What settings needs to be configured so that client pulls updates internally from symantec endpoint protection server ,instead of each client downloading directly from symantec liveupdate .

pete_4u2002's picture

is there proxy in your environment?

default SEPM will update from SYmantec liveupdate, i.e. internet. Is the machine connected to internet?

what is the error when you run liveupdate manually?

Chetan Savade's picture

Hi Valliappan,

Check liveupdate policy, according to liveupdate policy SEPM will update himself.

Screenshot is attached for reference.

Ideally once SEPM updated it will pass on those updates to clients, however check following settings.

Check your SEPM is in push mode or pull mode

Push mode

The client establishes a constant HTTP connection to the server. Whenever a change occurs with the server status, it notifies the client immediately.

Pull mode

The client connects to the server periodically, depending on the frequency of the heartbeat setting. The client checks the status of the server when it connects.

I hope it will help you !!!

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Valliappan's picture

Thanks have done the above mentioned settings how to make sure clients pull update from server and we dont have anyproxy in the environment and machine is connected to internet .

Valliappan's picture

i dont want user to launch live update is the settings which is showed in screenshot is correct

Chetan Savade's picture

Hi Vallippan,

You should now monitor SEPM and SEP client status through SEPM console.

If it's managed client & haven't given access to end user to run liveupdate then client will take update from SEPM only.

Check show liveupdate status to verify when liveupdate ran successfully ?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Valliappan's picture

Thanks and were to enable liveupdate status to verify when liveupdate ran successfully .

I dont want clients to disable symantec endpoint protection near startup area were they get option to disable

Chetan Savade's picture

Hi Valliappan,

Follow this article

https://www-secure.symantec.com/connect/articles/h...

OR 

Public KB also available for same.

http://www.symantec.com/docs/TECH168990

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Valliappan's picture

Thanks but what link u have provided supports for symantec EndPoint Protection version 12 but what we are using is version 11 so options are varying

Chetan Savade's picture

Hi,

I do apologies for same

Check this http://www.symantec.com/docs/TECH102822

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Valliappan's picture

how to enable settings to  show liveupdate status to verify when liveupdate ran successfully

Chetan Savade's picture

Hi,

By default all the activities are captured under show liveudpate staus, show liveudpate downloads.

You can verify there.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Valliappan's picture

Thanks ,no i am not asking on server side is there any settings which gives a alert to symantec endpoint clients like it has been updated

Valliappan's picture

when i clicked show liveupdate downloads it shows 23-4-12 it is not updated to latest definition when i chked logs it gives

There were no new content updates. Return code = 1

followed the below link but no use

http://www.symantec.com/business/support/index?pag... how to trouble shoot this issue

Chetan Savade's picture

Hi Valliappan,

Manual liveupdate working ? Go to start --> run -> ( type ) luall.exe

Also could you please share following two screenshots with me ?

1) SEPM home page

2) Show liveupdate downloads 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Chetan Savade's picture

Hi Valliappan,

Probably then definitions are corrupted.

Share the screenshots it can give better idea.

OR

Follow this article, might help.

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Valliappan's picture

Thes are the logs even after trying above mentioned steps

April 25, 2012 5:08:19 PM IST:  Rapid Response content failed to install.  [
April 25, 2012 5:06:41 PM IST:  Client traffic logs have been swept. 
April 25, 2012 4:54:49 PM IST:  LiveUpdate retry failed.  Will try again.  ]
April 25, 2012 4:54:49 PM IST:  LUALL.EXE finished running.  [
April 25, 2012 4:54:49 PM IST:  LiveUpdate encountered one or more errors. Return code = 4. 

pete_4u2002's picture

check this article

"Error: LiveUpdate encountered one or more errors. Return code = 4" in LiveUpdate status in Symantec Endpoint Protection Manager
http://www.symantec.com/business/support/index?page=content&id=TECH103112